package com.nttdocomo.android.ocsplib;

import android.content.Context;
import android.os.Build;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.av;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.ay;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.j;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.j.l;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.r;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.s;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.OCSPException;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.d;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.e;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.f;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.h;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.i;
import com.nttdocomo.android.ocsplib.bouncycastle.operator.OperatorCreationException;
import com.nttdocomo.android.ocsplib.exception.OcspParameterException;
import com.nttdocomo.android.ocsplib.exception.OcspRequestException;
import com.nttdocomo.android.ocsplib.exception.OcspResponseException;
import java.io.BufferedOutputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import javax.net.ssl.HttpsURLConnection;

/* compiled from: ProGuard */
/* loaded from: classes.dex */
public class OcspUtil {

    /* renamed from: a, reason: collision with root package name */
    private static int f3006a = 5000;
    private static int b = 5000;
    private static HashMap<String, String> c = null;
    private static KeyStore d = null;
    private static c e = null;
    private static final Object f = new Object();
    private static final Object g = new Object();

    private static int a(f fVar, PublicKey publicKey, String str, String str2) {
        boolean z;
        i iVar;
        if (fVar.a() != 0) {
            b.a("OCSP response exception found. Status : " + fVar.a());
            throw new OcspResponseException("OCSP response exception found. Status : " + fVar.a());
        }
        try {
            com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.a aVar = (com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.a) fVar.b();
            com.nttdocomo.android.ocsplib.bouncycastle.cert.a[] c2 = aVar.c();
            if (c2.length == 0) {
                if (aVar.a(new com.nttdocomo.android.ocsplib.bouncycastle.operator.a.a().a("BC").a(publicKey))) {
                    z = true;
                }
                z = false;
            } else {
                for (com.nttdocomo.android.ocsplib.bouncycastle.cert.a aVar2 : c2) {
                    if (aVar.a(new com.nttdocomo.android.ocsplib.bouncycastle.operator.a.a().a("BC").a(aVar2))) {
                        z = true;
                        break;
                    }
                }
                z = false;
            }
            if (!z) {
                b.a("OCSP response signature is incorrect.");
                throw new OcspResponseException("OCSP response signature is incorrect.");
            }
            i[] a2 = aVar.a();
            if (a2 == null || a2.length == 0) {
                b.a("No OCSP response found.");
                throw new OcspResponseException("No OCSP response found.");
            }
            if (a2.length == 1) {
                iVar = a2[0];
                if (!str.equals(iVar.a().a().toString(16))) {
                    b.a("No valid OCSP response found.");
                    throw new OcspResponseException("No valid OCSP response found.");
                }
            } else {
                b.a("Number of OCSP responses : " + a2.length);
                int length = a2.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        iVar = null;
                        break;
                    }
                    iVar = a2[i];
                    if (str.equals(iVar.a().a().toString(16))) {
                        break;
                    }
                    i++;
                }
                if (iVar == null) {
                    b.a("No valid OCSP response found.");
                    throw new OcspResponseException("No valid OCSP response found.");
                }
            }
            b.a("OCSP response target certificate serial number : " + iVar.a().a().toString(16));
            Date c3 = iVar.c();
            b.a("thisUpdate : " + c3.toString());
            Date d2 = iVar.d();
            if (d2 != null) {
                b.a("nextUpdate : " + d2.toString());
            } else {
                b.a("nextUpdate : not set");
            }
            if (iVar.b() == com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.c.f3112a) {
                b.a("OCSP status : GOOD");
                a.a(str2, 0, c3, d2);
                return 0;
            }
            if (!(iVar.b() instanceof h)) {
                b.a("OCSP status : " + iVar.b());
                return 2;
            }
            b.a("OCSP status : Revoked");
            a.a(str2, 1, c3, d2);
            return 1;
        } catch (OCSPException e2) {
            b.a("OCSP response is not valid or signature validation failed. " + e2.getMessage());
            throw new OcspResponseException("OCSP response is not valid or signature validation failed.", e2);
        } catch (OperatorCreationException e3) {
            e = e3;
            b.a("Failed to validate OCSP response signature. " + e.getMessage());
            throw new OcspResponseException("Failed to validate OCSP response signature.", e);
        } catch (CertificateException e4) {
            e = e4;
            b.a("Failed to validate OCSP response signature. " + e.getMessage());
            throw new OcspResponseException("Failed to validate OCSP response signature.", e);
        }
    }

    public static int a(String str, boolean z) {
        b.a("verifyUrl() start");
        b.a("Target URL : " + str);
        b.a("useCache : " + z);
        if (!a()) {
            b.a("OcspUtil has not been initialized.");
            throw new OcspParameterException("OcspUtil has not been initialized.");
        }
        try {
            URL url = new URL(str);
            if (!url.getProtocol().equals("https")) {
                b.a("Target protocol is " + url.getProtocol() + ". Skip verify.");
                return 0;
            }
            Certificate[] a2 = a(url);
            if (a2 == null || a2.length == 0) {
                b.a("Failed to get server certificates. (chain is null or length 0)");
                throw new OcspRequestException("Failed to get server certificates. (chain is null or length 0)");
            }
            int a3 = a(a2, url.getHost(), z);
            b.a("verifyUrl() end");
            return a3;
        } catch (MalformedURLException e2) {
            b.a("URL is malformed. " + e2.getMessage());
            throw new OcspParameterException("URL is malformed.", e2);
        }
    }

    @Deprecated
    public static int a(X509Certificate x509Certificate, X509Certificate x509Certificate2, boolean z) {
        b.a("verifyCert() start");
        b.a("Issuer : " + x509Certificate2.getSubjectX500Principal().getName());
        b.a("Target : " + x509Certificate.getSubjectX500Principal().getName());
        b.a("Target serial : " + x509Certificate.getSerialNumber().toString(16));
        b.a("useCache : " + z);
        if (!a()) {
            b.a("OcspUtil has not been initialized.");
            throw new OcspParameterException("OcspUtil has not been initialized.");
        }
        String a2 = a.a(x509Certificate);
        if (z && a2 != null) {
            switch (a.a(a2)) {
                case 0:
                    b.a("verifyCert() end");
                    return 0;
                case 1:
                    b.a("verifyCert() end");
                    return 1;
                default:
                    b.a("No valid cache found.");
                    break;
            }
        }
        String b2 = b(x509Certificate);
        if (b2 == null) {
            b.a("No OCSP responder URL. Skip verify.");
            b.a("verifyCert() end");
            return 0;
        }
        b.a("OCSP responder URL : " + b2);
        int a3 = a(a(a(x509Certificate, x509Certificate2), b2), x509Certificate2.getPublicKey(), x509Certificate.getSerialNumber().toString(16), a2);
        b.a("verifyCert() end");
        return a3;
    }

    public static int a(Certificate[] certificateArr, String str, boolean z) {
        int i = 0;
        b.a("verifyCert(chain) start");
        b.a("useCache : " + z);
        if (!a()) {
            b.a("OcspUtil has not been initialized.");
            throw new OcspParameterException("OcspUtil has not been initialized.");
        }
        if (certificateArr == null || certificateArr.length == 0) {
            b.a("Certificate chain is null or length 0.");
            throw new OcspParameterException("Certificate chain is null or length 0.");
        }
        List<X509Certificate> a2 = a(certificateArr);
        if (a2 == null) {
            b.a("Failed to generate certificate chain.");
            return 2;
        }
        int i2 = 0;
        while (i2 < a2.size() - 1 && i == 0) {
            int a3 = a(a2.get(i2), a2.get(i2 + 1), z);
            i2++;
            i = a3;
        }
        if (Build.VERSION.SDK_INT < 24 && str != null && e != null && i == 0 && !a(a2, str)) {
            b.a("Pin verification failed");
            i = 3;
        }
        b.a("verifyCert(chain) end");
        return i;
    }

    private static d a(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        try {
            e eVar = new e();
            eVar.a(new com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.b(new com.nttdocomo.android.ocsplib.bouncycastle.cert.a.b(MessageDigest.getInstance("SHA1")), new com.nttdocomo.android.ocsplib.bouncycastle.cert.a(x509Certificate2.getEncoded()), x509Certificate.getSerialNumber()));
            return eVar.a();
        } catch (Exception e2) {
            b.a("Failed to generate OCSP request. " + e2.getMessage());
            throw new OcspRequestException("Failed to generate OCSP request. ", e2);
        }
    }

    private static f a(d dVar, String str) {
        HttpURLConnection httpURLConnection;
        HttpURLConnection httpURLConnection2 = null;
        try {
            try {
                httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
            } catch (IOException e2) {
                e = e2;
            }
        } catch (Throwable th) {
            th = th;
        }
        try {
            httpURLConnection.setRequestProperty("Content-Type", "application/ocsp-request");
            httpURLConnection.setRequestProperty("Accept", "application/ocsp-response");
            httpURLConnection.setDoOutput(true);
            httpURLConnection.setConnectTimeout(f3006a);
            b.a("OCSP request connect timeout : " + httpURLConnection.getConnectTimeout());
            httpURLConnection.setReadTimeout(b);
            b.a("OCSP request read timeout : " + httpURLConnection.getReadTimeout());
            b.a("Send OCSP request.");
            DataOutputStream dataOutputStream = new DataOutputStream(new BufferedOutputStream(httpURLConnection.getOutputStream()));
            dataOutputStream.write(dVar.a());
            dataOutputStream.flush();
            dataOutputStream.close();
            b.a("OCSP response responseCode : " + httpURLConnection.getResponseCode());
            b.a("OCSP response Content-Length : " + httpURLConnection.getContentLength());
            b.a("OCSP response Content-Type : " + httpURLConnection.getContentType());
            if (httpURLConnection.getResponseCode() != 200) {
                b.a("Failed to send OCSP request. response code : " + httpURLConnection.getResponseCode());
                throw new OcspRequestException("Failed to send OCSP request. response code : " + httpURLConnection.getResponseCode());
            }
            InputStream inputStream = httpURLConnection.getInputStream();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            while (true) {
                byte[] bArr = new byte[4096];
                int read = inputStream.read(bArr);
                if (read < 0) {
                    break;
                }
                byteArrayOutputStream.write(bArr, 0, read);
            }
            inputStream.close();
            f fVar = new f(byteArrayOutputStream.toByteArray());
            b.a("OCSP response status : " + fVar.a());
            if (httpURLConnection != null) {
                httpURLConnection.disconnect();
            }
            return fVar;
        } catch (IOException e3) {
            httpURLConnection2 = httpURLConnection;
            e = e3;
            b.a("Failed to send OCSP request. " + e.getMessage());
            throw new OcspRequestException("Failed to send OCSP request.", e);
        } catch (Throwable th2) {
            httpURLConnection2 = httpURLConnection;
            th = th2;
            if (httpURLConnection2 != null) {
                httpURLConnection2.disconnect();
            }
            throw th;
        }
    }

    private static X509Certificate a(X509Certificate x509Certificate) {
        String replaceAll = x509Certificate.getIssuerX500Principal().getName().replaceAll("[^\\\\], +", ",");
        c();
        if (c == null || d == null) {
            return null;
        }
        try {
            String str = c.get(replaceAll);
            if (str != null) {
                return (X509Certificate) d.getCertificate(str);
            }
        } catch (KeyStoreException e2) {
            b.a("Failed to get root certificate. KeyStoreException : " + e2.getMessage());
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<X509Certificate> a(Certificate[] certificateArr) {
        ArrayList arrayList = new ArrayList();
        for (Certificate certificate : certificateArr) {
            arrayList.add((X509Certificate) certificate);
            X509Certificate a2 = a((X509Certificate) certificate);
            if (a2 != null) {
                b.a("Root certificate found. DN : " + a2.getSubjectX500Principal().getName());
                arrayList.add(a2);
                return arrayList;
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a() {
        return a.a();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(List<X509Certificate> list, String str) {
        b.a("checkPins start.");
        if (str == null || e == null) {
            b.a("Pinning certificates is disabled or no hostname found. Skip checkPins.");
            return true;
        }
        try {
            boolean a2 = e.a(list, str);
            b.a("checkPins end. ret : " + a2);
            return a2;
        } catch (RuntimeException e2) {
            throw new OcspParameterException(e2.getMessage());
        }
    }

    private static Certificate[] a(URL url) {
        HttpsURLConnection httpsURLConnection;
        HttpsURLConnection httpsURLConnection2 = null;
        try {
            try {
                httpsURLConnection = (HttpsURLConnection) url.openConnection();
            } catch (IOException e2) {
                e = e2;
            }
        } catch (Throwable th) {
            th = th;
        }
        try {
            httpsURLConnection.setInstanceFollowRedirects(false);
            httpsURLConnection.setConnectTimeout(f3006a);
            b.a("Get server certificates connect timeout : " + httpsURLConnection.getConnectTimeout());
            httpsURLConnection.setReadTimeout(b);
            b.a("Get server certificates read timeout : " + httpsURLConnection.getReadTimeout());
            b.a("Connect to server to get certificates. (HttpsURLConnection)");
            httpsURLConnection.connect();
            if (Build.VERSION.SDK_INT == 14 || Build.VERSION.SDK_INT == 15) {
                httpsURLConnection.getResponseCode();
            }
            Certificate[] serverCertificates = httpsURLConnection.getServerCertificates();
            if (httpsURLConnection != null) {
                httpsURLConnection.disconnect();
            }
            return serverCertificates;
        } catch (IOException e3) {
            httpsURLConnection2 = httpsURLConnection;
            e = e3;
            b.a("Failed to get server certificates. " + e.getMessage());
            throw new OcspRequestException("Failed to get server certificates.", e);
        } catch (Throwable th2) {
            httpsURLConnection2 = httpsURLConnection;
            th = th2;
            if (httpsURLConnection2 != null) {
                httpsURLConnection2.disconnect();
            }
            throw th;
        }
    }

    private static String b(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(com.nttdocomo.android.ocsplib.bouncycastle.asn1.j.f.x.c());
        if (extensionValue == null) {
            b.a("Certificate doesn't have authority information access points.");
            return null;
        }
        try {
            com.nttdocomo.android.ocsplib.bouncycastle.asn1.j.a[] a2 = com.nttdocomo.android.ocsplib.bouncycastle.asn1.j.c.a(s.a((Object) r.b(((ay) new j(extensionValue).d()).d()))).a();
            for (com.nttdocomo.android.ocsplib.bouncycastle.asn1.j.a aVar : a2) {
                com.nttdocomo.android.ocsplib.bouncycastle.asn1.j.h b2 = aVar.b();
                if (b2.a() == 6 && l.s.c().equals(aVar.a().c())) {
                    return av.a(b2.b()).c();
                }
            }
            b.a("Cannot find OCSP responder URL from certificate.");
            return null;
        } catch (IOException e2) {
            b.a("Cannot read authority information access points.");
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean b() {
        return e != null;
    }

    private static void c() {
        synchronized (f) {
            if (c == null) {
                c = new HashMap<>();
                try {
                    try {
                        try {
                            if (Build.VERSION.SDK_INT >= 14) {
                                d = KeyStore.getInstance("AndroidCAStore");
                                d.load(null, null);
                            } else {
                                d = KeyStore.getInstance("BKS");
                                String property = System.getProperty("javax.net.ssl.trustStore");
                                if (property == null) {
                                    b.a("TrustStore path not found. set default.");
                                    property = "/system/etc/security/cacerts.bks";
                                }
                                b.a("TrustStore path : " + property);
                                d.load(new FileInputStream(property), null);
                            }
                            Enumeration<String> aliases = d.aliases();
                            b.a("Load root certificate list ...");
                            while (aliases.hasMoreElements()) {
                                String nextElement = aliases.nextElement();
                                String replaceAll = ((X509Certificate) d.getCertificate(nextElement)).getSubjectX500Principal().getName().replaceAll("[^\\\\], +", ",");
                                c.put(replaceAll, nextElement);
                                b.a("  " + replaceAll);
                            }
                        } catch (NoSuchAlgorithmException e2) {
                            b.a("Failed to get root certificate. NoSuchAlgorithmException : " + e2.getMessage());
                            c = null;
                        }
                    } catch (KeyStoreException e3) {
                        b.a("Failed to get root certificate. KeyStoreException : " + e3.getMessage());
                        c = null;
                    }
                } catch (IOException e4) {
                    b.a("Failed to get root certificate. IOException : " + e4.getMessage());
                    c = null;
                } catch (CertificateException e5) {
                    b.a("Failed to get root certificate. CertificateException : " + e5.getMessage());
                    c = null;
                }
            }
        }
    }

    public static void init(Context context) {
        b.a("init() start");
        if (a()) {
            b.a("Already initialized.");
            b.a("init() end");
        } else {
            if (context == null) {
                b.a("Failed to initialize library.");
                throw new OcspParameterException("Failed to initialize library.");
            }
            a.a(context.getCacheDir());
            b.a("init() end");
        }
    }
}
