package sun.security.provider.certpath;

import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.util.Date;
import sun.security.util.Debug;
import sun.security.util.DerInputStream;
import sun.security.util.DerValue;
import sun.security.util.ObjectIdentifier;
import sun.security.x509.AlgorithmId;
import sun.security.x509.SerialNumber;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes8.dex */
public class OCSPResponse {
    public static final int CERT_STATUS_GOOD = 0;
    public static final int CERT_STATUS_REVOKED = 1;
    public static final int CERT_STATUS_UNKNOWN = 2;
    private static final Debug DEBUG = Debug.getInstance("certpath");
    private static final int KEY_TAG = 2;
    private static final String KP_OCSP_SIGNING_OID = "1.3.6.1.5.5.7.3.9";
    private static final long MAX_CLOCK_SKEW = 600000;
    private static final int NAME_TAG = 1;
    private static final ObjectIdentifier OCSP_BASIC_RESPONSE_OID;
    private static final ObjectIdentifier OCSP_NONCE_EXTENSION_OID;
    private static final int OCSP_RESPONSE_OK = 0;
    private static final boolean dump = false;
    private SingleResponse singleResponse;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes8.dex */
    public class SingleResponse {
        private CertId certId;
        private int certStatus;
        private Date nextUpdate;
        private Date thisUpdate;

        private SingleResponse(DerValue derValue) throws IOException {
            Date date;
            String str;
            if (derValue.tag != 48) {
                throw new IOException("Bad ASN.1 encoding in SingleResponse");
            }
            DerInputStream derInputStream = derValue.data;
            this.certId = new CertId(derInputStream.getDerValue().data);
            DerValue derValue2 = derInputStream.getDerValue();
            short s = (byte) (derValue2.tag & 31);
            if (s == 0) {
                this.certStatus = 0;
            } else if (s == 1) {
                this.certStatus = 1;
                if (OCSPResponse.DEBUG != null) {
                    Date generalizedTime = derValue2.data.getGeneralizedTime();
                    OCSPResponse.DEBUG.println("Revocation time: " + ((Object) generalizedTime));
                }
            } else {
                if (s != 2) {
                    throw new IOException("Invalid certificate status");
                }
                this.certStatus = 2;
            }
            this.thisUpdate = derInputStream.getGeneralizedTime();
            if (derInputStream.available() != 0) {
                DerValue derValue3 = derInputStream.getDerValue();
                if (((byte) (derValue3.tag & 31)) == 0) {
                    this.nextUpdate = derValue3.data.getGeneralizedTime();
                    if (derInputStream.available() == 0) {
                        return;
                    } else {
                        byte b = derInputStream.getDerValue().tag;
                    }
                }
            }
            long currentTimeMillis = System.currentTimeMillis();
            Date date2 = new Date(currentTimeMillis + 600000);
            Date date3 = new Date(currentTimeMillis - 600000);
            if (OCSPResponse.DEBUG != null) {
                if (this.nextUpdate != null) {
                    str = " until " + ((Object) this.nextUpdate);
                } else {
                    str = "";
                }
                OCSPResponse.DEBUG.println("Response's validity interval is from " + ((Object) this.thisUpdate) + str);
            }
            Date date4 = this.thisUpdate;
            if ((date4 == null || !date2.before(date4)) && ((date = this.nextUpdate) == null || !date3.after(date))) {
                return;
            }
            if (OCSPResponse.DEBUG != null) {
                OCSPResponse.DEBUG.println("Response is unreliable: its validity interval is out-of-date");
            }
            throw new IOException("Response is unreliable: its validity interval is out-of-date");
        }

        /* JADX INFO: Access modifiers changed from: private */
        public CertId getCertId() {
            return this.certId;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public int getStatus() {
            return this.certStatus;
        }

        public String toString() {
            StringBuilder sb = new StringBuilder();
            sb.append("SingleResponse:  \n");
            sb.append((Object) this.certId);
            sb.append("\nCertStatus: " + OCSPResponse.certStatusToText(OCSPResponse.this.getCertStatus(null)) + "\n");
            sb.append("thisUpdate is " + ((Object) this.thisUpdate) + "\n");
            if (this.nextUpdate != null) {
                sb.append("nextUpdate is " + ((Object) this.nextUpdate) + "\n");
            }
            return sb.toString();
        }
    }

    static {
        ObjectIdentifier objectIdentifier;
        ObjectIdentifier objectIdentifier2 = null;
        try {
            objectIdentifier = new ObjectIdentifier("1.3.6.1.5.5.7.48.1.1");
            try {
                objectIdentifier2 = new ObjectIdentifier("1.3.6.1.5.5.7.48.1.2");
            } catch (Exception unused) {
            }
        } catch (Exception unused2) {
            objectIdentifier = null;
        }
        OCSP_BASIC_RESPONSE_OID = objectIdentifier;
        OCSP_NONCE_EXTENSION_OID = objectIdentifier2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Removed duplicated region for block: B:83:0x01f5 A[Catch: Exception -> 0x028c, CertPathValidatorException -> 0x0293, TryCatch #3 {CertPathValidatorException -> 0x0293, Exception -> 0x028c, blocks: (B:3:0x0003, B:5:0x000e, B:7:0x001a, B:9:0x0034, B:11:0x003f, B:13:0x0049, B:16:0x0059, B:17:0x005e, B:19:0x0078, B:21:0x0084, B:23:0x008a, B:25:0x0090, B:27:0x00a1, B:28:0x00a6, B:29:0x00ad, B:31:0x00ae, B:33:0x00b7, B:35:0x00c2, B:36:0x00d9, B:38:0x00f5, B:40:0x00ff, B:41:0x0109, B:43:0x010c, B:45:0x0119, B:46:0x012f, B:48:0x013d, B:50:0x014b, B:51:0x0143, B:54:0x014e, B:55:0x016a, B:58:0x016b, B:60:0x017a, B:62:0x0182, B:63:0x018e, B:65:0x0191, B:68:0x01ac, B:70:0x01b0, B:73:0x01b9, B:75:0x01c7, B:77:0x01cd, B:80:0x01d6, B:83:0x01f5, B:85:0x01fd, B:88:0x0203, B:89:0x0206, B:90:0x020b, B:92:0x020d, B:95:0x0213, B:96:0x0216, B:97:0x021b, B:100:0x01e1, B:102:0x01e5, B:103:0x01ea, B:104:0x01f1, B:106:0x01a1, B:107:0x01a8, B:110:0x021c, B:111:0x0223, B:112:0x0224, B:113:0x022b, B:115:0x022e, B:116:0x0242, B:117:0x0258, B:118:0x0259, B:119:0x0260, B:120:0x0261, B:121:0x0268, B:122:0x0269, B:123:0x0283, B:124:0x0284, B:125:0x028b), top: B:2:0x0003 }] */
    /* JADX WARN: Removed duplicated region for block: B:92:0x020d A[Catch: Exception -> 0x028c, CertPathValidatorException -> 0x0293, TRY_LEAVE, TryCatch #3 {CertPathValidatorException -> 0x0293, Exception -> 0x028c, blocks: (B:3:0x0003, B:5:0x000e, B:7:0x001a, B:9:0x0034, B:11:0x003f, B:13:0x0049, B:16:0x0059, B:17:0x005e, B:19:0x0078, B:21:0x0084, B:23:0x008a, B:25:0x0090, B:27:0x00a1, B:28:0x00a6, B:29:0x00ad, B:31:0x00ae, B:33:0x00b7, B:35:0x00c2, B:36:0x00d9, B:38:0x00f5, B:40:0x00ff, B:41:0x0109, B:43:0x010c, B:45:0x0119, B:46:0x012f, B:48:0x013d, B:50:0x014b, B:51:0x0143, B:54:0x014e, B:55:0x016a, B:58:0x016b, B:60:0x017a, B:62:0x0182, B:63:0x018e, B:65:0x0191, B:68:0x01ac, B:70:0x01b0, B:73:0x01b9, B:75:0x01c7, B:77:0x01cd, B:80:0x01d6, B:83:0x01f5, B:85:0x01fd, B:88:0x0203, B:89:0x0206, B:90:0x020b, B:92:0x020d, B:95:0x0213, B:96:0x0216, B:97:0x021b, B:100:0x01e1, B:102:0x01e5, B:103:0x01ea, B:104:0x01f1, B:106:0x01a1, B:107:0x01a8, B:110:0x021c, B:111:0x0223, B:112:0x0224, B:113:0x022b, B:115:0x022e, B:116:0x0242, B:117:0x0258, B:118:0x0259, B:119:0x0260, B:120:0x0261, B:121:0x0268, B:122:0x0269, B:123:0x0283, B:124:0x0284, B:125:0x028b), top: B:2:0x0003 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public OCSPResponse(byte[] r13, java.security.cert.PKIXParameters r14, java.security.cert.X509Certificate r15) throws java.io.IOException, java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 661
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: sun.security.provider.certpath.OCSPResponse.<init>(byte[], java.security.cert.PKIXParameters, java.security.cert.X509Certificate):void");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String certStatusToText(int i) {
        if (i == 0) {
            return "Good";
        }
        if (i == 1) {
            return "Revoked";
        }
        if (i == 2) {
            return "Unknown";
        }
        return "Unknown certificate status code: " + i;
    }

    private static String responseToText(int i) {
        switch (i) {
            case 0:
                return "Successful";
            case 1:
                return "Malformed request";
            case 2:
                return "Internal error";
            case 3:
                return "Try again later";
            case 4:
                return "Unused status code";
            case 5:
                return "Request must be signed";
            case 6:
                return "Request is unauthorized";
            default:
                return "Unknown status code: " + i;
        }
    }

    private boolean verifyResponse(byte[] bArr, X509Certificate x509Certificate, AlgorithmId algorithmId, byte[] bArr2, PKIXParameters pKIXParameters) throws SignatureException {
        try {
            Signature signature = Signature.getInstance(algorithmId.getName());
            signature.initVerify(x509Certificate);
            signature.update(bArr);
            if (signature.verify(bArr2)) {
                Debug debug = DEBUG;
                if (debug == null) {
                    return true;
                }
                debug.println("Verified signature of OCSP Responder");
                return true;
            }
            Debug debug2 = DEBUG;
            if (debug2 == null) {
                return false;
            }
            debug2.println("Error verifying signature of OCSP Responder");
            return false;
        } catch (InvalidKeyException e) {
            throw new SignatureException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new SignatureException(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CertId getCertId() {
        return this.singleResponse.getCertId();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getCertStatus(SerialNumber serialNumber) {
        return this.singleResponse.getStatus();
    }
}
