package com.nttdocomo.android.ocsplib;

import android.content.Context;
import android.net.TrafficStats;
import android.os.Build;
import android.security.NetworkSecurityPolicy;
import android.util.Base64;
import com.nttdocomo.android.applicationmanager.auth.AuthenticationException;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.ASN1InputStream;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.ASN1Primitive;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.ASN1Sequence;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.DERIA5String;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.DEROctetString;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.x509.AccessDescription;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.x509.AuthorityInformationAccess;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.x509.Extension;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.x509.GeneralName;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.X509CertificateHolder;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.jcajce.SHA1DigestCalculator;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.CertificateID;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.OCSPReq;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.OCSPReqBuilder;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.OCSPResp;
import com.nttdocomo.android.ocsplib.exception.OcspLibraryException;
import com.nttdocomo.android.ocsplib.exception.OcspParameterException;
import com.nttdocomo.android.ocsplib.exception.OcspRequestException;
import com.nttdocomo.android.ocsplib.exception.OcspResponseException;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLEncoder;
import java.net.UnknownHostException;
import java.nio.ByteBuffer;
import java.nio.channels.SelectionKey;
import java.nio.channels.Selector;
import java.nio.channels.SocketChannel;
import java.nio.charset.Charset;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateRevokedException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicInteger;
import org.apache.commons.io.IOUtils;

/* loaded from: classes.dex */
public class OcspUtil {
    public static final int FLAG_IGNORE_OCSP_ERROR = 2;
    public static final int FLAG_NO_OCSP_CHECK = 1;
    public static final int STATUS_GOOD = 0;
    public static final int STATUS_PIN_VERIFICATION_FAILED = 3;
    public static final int STATUS_REVOKED = 1;
    public static final int STATUS_UNKNOWN = 2;
    private static int _ = 5000;
    private static final String a = "javax.net.ssl.trustStore";
    static final int b = 0;
    private static int c = 5000;
    private static PinningCertificates d = null;
    private static final int f = 20;
    private static final Object g;
    private static final String h = "/system/etc/security/cacerts.bks";
    private static KeyStore i = null;
    private static final String j = "SHA1";
    private static final String k = ",";
    private static final int l = 10000;
    private static int n = 255;
    private static final String p = "BKS";
    private static final int q = 8192;
    private static final ConcurrentHashMap<Integer, OCSPSession> r;
    private static final String t;
    private static final String u = w(System.getProperty("http.agent", "ocsp client"));
    private static final String v = "AndroidCAStore";
    private static final String w = "[^\\\\], +";
    private static final Object x;
    private static final AtomicInteger y;
    private static HashMap<String, String> z;

    /* loaded from: classes.dex */
    public class IOException extends RuntimeException {
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class OCSPSession {
        private final Object h = new Object();
        private OCSPResp b = null;
        private OcspRequestException c = null;
        private int s = 0;

        static /* synthetic */ int f(OCSPSession oCSPSession) {
            int i = oCSPSession.s;
            oCSPSession.s = i - 1;
            return i;
        }

        static /* synthetic */ int g(OCSPSession oCSPSession) {
            int i = oCSPSession.s;
            oCSPSession.s = i + 1;
            return i;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class SocketOcspThread extends Thread {
        private SocketResultCallback h;
        private int l;
        private InetAddress o;
        private boolean q;
        private OCSPReq w;
        private ServerInfo z = new ServerInfo();

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: classes.dex */
        public static class CustomOutputStream extends ByteArrayOutputStream {
            private CustomOutputStream() {
            }

            public void v(String str) throws java.io.IOException {
                write(str.getBytes());
            }
        }

        /* loaded from: classes.dex */
        public class NullPointerException extends RuntimeException {
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: classes.dex */
        public static class ServerInfo {
            private int c;
            private String f;
            private String j;
            boolean p;
            private URL q;

            private ServerInfo() {
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: classes.dex */
        public interface SocketResultCallback {
            void m(int i, OCSPResp oCSPResp, OcspRequestException ocspRequestException);
        }

        public SocketOcspThread(int i, OCSPReq oCSPReq, URL url, InetAddress inetAddress, boolean z, SocketResultCallback socketResultCallback) {
            this.w = oCSPReq;
            this.o = inetAddress;
            this.q = z;
            this.h = socketResultCallback;
            this.l = i;
            q(url);
        }

        private final CustomOutputStream a() throws java.io.IOException {
            StringBuilder sb;
            CustomOutputStream customOutputStream = new CustomOutputStream();
            try {
                String f = OcspUtil.f(this.w);
                if (this.q || OcspUtil.v(OcspUtil.h(this.z.j, f)) > OcspUtil.n) {
                    LogUtil.y(OcspUtil.f(this.l) + "REQUEST：POST " + this.z.f + " HTTP/1.1");
                    StringBuilder sb2 = new StringBuilder();
                    sb2.append("POST ");
                    sb2.append(this.z.f);
                    sb2.append(" HTTP/1.1\r\n");
                    customOutputStream.v(sb2.toString());
                    customOutputStream.v("Content-Type: application/ocsp-request\r\n");
                    customOutputStream.v("Accept: application/ocsp-response\r\n");
                    customOutputStream.v("Content-Length: " + this.w.k().length + IOUtils.LINE_SEPARATOR_WINDOWS);
                    customOutputStream.v("User-Agent: " + OcspUtil.u + IOUtils.LINE_SEPARATOR_WINDOWS);
                    customOutputStream.v("Host: " + this.z.q.getHost() + IOUtils.LINE_SEPARATOR_WINDOWS);
                    customOutputStream.v(IOUtils.LINE_SEPARATOR_WINDOWS);
                    customOutputStream.write(this.w.k());
                    return customOutputStream;
                }
                if (this.z.p) {
                    if (this.z.f.endsWith("/")) {
                        ServerInfo serverInfo = this.z;
                        serverInfo.f = serverInfo.f.substring(0, this.z.f.length() - 1);
                    }
                    LogUtil.y(OcspUtil.f(this.l) + "REQUEST：GET " + this.z.f + "/" + f + " HTTP/1.1");
                    sb = new StringBuilder();
                    sb.append("GET ");
                    sb.append(this.z.f);
                    sb.append("/");
                    sb.append(f);
                    sb.append(" HTTP/1.1\r\n");
                } else {
                    LogUtil.y(OcspUtil.f(this.l) + "REQUEST：GET /" + f + " HTTP/1.1");
                    sb = new StringBuilder();
                    sb.append("GET /");
                    sb.append(f);
                    sb.append(" HTTP/1.1\r\n");
                }
                customOutputStream.v(sb.toString());
                customOutputStream.v("Content-Type: application/ocsp-request\r\n");
                customOutputStream.v("Accept: application/ocsp-response\r\n");
                customOutputStream.v("User-Agent: " + OcspUtil.u + IOUtils.LINE_SEPARATOR_WINDOWS);
                customOutputStream.v("Host: " + this.z.q.getHost() + IOUtils.LINE_SEPARATOR_WINDOWS);
                customOutputStream.v(IOUtils.LINE_SEPARATOR_WINDOWS);
                return customOutputStream;
            } catch (java.io.IOException unused) {
                LogUtil.y(OcspUtil.f(this.l) + "Failed to create OutputStream.");
                throw new java.io.IOException("Failed to create OutputStream.");
            }
        }

        private final int g(SocketChannel socketChannel) throws java.io.IOException {
            LogUtil.y(OcspUtil.f(this.l) + "write() start. [" + this.o.toString() + "]");
            CustomOutputStream a = a();
            ByteBuffer wrap = ByteBuffer.wrap(a.toByteArray());
            a.close();
            Selector open = Selector.open();
            socketChannel.register(open, 4);
            open.select(10L);
            Iterator<SelectionKey> it = open.selectedKeys().iterator();
            while (it.hasNext() && !Thread.interrupted()) {
                SelectionKey next = it.next();
                it.remove();
                if (next.isWritable()) {
                    int write = 0 + socketChannel.write(wrap);
                    LogUtil.y(OcspUtil.f(this.l) + "write() end. write length: " + write + " [" + this.o.toString() + "]");
                    open.close();
                    return write;
                }
            }
            open.close();
            LogUtil.y(OcspUtil.f(this.l) + "write() failed. [" + this.o.toString() + "]");
            throw new java.io.IOException("write failed.");
        }

        private final SocketChannel i() throws java.io.IOException {
            LogUtil.y(OcspUtil.f(this.l) + "connect() start. [" + this.o.toString() + "]");
            Selector open = Selector.open();
            SocketChannel open2 = SocketChannel.open();
            open2.configureBlocking(false);
            open2.connect(new InetSocketAddress(this.o, this.z.c));
            open2.register(open, 8);
            open.select(OcspUtil.c);
            Iterator<SelectionKey> it = open.selectedKeys().iterator();
            while (it.hasNext() && !Thread.interrupted()) {
                SelectionKey next = it.next();
                it.remove();
                if (next.isConnectable()) {
                    if (open2.finishConnect()) {
                        LogUtil.y(OcspUtil.f(this.l) + "connect() end. [" + this.o.toString() + "]");
                        open.close();
                        return open2;
                    }
                    open2.close();
                    open.close();
                    LogUtil.y(OcspUtil.f(this.l) + "connect() failed. [" + this.o.toString() + "]");
                    throw new java.io.IOException("connect failed.");
                }
            }
            open2.close();
            open.close();
            LogUtil.y(OcspUtil.f(this.l) + "connect() failed. [" + this.o.toString() + "]");
            throw new java.io.IOException("connect failed.");
        }

        private final void q(URL url) {
            ServerInfo serverInfo;
            boolean z;
            this.z.q = url;
            this.z.j = url.toString();
            ServerInfo serverInfo2 = this.z;
            serverInfo2.c = serverInfo2.q.getPort();
            if (this.z.c == -1) {
                this.z.c = 80;
            }
            ServerInfo serverInfo3 = this.z;
            serverInfo3.f = serverInfo3.q.getPath();
            if (this.z.f == null || this.z.f.equals("")) {
                this.z.f = "/";
                serverInfo = this.z;
                z = false;
            } else {
                serverInfo = this.z;
                z = true;
            }
            serverInfo.p = z;
        }

        /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
        @Override // java.lang.Thread, java.lang.Runnable
        public void run() {
            StringBuilder sb;
            SocketChannel socketChannel;
            StringBuilder sb2;
            LogUtil.y(OcspUtil.f(this.l) + "run() start.");
            OcspUtil.c();
            int i = 0;
            SocketChannel socketChannel2 = null;
            while (i < 20) {
                try {
                    try {
                        socketChannel = i();
                    } catch (Throwable th) {
                        th = th;
                        socketChannel = socketChannel2;
                    }
                } catch (java.io.IOException unused) {
                }
                try {
                    g(socketChannel);
                    HttpResponseParser httpResponseParser = new HttpResponseParser(new InputStreamEx(socketChannel));
                    socketChannel.close();
                    int o = httpResponseParser.o();
                    if (o != 200) {
                        switch (o) {
                            case 300:
                            case AuthenticationException.j /* 301 */:
                            case 302:
                            case 303:
                                this.z.j = httpResponseParser.p();
                                if (this.z.j == null) {
                                    LogUtil.y(OcspUtil.f(this.l) + "Failed to send OCSP request. response code : " + httpResponseParser.o());
                                    this.h.m(this.l, null, new OcspRequestException("Failed to send OCSP request. response code : " + httpResponseParser.o()));
                                    if (socketChannel != null) {
                                        try {
                                            socketChannel.close();
                                        } catch (java.io.IOException unused2) {
                                        }
                                    }
                                    OcspUtil.u();
                                    sb2 = new StringBuilder();
                                    break;
                                } else {
                                    i++;
                                    socketChannel2 = socketChannel;
                                }
                            default:
                                LogUtil.y(OcspUtil.f(this.l) + "Failed to send OCSP request. response code : " + httpResponseParser.o());
                                this.h.m(this.l, null, new OcspRequestException("Failed to send OCSP request. response code : " + httpResponseParser.o()));
                                if (socketChannel != null) {
                                    try {
                                        socketChannel.close();
                                    } catch (java.io.IOException unused3) {
                                    }
                                }
                                OcspUtil.u();
                                sb2 = new StringBuilder();
                                break;
                        }
                    } else {
                        this.h.m(this.l, new OCSPResp(httpResponseParser.j()), null);
                        if (socketChannel != null) {
                            try {
                                socketChannel.close();
                            } catch (java.io.IOException unused4) {
                            }
                        }
                        OcspUtil.u();
                        sb2 = new StringBuilder();
                    }
                    sb2.append(OcspUtil.f(this.l));
                    sb2.append("run() end.");
                    LogUtil.y(sb2.toString());
                    return;
                } catch (java.io.IOException unused5) {
                    socketChannel2 = socketChannel;
                    LogUtil.y(OcspUtil.f(this.l) + "Failed to send OCSP request.");
                    this.h.m(this.l, null, new OcspRequestException("Failed to send OCSP request."));
                    if (socketChannel2 != null) {
                        try {
                            socketChannel2.close();
                        } catch (java.io.IOException unused6) {
                        }
                    }
                    OcspUtil.u();
                    sb = new StringBuilder();
                    sb.append(OcspUtil.f(this.l));
                    sb.append("run() end.");
                    LogUtil.y(sb.toString());
                } catch (Throwable th2) {
                    th = th2;
                    if (socketChannel != null) {
                        try {
                            socketChannel.close();
                        } catch (java.io.IOException unused7) {
                        }
                    }
                    OcspUtil.u();
                    LogUtil.y(OcspUtil.f(this.l) + "run() end.");
                    throw th;
                }
            }
            LogUtil.y(OcspUtil.f(this.l) + "Redirect count limit over.");
            this.h.m(this.l, null, new OcspRequestException("Failed to send OCSP request. Redirect count limit over"));
            if (socketChannel2 != null) {
                try {
                    socketChannel2.close();
                } catch (java.io.IOException unused8) {
                }
            }
            OcspUtil.u();
            sb = new StringBuilder();
            sb.append(OcspUtil.f(this.l));
            sb.append("run() end.");
            LogUtil.y(sb.toString());
        }
    }

    static {
        t = Build.VERSION.SDK_INT < 28 ? "BC" : null;
        g = new Object();
        x = new Object();
        y = new AtomicInteger();
        r = new ConcurrentHashMap<>();
    }

    private static OCSPReq a(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws OcspRequestException {
        try {
            OCSPReqBuilder oCSPReqBuilder = new OCSPReqBuilder();
            oCSPReqBuilder.m(new CertificateID(new SHA1DigestCalculator(MessageDigest.getInstance(j)), new X509CertificateHolder(x509Certificate2.getEncoded()), x509Certificate.getSerialNumber()));
            return oCSPReqBuilder.o();
        } catch (Exception e) {
            LogUtil.y("Failed to generate OCSP request. " + e.getMessage());
            throw new OcspRequestException("Failed to generate OCSP request. ", e);
        }
    }

    private static String a(X509Certificate x509Certificate) {
        String str;
        byte[] extensionValue = x509Certificate.getExtensionValue(Extension.n.v());
        if (extensionValue == null) {
            str = "Certificate doesn't have authority information access points.";
        } else {
            try {
                for (AccessDescription accessDescription : AuthorityInformationAccess.s(ASN1Sequence.g(ASN1Primitive.t(((DEROctetString) new ASN1InputStream(extensionValue).f()).v()))).u()) {
                    GeneralName e = accessDescription.e();
                    if (e.w() == 6 && X509ObjectIdentifiers.w.v().equals(accessDescription.g().v())) {
                        return DERIA5String.g(e.a()).e();
                    }
                }
                str = "Cannot find OCSP responder URL from certificate.";
            } catch (java.io.IOException unused) {
                str = "Cannot read authority information access points.";
            }
        }
        LogUtil.y(str);
        return null;
    }

    private static OCSPResp b(OCSPReq oCSPReq, String str) throws OcspRequestException {
        return u(oCSPReq, str, false);
    }

    private static OCSPResp b(OCSPReq oCSPReq, URL url, boolean z2) throws OcspRequestException {
        int z3 = z();
        LogUtil.y(f(z3) + "OCSP socket start.");
        OCSPSession oCSPSession = new OCSPSession();
        synchronized (r) {
            r.put(Integer.valueOf(z3), oCSPSession);
        }
        try {
            try {
                SocketOcspThread.SocketResultCallback socketResultCallback = new SocketOcspThread.SocketResultCallback() { // from class: com.nttdocomo.android.ocsplib.OcspUtil.1
                    @Override // com.nttdocomo.android.ocsplib.OcspUtil.SocketOcspThread.SocketResultCallback
                    public void m(int i2, OCSPResp oCSPResp, OcspRequestException ocspRequestException) {
                        OCSPSession oCSPSession2;
                        LogUtil.y(OcspUtil.f(i2) + "onComplete");
                        synchronized (OcspUtil.r) {
                            oCSPSession2 = (OCSPSession) OcspUtil.r.get(Integer.valueOf(i2));
                        }
                        if (oCSPSession2 == null) {
                            LogUtil.y(OcspUtil.f(i2) + "Not found session.");
                            return;
                        }
                        synchronized (oCSPSession2.h) {
                            OCSPSession.f(oCSPSession2);
                            oCSPSession2.b = oCSPResp;
                            oCSPSession2.c = ocspRequestException;
                            if (oCSPResp == null && oCSPSession2.s > 0) {
                                if (ocspRequestException != null) {
                                    LogUtil.y(OcspUtil.f(i2) + "Received error. " + ocspRequestException.getMessage());
                                }
                            }
                            LogUtil.y(OcspUtil.f(i2) + "Received OCSP response.");
                            oCSPSession2.h.notify();
                        }
                    }
                };
                SocketOcspThread socketOcspThread = null;
                SocketOcspThread socketOcspThread2 = null;
                for (InetAddress inetAddress : InetAddress.getAllByName(url.getHost())) {
                    if (!inetAddress.isLinkLocalAddress() && !inetAddress.isLoopbackAddress() && !inetAddress.isAnyLocalAddress() && !inetAddress.isMulticastAddress()) {
                        if (socketOcspThread == null && (inetAddress instanceof Inet4Address)) {
                            LogUtil.y(f(z3) + "Found IPv4 address. " + inetAddress.toString());
                            socketOcspThread = new SocketOcspThread(z3, oCSPReq, url, inetAddress, z2, socketResultCallback);
                        } else if (socketOcspThread2 == null && (inetAddress instanceof Inet6Address)) {
                            LogUtil.y(f(z3) + "Found IPv6 address. " + inetAddress.toString());
                            socketOcspThread2 = new SocketOcspThread(z3, oCSPReq, url, inetAddress, z2, socketResultCallback);
                        }
                        OCSPSession.g(oCSPSession);
                    }
                }
                if (socketOcspThread == null && socketOcspThread2 == null) {
                    LogUtil.y(f(z3) + "Failed to send OCSP request. unknown host.");
                    throw new OcspRequestException("Failed to send OCSP request. unknown host");
                }
                synchronized (oCSPSession.h) {
                    if (socketOcspThread != null) {
                        try {
                            socketOcspThread.start();
                        } finally {
                        }
                    }
                    if (socketOcspThread2 != null) {
                        socketOcspThread2.start();
                    }
                    LogUtil.y(f(z3) + "Wait to send OCSP request.");
                    oCSPSession.h.wait(10000L);
                    if (socketOcspThread != null) {
                        socketOcspThread.interrupt();
                    }
                    if (socketOcspThread2 != null) {
                        socketOcspThread2.interrupt();
                    }
                }
                LogUtil.y(f(z3) + "OCSP socket end.");
                if (oCSPSession.b != null) {
                    OCSPResp oCSPResp = oCSPSession.b;
                    synchronized (r) {
                        r.remove(Integer.valueOf(z3));
                        LogUtil.y(f(z3) + "Remove session.");
                    }
                    return oCSPResp;
                }
                if (oCSPSession.c != null) {
                    LogUtil.y(f(z3) + "Failed to send OCSP request. " + oCSPSession.c);
                    throw oCSPSession.c;
                }
                synchronized (r) {
                    r.remove(Integer.valueOf(z3));
                    LogUtil.y(f(z3) + "Remove session.");
                }
                LogUtil.y(f(z3) + "Failed to send OCSP request.");
                throw new OcspRequestException("Failed to send OCSP request.");
            } catch (InterruptedException | UnknownHostException e) {
                LogUtil.y(f(z3) + "Failed to send OCSP request. " + e.getMessage());
                throw new OcspRequestException("Failed to send OCSP request. " + e.getMessage());
            }
        } catch (Throwable th) {
            synchronized (r) {
                r.remove(Integer.valueOf(z3));
                LogUtil.y(f(z3) + "Remove session.");
                throw th;
            }
        }
    }

    static /* synthetic */ boolean c() {
        return l();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:25:0x009d  */
    /* JADX WARN: Removed duplicated region for block: B:27:0x00a2  */
    /* JADX WARN: Type inference failed for: r5v2 */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static java.security.cert.Certificate[] c(java.net.URL r5) throws com.nttdocomo.android.ocsplib.exception.OcspRequestException {
        /*
            boolean r0 = l()
            r1 = 0
            java.net.URLConnection r5 = r5.openConnection()     // Catch: java.lang.Throwable -> L71 java.io.IOException -> L76
            javax.net.ssl.HttpsURLConnection r5 = (javax.net.ssl.HttpsURLConnection) r5     // Catch: java.lang.Throwable -> L71 java.io.IOException -> L76
            r1 = 0
            r5.setInstanceFollowRedirects(r1)     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            int r1 = com.nttdocomo.android.ocsplib.OcspUtil.c     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            r5.setConnectTimeout(r1)     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            java.lang.StringBuilder r1 = new java.lang.StringBuilder     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            r1.<init>()     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            java.lang.String r2 = "Get server certificates connect timeout : "
            r1.append(r2)     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            int r2 = r5.getConnectTimeout()     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            r1.append(r2)     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            java.lang.String r1 = r1.toString()     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            com.nttdocomo.android.ocsplib.LogUtil.y(r1)     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            int r1 = com.nttdocomo.android.ocsplib.OcspUtil._     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            r5.setReadTimeout(r1)     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            java.lang.StringBuilder r1 = new java.lang.StringBuilder     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            r1.<init>()     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            java.lang.String r2 = "Get server certificates read timeout : "
            r1.append(r2)     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            int r2 = r5.getReadTimeout()     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            r1.append(r2)     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            java.lang.String r1 = r1.toString()     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            com.nttdocomo.android.ocsplib.LogUtil.y(r1)     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            java.lang.String r1 = "Connect to server to get certificates. (HttpsURLConnection)"
            com.nttdocomo.android.ocsplib.LogUtil.y(r1)     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            r5.connect()     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            int r1 = android.os.Build.VERSION.SDK_INT     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            r2 = 14
            if (r1 == r2) goto L5d
            int r1 = android.os.Build.VERSION.SDK_INT     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            r2 = 15
            if (r1 != r2) goto L60
        L5d:
            r5.getResponseCode()     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
        L60:
            java.security.cert.Certificate[] r1 = r5.getServerCertificates()     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            if (r5 == 0) goto L69
            r5.disconnect()
        L69:
            if (r0 == 0) goto L6e
            u()
        L6e:
            return r1
        L6f:
            r1 = move-exception
            goto L7a
        L71:
            r5 = move-exception
            r4 = r1
            r1 = r5
            r5 = r4
            goto L9b
        L76:
            r5 = move-exception
            r4 = r1
            r1 = r5
            r5 = r4
        L7a:
            java.lang.StringBuilder r2 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> L9a
            r2.<init>()     // Catch: java.lang.Throwable -> L9a
            java.lang.String r3 = "Failed to get server certificates. "
            r2.append(r3)     // Catch: java.lang.Throwable -> L9a
            java.lang.String r3 = r1.getMessage()     // Catch: java.lang.Throwable -> L9a
            r2.append(r3)     // Catch: java.lang.Throwable -> L9a
            java.lang.String r2 = r2.toString()     // Catch: java.lang.Throwable -> L9a
            com.nttdocomo.android.ocsplib.LogUtil.y(r2)     // Catch: java.lang.Throwable -> L9a
            com.nttdocomo.android.ocsplib.exception.OcspRequestException r2 = new com.nttdocomo.android.ocsplib.exception.OcspRequestException     // Catch: java.lang.Throwable -> L9a
            java.lang.String r3 = "Failed to get server certificates."
            r2.<init>(r3, r1)     // Catch: java.lang.Throwable -> L9a
            throw r2     // Catch: java.lang.Throwable -> L9a
        L9a:
            r1 = move-exception
        L9b:
            if (r5 == 0) goto La0
            r5.disconnect()
        La0:
            if (r0 == 0) goto La5
            u()
        La5:
            throw r1
        */
        throw new UnsupportedOperationException("Method not decompiled: com.nttdocomo.android.ocsplib.OcspUtil.c(java.net.URL):java.security.cert.Certificate[]");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean d(List<X509Certificate> list, String str) throws OcspParameterException {
        LogUtil.y("checkPins start.");
        if (str == null || d == null) {
            LogUtil.y("Pinning certificates is disabled or no hostname found. Skip checkPins.");
            return true;
        }
        try {
            boolean e = d.e(list, str);
            LogUtil.y("checkPins end. ret : " + e);
            return e;
        } catch (RuntimeException e2) {
            throw new OcspParameterException(e2.getMessage());
        }
    }

    private static void e() {
        synchronized (g) {
            if (z == null) {
                z = new HashMap<>();
                try {
                    try {
                        try {
                            try {
                                if (Build.VERSION.SDK_INT >= 14) {
                                    i = KeyStore.getInstance(v);
                                    i.load(null, null);
                                } else {
                                    i = KeyStore.getInstance(p);
                                    String property = System.getProperty(a);
                                    if (property == null) {
                                        LogUtil.y("TrustStore path not found. set default.");
                                        property = h;
                                    }
                                    LogUtil.y("TrustStore path : " + property);
                                    i.load(new FileInputStream(property), null);
                                }
                                Enumeration<String> aliases = i.aliases();
                                String str = "Load root certificate list ...";
                                while (true) {
                                    LogUtil.y(str);
                                    if (!aliases.hasMoreElements()) {
                                        break;
                                    }
                                    String nextElement = aliases.nextElement();
                                    String replaceAll = ((X509Certificate) i.getCertificate(nextElement)).getSubjectX500Principal().getName().replaceAll(w, k);
                                    z.put(replaceAll, nextElement);
                                    str = "  " + replaceAll;
                                }
                            } catch (NoSuchAlgorithmException e) {
                                LogUtil.y("Failed to get root certificate. NoSuchAlgorithmException : " + e.getMessage());
                                z = null;
                            }
                        } catch (java.io.IOException e2) {
                            LogUtil.y("Failed to get root certificate. IOException : " + e2.getMessage());
                            z = null;
                        }
                    } catch (KeyStoreException e3) {
                        LogUtil.y("Failed to get root certificate. KeyStoreException : " + e3.getMessage());
                        z = null;
                    }
                } catch (CertificateException e4) {
                    LogUtil.y("Failed to get root certificate. CertificateException : " + e4.getMessage());
                    z = null;
                }
            }
        }
    }

    public static void e(int i2) throws OcspParameterException {
        LogUtil.y("setConnectTimeout() start");
        LogUtil.y("Timeout : " + i2);
        if (i2 < 0) {
            LogUtil.y("Connect timeout must be zero or higher.");
            throw new OcspParameterException("Connect timeout must be zero or higher.");
        }
        c = i2;
        LogUtil.y("setConnectTimeout() end");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String f(int i2) {
        return "(sessionId:" + i2 + ") ";
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String f(OCSPReq oCSPReq) throws java.io.IOException {
        return URLEncoder.encode(new String(Base64.encode(oCSPReq.k(), 2), Charset.forName("UTF-8")), "UTF-8");
    }

    public static int g(Certificate[] certificateArr, String str, boolean z2, int i2) throws OcspParameterException, OcspRequestException, OcspResponseException {
        return h(certificateArr, str, z2, i2, true);
    }

    /* JADX WARN: Removed duplicated region for block: B:39:0x0221  */
    /* JADX WARN: Removed duplicated region for block: B:41:0x0226  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.OCSPResp g(com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.OCSPReq r5, java.lang.String r6, boolean r7) throws com.nttdocomo.android.ocsplib.exception.OcspRequestException {
        /*
            Method dump skipped, instructions count: 554
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.nttdocomo.android.ocsplib.OcspUtil.g(com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.OCSPReq, java.lang.String, boolean):com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.OCSPResp");
    }

    private static int h(Certificate[] certificateArr, String str, boolean z2, int i2, boolean z3) throws OcspParameterException, OcspRequestException, OcspResponseException {
        String str2;
        LogUtil.y("verifyCert(chain) start");
        LogUtil.y("useCache : " + z2);
        if (z3) {
            LogUtil.y("flag : " + i2);
        }
        int i3 = 2;
        if (z3 && i2 != 2) {
            LogUtil.y("Incorrect flag parameter.");
            throw new OcspParameterException("Incorrect flag parameter.");
        }
        if (!x()) {
            LogUtil.y("OcspUtil has not been initialized.");
            throw new OcspParameterException("OcspUtil has not been initialized.");
        }
        if (certificateArr == null || certificateArr.length == 0) {
            LogUtil.y("Certificate chain is null or length 0.");
            throw new OcspParameterException("Certificate chain is null or length 0.");
        }
        LinkedHashSet linkedHashSet = new LinkedHashSet(Arrays.asList(certificateArr));
        int i4 = 0;
        List<X509Certificate> n2 = n((Certificate[]) linkedHashSet.toArray(new Certificate[0]));
        if (n2 == null) {
            str2 = "Failed to generate certificate chain.";
        } else {
            i3 = 0;
            while (i4 < n2.size() - 1 && i3 == 0) {
                X509Certificate x509Certificate = n2.get(i4);
                i4++;
                i3 = w(x509Certificate, n2.get(i4), z2, i2);
            }
            if (Build.VERSION.SDK_INT < 24 && str != null && d != null && i3 == 0 && !d(n2, str)) {
                LogUtil.y("Pin verification failed");
                i3 = 3;
            }
            str2 = "verifyCert(chain) end";
        }
        LogUtil.y(str2);
        return i3;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String h(String str, String str2) {
        StringBuilder sb;
        if (str.endsWith("/")) {
            sb = new StringBuilder();
        } else {
            sb = new StringBuilder();
            sb.append(str);
            str = "/";
        }
        sb.append(str);
        sb.append(str2);
        return sb.toString();
    }

    public static void init(Context context) throws OcspParameterException {
        LogUtil.y("init() start");
        if (x()) {
            LogUtil.y("Already initialized.");
        } else {
            if (context == null) {
                LogUtil.y("Failed to initialize library.");
                throw new OcspParameterException("Failed to initialize library.");
            }
            CacheUtil.u(context.getCacheDir());
        }
        LogUtil.y("init() end");
    }

    public static void j(Context context, int i2) throws OcspParameterException {
        LogUtil.y("init() with PinningCertificates start");
        init(context);
        synchronized (x) {
            if (d == null) {
                d = new PinningCertificates();
                try {
                    d.b(context, i2);
                } catch (RuntimeException e) {
                    LogUtil.y("PinningCertificates initialization failed. " + e.getMessage());
                    throw new OcspParameterException("PinningCertificates initialization failed. " + e.getMessage());
                }
            } else {
                LogUtil.y("PinningCertificates instance already initialized.");
            }
        }
        LogUtil.y("init() with PinningCertificates end");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean j() {
        return d != null;
    }

    private static boolean l() {
        if (Build.VERSION.SDK_INT <= 14 || TrafficStats.getThreadStatsTag() != -1) {
            return false;
        }
        TrafficStats.setThreadStatsTag(0);
        return true;
    }

    private static int n(String str, boolean z2, int i2, boolean z3) throws OcspParameterException, OcspRequestException, OcspResponseException {
        String str2;
        Certificate[] c2;
        LogUtil.y("verifyUrl() start");
        LogUtil.y("Target URL : " + str);
        LogUtil.y("useCache : " + z2);
        if (z3) {
            LogUtil.y("flag : " + i2);
        }
        if (z3 && i2 != 2) {
            LogUtil.y("Incorrect flag parameter.");
            throw new OcspParameterException("Incorrect flag parameter.");
        }
        if (!x()) {
            LogUtil.y("OcspUtil has not been initialized.");
            throw new OcspParameterException("OcspUtil has not been initialized.");
        }
        try {
            URL url = new URL(str);
            if (url.getProtocol().equals("https")) {
                try {
                    c2 = c(url);
                } catch (OcspRequestException e) {
                    if (Build.VERSION.SDK_INT >= 24 && ExceptionUtil.p(e, CertificateRevokedException.class)) {
                        LogUtil.y("CertificateRevokedException. " + e.getMessage());
                        return 1;
                    }
                    if (i2 != 2) {
                        throw e;
                    }
                    LogUtil.y("Failed to get server certificates.");
                }
                if (c2 != null && c2.length != 0) {
                    int h2 = h(c2, url.getHost(), z2, i2, z3);
                    LogUtil.y("verifyUrl() end");
                    return h2;
                }
                LogUtil.y("Failed to get server certificates. (chain is null or length 0)");
                if (i2 != 2) {
                    throw new OcspRequestException("Failed to get server certificates. (chain is null or length 0)");
                }
                str2 = "FLAG_IGNORE_OCSP_ERROR is set. Ignore error.";
            } else {
                str2 = "Target protocol is " + url.getProtocol() + ". Skip verify.";
            }
            LogUtil.y(str2);
            return 0;
        } catch (MalformedURLException e2) {
            LogUtil.y("URL is malformed. " + e2.getMessage());
            throw new OcspParameterException("URL is malformed.", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<X509Certificate> n(Certificate[] certificateArr) {
        ArrayList arrayList = new ArrayList();
        for (Certificate certificate : certificateArr) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            arrayList.add(x509Certificate);
            X509Certificate o = o(x509Certificate);
            if (o != null) {
                LogUtil.y("Root certificate found. DN : " + o.getSubjectX500Principal().getName());
                arrayList.add(o);
                return arrayList;
            }
        }
        return null;
    }

    private static X509Certificate o(X509Certificate x509Certificate) {
        String replaceAll = x509Certificate.getIssuerX500Principal().getName().replaceAll(w, k);
        e();
        if (z == null || i == null) {
            return null;
        }
        try {
            String str = z.get(replaceAll);
            if (str != null) {
                return (X509Certificate) i.getCertificate(str);
            }
        } catch (KeyStoreException e) {
            LogUtil.y("Failed to get root certificate. KeyStoreException : " + e.getMessage());
        }
        return null;
    }

    public static int p(Certificate[] certificateArr, String str, boolean z2) throws OcspParameterException, OcspRequestException, OcspResponseException {
        return h(certificateArr, str, z2, 0, false);
    }

    @Deprecated
    public static int t(X509Certificate x509Certificate, X509Certificate x509Certificate2, boolean z2) throws OcspParameterException, OcspRequestException, OcspResponseException {
        return w(x509Certificate, x509Certificate2, z2, 0);
    }

    public static void t() {
        String str;
        LogUtil.y("deleteCache() start");
        if (x()) {
            CacheUtil.t();
            str = "deleteCache() end";
        } else {
            str = "OcspUtil has not been initialized. No cache file deleted.";
        }
        LogUtil.y(str);
    }

    public static void t(int i2) throws OcspParameterException {
        LogUtil.y("setReadTimeout() start");
        LogUtil.y("Timeout : " + i2);
        if (i2 < 0) {
            LogUtil.y("Read timeout must be zero or higher.");
            throw new OcspParameterException("Read timeout must be zero or higher.");
        }
        _ = i2;
        LogUtil.y("setReadTimeout() end");
    }

    private static OCSPResp u(OCSPReq oCSPReq, String str, boolean z2) throws OcspRequestException {
        try {
            URL url = new URL(str);
            if (Build.VERSION.SDK_INT > 22 && !NetworkSecurityPolicy.getInstance().isCleartextTrafficPermitted() && !"https".equals(url.getProtocol())) {
                return b(oCSPReq, url, z2);
            }
            LogUtil.y("OCSP request send by HttpURLConnection");
            return g(oCSPReq, str, z2);
        } catch (MalformedURLException e) {
            LogUtil.y("Failed to send OCSP request. " + e.getMessage());
            throw new OcspRequestException("Failed to send OCSP request.", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void u() {
        if (Build.VERSION.SDK_INT > 14) {
            TrafficStats.clearThreadStatsTag();
        }
    }

    public static int v() {
        return _;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static int v(String str) throws java.io.IOException {
        if (str == null || str.length() == 0) {
            throw new java.io.IOException("Failed to encode OCSP request.");
        }
        int length = str.getBytes(Charset.forName("UTF-8")).length;
        LogUtil.y("OCSPRequestByte:" + length);
        return length;
    }

    public static int verifyUrl(String str, boolean z2) throws OcspParameterException, OcspRequestException, OcspResponseException {
        return n(str, z2, 0, false);
    }

    @Deprecated
    private static int w(X509Certificate x509Certificate, X509Certificate x509Certificate2, boolean z2, int i2) throws OcspParameterException, OcspRequestException, OcspResponseException {
        OCSPReq oCSPReq;
        OcspLibraryException e;
        String str;
        LogUtil.y("verifyCert() start");
        LogUtil.y("Issuer : " + x509Certificate2.getSubjectX500Principal().getName());
        LogUtil.y("Target : " + x509Certificate.getSubjectX500Principal().getName());
        LogUtil.y("Target serial : " + x509Certificate.getSerialNumber().toString(16));
        LogUtil.y("useCache : " + z2);
        if (!x()) {
            LogUtil.y("OcspUtil has not been initialized.");
            throw new OcspParameterException("OcspUtil has not been initialized.");
        }
        String g2 = CacheUtil.g(x509Certificate);
        int i3 = 0;
        if (z2 && g2 != null) {
            switch (CacheUtil.z(g2)) {
                case 0:
                    LogUtil.y("verifyCert() end");
                    return i3;
                case 1:
                    LogUtil.y("verifyCert() end");
                    return 1;
                default:
                    LogUtil.y("No valid cache found.");
                    break;
            }
        }
        String a2 = a(x509Certificate);
        if (a2 != null) {
            LogUtil.y("OCSP responder URL : " + a2);
            try {
                oCSPReq = a(x509Certificate, x509Certificate2);
                try {
                    i3 = x(b(oCSPReq, a2), x509Certificate2.getPublicKey(), x509Certificate.getSerialNumber().toString(16), g2);
                } catch (OcspLibraryException e2) {
                    e = e2;
                    if (i2 == 2) {
                        str = "FLAG_IGNORE_OCSP_ERROR is set. Ignore error.";
                        LogUtil.y(str);
                        LogUtil.y("verifyCert() end");
                        return i3;
                    }
                    LogUtil.y("Resend request (change method from GET to POST)");
                    if (oCSPReq != null) {
                        return x(u(oCSPReq, a2, true), x509Certificate2.getPublicKey(), x509Certificate.getSerialNumber().toString(16), g2);
                    }
                    throw e;
                }
            } catch (OcspLibraryException e3) {
                oCSPReq = null;
                e = e3;
            }
            LogUtil.y("verifyCert() end");
            return i3;
        }
        str = "No OCSP responder URL. Skip verify.";
        LogUtil.y(str);
        LogUtil.y("verifyCert() end");
        return i3;
    }

    private static String w(String str) {
        int length = str.length();
        int i2 = 0;
        while (i2 < length) {
            int codePointAt = str.codePointAt(i2);
            if (codePointAt <= 31 || codePointAt >= 127) {
                StringBuilder sb = new StringBuilder();
                sb.append((CharSequence) str, 0, i2);
                while (i2 < length) {
                    int codePointAt2 = str.codePointAt(i2);
                    sb.appendCodePoint((codePointAt2 <= 31 || codePointAt2 >= 127) ? 63 : codePointAt2);
                    i2 += Character.charCount(codePointAt2);
                }
                return sb.toString();
            }
            i2 += Character.charCount(codePointAt);
        }
        return str;
    }

    /* JADX WARN: Code restructure failed: missing block: B:10:0x0028, code lost:
    
        if (r7.z(new com.nttdocomo.android.ocsplib.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder().v(com.nttdocomo.android.ocsplib.OcspUtil.t).l(r8)) != false) goto L8;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static int x(com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.OCSPResp r7, java.security.PublicKey r8, java.lang.String r9, java.lang.String r10) throws com.nttdocomo.android.ocsplib.exception.OcspResponseException {
        /*
            Method dump skipped, instructions count: 491
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.nttdocomo.android.ocsplib.OcspUtil.x(com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.OCSPResp, java.security.PublicKey, java.lang.String, java.lang.String):int");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean x() {
        return CacheUtil.g();
    }

    public static int y(String str, boolean z2, int i2) throws OcspParameterException, OcspRequestException, OcspResponseException {
        return n(str, z2, i2, true);
    }

    private static int z() {
        return y.incrementAndGet();
    }
}
