package sun.security.provider.certpath;

import com.github.houbb.heaven.constant.JavaDocConst;
import com.google.common.base.Ascii;
import java.io.IOException;
import java.security.AccessController;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLReason;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Extension;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import sun.security.action.GetIntegerAction;
import sun.security.provider.certpath.OCSP;
import sun.security.util.Debug;
import sun.security.util.DerInputStream;
import sun.security.util.DerValue;
import sun.security.util.ObjectIdentifier;
import sun.security.x509.AlgorithmId;

/* loaded from: classes4.dex */
public final class OCSPResponse {
    private static final int CERT_STATUS_GOOD = 0;
    private static final int CERT_STATUS_REVOKED = 1;
    private static final int CERT_STATUS_UNKNOWN = 2;
    private static final int DEFAULT_MAX_CLOCK_SKEW = 900000;
    private static final int KEY_TAG = 2;
    private static final String KP_OCSP_SIGNING_OID = "1.3.6.1.5.5.7.3.9";
    private static final int NAME_TAG = 1;
    private final ResponseStatus responseStatus;
    private final Map<CertId, SingleResponse> singleResponseMap;
    private static ResponseStatus[] rsvalues = ResponseStatus.values();
    private static final Debug DEBUG = Debug.getInstance("certpath");
    private static final boolean dump = Debug.isOn("ocsp");
    private static final ObjectIdentifier OCSP_BASIC_RESPONSE_OID = ObjectIdentifier.newInternal(new int[]{1, 3, 6, 1, 5, 5, 7, 48, 1, 1});
    private static final ObjectIdentifier OCSP_NONCE_EXTENSION_OID = ObjectIdentifier.newInternal(new int[]{1, 3, 6, 1, 5, 5, 7, 48, 1, 2});
    private static final int MAX_CLOCK_SKEW = initializeClockSkew();
    private static CRLReason[] values = CRLReason.values();

    /* loaded from: classes4.dex */
    public enum ResponseStatus {
        SUCCESSFUL,
        MALFORMED_REQUEST,
        INTERNAL_ERROR,
        TRY_LATER,
        UNUSED,
        SIG_REQUIRED,
        UNAUTHORIZED
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes4.dex */
    public static final class SingleResponse implements OCSP.RevocationStatus {
        private final CertId certId;
        private final OCSP.RevocationStatus.CertStatus certStatus;
        private final Date nextUpdate;
        private final CRLReason revocationReason;
        private final Date revocationTime;
        private final Map<String, Extension> singleExtensions;
        private final Date thisUpdate;

        private SingleResponse(DerValue derValue) throws IOException {
            this(derValue, null);
        }

        private SingleResponse(DerValue derValue, Date date) throws IOException {
            Date date2;
            if (derValue.tag != 48) {
                throw new IOException("Bad ASN.1 encoding in SingleResponse");
            }
            DerInputStream derInputStream = derValue.data;
            this.certId = new CertId(derInputStream.getDerValue().data);
            DerValue derValue2 = derInputStream.getDerValue();
            short s = (byte) (derValue2.tag & Ascii.US);
            if (s == 1) {
                this.certStatus = OCSP.RevocationStatus.CertStatus.REVOKED;
                Date generalizedTime = derValue2.data.getGeneralizedTime();
                this.revocationTime = generalizedTime;
                if (derValue2.data.available() != 0) {
                    DerValue derValue3 = derValue2.data.getDerValue();
                    if (((byte) (derValue3.tag & Ascii.US)) == 0) {
                        int enumerated = derValue3.data.getEnumerated();
                        if (enumerated < 0 || enumerated >= OCSPResponse.values.length) {
                            this.revocationReason = CRLReason.UNSPECIFIED;
                        } else {
                            this.revocationReason = OCSPResponse.values[enumerated];
                        }
                    } else {
                        this.revocationReason = CRLReason.UNSPECIFIED;
                    }
                } else {
                    this.revocationReason = CRLReason.UNSPECIFIED;
                }
                if (OCSPResponse.DEBUG != null) {
                    OCSPResponse.DEBUG.println("Revocation time: " + generalizedTime);
                    OCSPResponse.DEBUG.println("Revocation reason: " + this.revocationReason);
                }
            } else {
                this.revocationTime = null;
                this.revocationReason = CRLReason.UNSPECIFIED;
                if (s == 0) {
                    this.certStatus = OCSP.RevocationStatus.CertStatus.GOOD;
                } else {
                    if (s != 2) {
                        throw new IOException("Invalid certificate status");
                    }
                    this.certStatus = OCSP.RevocationStatus.CertStatus.UNKNOWN;
                }
            }
            this.thisUpdate = derInputStream.getGeneralizedTime();
            if (derInputStream.available() == 0) {
                this.nextUpdate = null;
            } else {
                DerValue derValue4 = derInputStream.getDerValue();
                if (((byte) (derValue4.tag & Ascii.US)) == 0) {
                    this.nextUpdate = derValue4.data.getGeneralizedTime();
                    if (derInputStream.available() != 0) {
                        byte b = derInputStream.getDerValue().tag;
                    }
                } else {
                    this.nextUpdate = null;
                }
            }
            if (derInputStream.available() > 0) {
                DerValue derValue5 = derInputStream.getDerValue();
                if (derValue5.isContextSpecific((byte) 1)) {
                    DerValue[] sequence = derValue5.data.getSequence(3);
                    this.singleExtensions = new HashMap(sequence.length);
                    for (DerValue derValue6 : sequence) {
                        sun.security.x509.Extension extension = new sun.security.x509.Extension(derValue6);
                        if (OCSPResponse.DEBUG != null) {
                            OCSPResponse.DEBUG.println("OCSP single extension: " + extension);
                        }
                        if (extension.isCritical()) {
                            throw new IOException("Unsupported OCSP critical extension: " + extension.getExtensionId());
                        }
                        this.singleExtensions.put(extension.getId(), extension);
                    }
                } else {
                    this.singleExtensions = Collections.emptyMap();
                }
            } else {
                this.singleExtensions = Collections.emptyMap();
            }
            long currentTimeMillis = System.currentTimeMillis();
            Date date3 = new Date(OCSPResponse.MAX_CLOCK_SKEW + currentTimeMillis);
            Date date4 = new Date(currentTimeMillis - OCSPResponse.MAX_CLOCK_SKEW);
            if (OCSPResponse.DEBUG != null) {
                OCSPResponse.DEBUG.println("Response's validity interval is from " + this.thisUpdate + (this.nextUpdate != null ? " until " + this.nextUpdate : ""));
            }
            Date date5 = this.thisUpdate;
            if ((date5 == null || !date3.before(date5)) && ((date2 = this.nextUpdate) == null || !date4.after(date2))) {
                return;
            }
            if (OCSPResponse.DEBUG != null) {
                OCSPResponse.DEBUG.println("Response is unreliable: its validity interval is out-of-date");
            }
            throw new IOException("Response is unreliable: its validity interval is out-of-date");
        }

        /* JADX INFO: Access modifiers changed from: private */
        public CertId getCertId() {
            return this.certId;
        }

        @Override // sun.security.provider.certpath.OCSP.RevocationStatus
        public OCSP.RevocationStatus.CertStatus getCertStatus() {
            return this.certStatus;
        }

        @Override // sun.security.provider.certpath.OCSP.RevocationStatus
        public CRLReason getRevocationReason() {
            return this.revocationReason;
        }

        @Override // sun.security.provider.certpath.OCSP.RevocationStatus
        public Date getRevocationTime() {
            return (Date) this.revocationTime.clone();
        }

        @Override // sun.security.provider.certpath.OCSP.RevocationStatus
        public Map<String, Extension> getSingleExtensions() {
            return Collections.unmodifiableMap(this.singleExtensions);
        }

        public String toString() {
            StringBuilder sb = new StringBuilder();
            sb.append("SingleResponse:  \n");
            sb.append(this.certId);
            sb.append("\nCertStatus: " + this.certStatus + JavaDocConst.COMMENT_RETURN);
            if (this.certStatus == OCSP.RevocationStatus.CertStatus.REVOKED) {
                sb.append("revocationTime is " + this.revocationTime + JavaDocConst.COMMENT_RETURN);
                sb.append("revocationReason is " + this.revocationReason + JavaDocConst.COMMENT_RETURN);
            }
            sb.append("thisUpdate is " + this.thisUpdate + JavaDocConst.COMMENT_RETURN);
            if (this.nextUpdate != null) {
                sb.append("nextUpdate is " + this.nextUpdate + JavaDocConst.COMMENT_RETURN);
            }
            return sb.toString();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Can't wrap try/catch for region: R(11:(1:110)|111|(2:115|(4:117|118|119|120)(2:121|(8:123|124|125|(8:129|130|(1:132)(1:150)|133|(1:137)|138|139|(2:141|143)(1:145))|155|118|119|120)))|158|124|125|(9:127|129|130|(0)(0)|133|(2:135|137)|138|139|(0)(0))|155|118|119|120) */
    /* JADX WARN: Code restructure failed: missing block: B:144:0x03d1, code lost:
    
        r7 = r6;
     */
    /* JADX WARN: Removed duplicated region for block: B:132:0x03a9 A[Catch: GeneralSecurityException -> 0x03d6, TRY_ENTER, TryCatch #0 {GeneralSecurityException -> 0x03d6, blocks: (B:132:0x03a9, B:150:0x03ad), top: B:130:0x03a7 }] */
    /* JADX WARN: Removed duplicated region for block: B:141:0x03cc A[Catch: GeneralSecurityException -> 0x03d3, TRY_LEAVE, TryCatch #1 {GeneralSecurityException -> 0x03d3, blocks: (B:139:0x03c1, B:141:0x03cc), top: B:138:0x03c1 }] */
    /* JADX WARN: Removed duplicated region for block: B:145:0x03d1 A[EDGE_INSN: B:145:0x03d1->B:144:0x03d1 BREAK  A[LOOP:3: B:99:0x02e0->B:120:0x0406], SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:150:0x03ad A[Catch: GeneralSecurityException -> 0x03d6, TRY_LEAVE, TryCatch #0 {GeneralSecurityException -> 0x03d6, blocks: (B:132:0x03a9, B:150:0x03ad), top: B:130:0x03a7 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public OCSPResponse(byte[] r20, java.util.Date r21, java.util.List<java.security.cert.X509Certificate> r22) throws java.io.IOException, java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 1185
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: sun.security.provider.certpath.OCSPResponse.<init>(byte[], java.util.Date, java.util.List):void");
    }

    private static int initializeClockSkew() {
        Integer num = (Integer) AccessController.doPrivileged(new GetIntegerAction("com.sun.security.ocsp.clockSkew"));
        return (num == null || num.intValue() < 0) ? DEFAULT_MAX_CLOCK_SKEW : num.intValue() * 1000;
    }

    private boolean verifyResponse(byte[] bArr, X509Certificate x509Certificate, AlgorithmId algorithmId, byte[] bArr2) throws CertPathValidatorException {
        try {
            Signature signature = Signature.getInstance(algorithmId.getName());
            signature.initVerify(x509Certificate.getPublicKey());
            signature.update(bArr);
            if (signature.verify(bArr2)) {
                Debug debug = DEBUG;
                if (debug == null) {
                    return true;
                }
                debug.println("Verified signature of OCSP Responder");
                return true;
            }
            Debug debug2 = DEBUG;
            if (debug2 == null) {
                return false;
            }
            debug2.println("Error verifying signature of OCSP Responder");
            return false;
        } catch (InvalidKeyException e) {
            throw new CertPathValidatorException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new CertPathValidatorException(e2);
        } catch (SignatureException e3) {
            throw new CertPathValidatorException(e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ResponseStatus getResponseStatus() {
        return this.responseStatus;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SingleResponse getSingleResponse(CertId certId) {
        return this.singleResponseMap.get(certId);
    }
}
