package com.nttdocomo.android.ocsplib;

import android.content.Context;
import android.os.Build;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.ASN1InputStream;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.ASN1Primitive;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.ASN1Sequence;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.DERIA5String;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.DEROctetString;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.x509.AccessDescription;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.x509.AuthorityInformationAccess;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.x509.Extension;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.x509.GeneralName;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.X509CertificateHolder;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.jcajce.SHA1DigestCalculator;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.CertificateID;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.OCSPReq;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.OCSPReqBuilder;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.OCSPResp;
import com.nttdocomo.android.ocsplib.exception.OcspParameterException;
import com.nttdocomo.android.ocsplib.exception.OcspRequestException;
import com.nttdocomo.android.ocsplib.exception.OcspResponseException;
import java.io.BufferedOutputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.FileInputStream;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;

/* loaded from: classes.dex */
public class OcspUtil {
    public static final int STATUS_GOOD = 0;
    public static final int STATUS_PIN_VERIFICATION_FAILED = 3;
    public static final int STATUS_REVOKED = 1;
    public static final int STATUS_UNKNOWN = 2;
    private static final String _ = "BKS";
    private static final String d = "[^\\\\], +";
    private static final String f = "SHA1";
    private static final String g = "AndroidCAStore";
    private static int h = 5000;
    private static HashMap<String, String> i = null;
    private static final int l = 4096;
    private static KeyStore o = null;
    private static final String r = "/system/etc/security/cacerts.bks";
    private static final String s = "javax.net.ssl.trustStore";
    private static final String t = ",";
    private static final String v = "BC";
    private static PinningCertificates x = null;
    private static int y = 5000;
    private static final Object n = new Object();
    private static final Object u = new Object();

    /* loaded from: classes.dex */
    public class IOException extends RuntimeException {
    }

    @Deprecated
    public static int _(X509Certificate x509Certificate, X509Certificate x509Certificate2, boolean z) throws OcspParameterException, OcspRequestException, OcspResponseException {
        LogUtil.p("verifyCert() start");
        LogUtil.p("Issuer : " + x509Certificate2.getSubjectX500Principal().getName());
        LogUtil.p("Target : " + x509Certificate.getSubjectX500Principal().getName());
        LogUtil.p("Target serial : " + x509Certificate.getSerialNumber().toString(16));
        LogUtil.p("useCache : " + z);
        if (!w()) {
            LogUtil.p("OcspUtil has not been initialized.");
            throw new OcspParameterException("OcspUtil has not been initialized.");
        }
        String _2 = CacheUtil._(x509Certificate);
        if (z && _2 != null) {
            switch (CacheUtil.p(_2)) {
                case 0:
                    LogUtil.p("verifyCert() end");
                    return 0;
                case 1:
                    LogUtil.p("verifyCert() end");
                    return 1;
                default:
                    LogUtil.p("No valid cache found.");
                    break;
            }
        }
        String d2 = d(x509Certificate);
        if (d2 == null) {
            LogUtil.p("No OCSP responder URL. Skip verify.");
            LogUtil.p("verifyCert() end");
            return 0;
        }
        LogUtil.p("OCSP responder URL : " + d2);
        int w = w(u(w(x509Certificate, x509Certificate2), d2), x509Certificate2.getPublicKey(), x509Certificate.getSerialNumber().toString(16), _2);
        LogUtil.p("verifyCert() end");
        return w;
    }

    public static void b() {
        String str;
        LogUtil.p("deleteCache() start");
        if (w()) {
            CacheUtil.f();
            str = "deleteCache() end";
        } else {
            str = "OcspUtil has not been initialized. No cache file deleted.";
        }
        LogUtil.p(str);
    }

    private static String d(X509Certificate x509Certificate) {
        String str;
        byte[] extensionValue = x509Certificate.getExtensionValue(Extension.c.n());
        if (extensionValue == null) {
            str = "Certificate doesn't have authority information access points.";
        } else {
            try {
                for (AccessDescription accessDescription : AuthorityInformationAccess.p(ASN1Sequence.m(ASN1Primitive.u(((DEROctetString) new ASN1InputStream(extensionValue).w()).h()))).m()) {
                    GeneralName k = accessDescription.k();
                    if (k.z() == 6 && X509ObjectIdentifiers.d.n().equals(accessDescription.f().n())) {
                        return DERIA5String.m(k.n()).a();
                    }
                }
                str = "Cannot find OCSP responder URL from certificate.";
            } catch (java.io.IOException unused) {
                str = "Cannot read authority information access points.";
            }
        }
        LogUtil.p(str);
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:23:0x0094  */
    /* JADX WARN: Type inference failed for: r4v2 */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static java.security.cert.Certificate[] d(java.net.URL r4) throws com.nttdocomo.android.ocsplib.exception.OcspRequestException {
        /*
            r0 = 0
            java.net.URLConnection r4 = r4.openConnection()     // Catch: java.lang.Throwable -> L68 java.io.IOException -> L6d
            javax.net.ssl.HttpsURLConnection r4 = (javax.net.ssl.HttpsURLConnection) r4     // Catch: java.lang.Throwable -> L68 java.io.IOException -> L6d
            r0 = 0
            r4.setInstanceFollowRedirects(r0)     // Catch: java.io.IOException -> L66 java.lang.Throwable -> L91
            int r0 = com.nttdocomo.android.ocsplib.OcspUtil.y     // Catch: java.io.IOException -> L66 java.lang.Throwable -> L91
            r4.setConnectTimeout(r0)     // Catch: java.io.IOException -> L66 java.lang.Throwable -> L91
            java.lang.StringBuilder r0 = new java.lang.StringBuilder     // Catch: java.io.IOException -> L66 java.lang.Throwable -> L91
            r0.<init>()     // Catch: java.io.IOException -> L66 java.lang.Throwable -> L91
            java.lang.String r1 = "Get server certificates connect timeout : "
            r0.append(r1)     // Catch: java.io.IOException -> L66 java.lang.Throwable -> L91
            int r1 = r4.getConnectTimeout()     // Catch: java.io.IOException -> L66 java.lang.Throwable -> L91
            r0.append(r1)     // Catch: java.io.IOException -> L66 java.lang.Throwable -> L91
            java.lang.String r0 = r0.toString()     // Catch: java.io.IOException -> L66 java.lang.Throwable -> L91
            com.nttdocomo.android.ocsplib.LogUtil.p(r0)     // Catch: java.io.IOException -> L66 java.lang.Throwable -> L91
            int r0 = com.nttdocomo.android.ocsplib.OcspUtil.h     // Catch: java.io.IOException -> L66 java.lang.Throwable -> L91
            r4.setReadTimeout(r0)     // Catch: java.io.IOException -> L66 java.lang.Throwable -> L91
            java.lang.StringBuilder r0 = new java.lang.StringBuilder     // Catch: java.io.IOException -> L66 java.lang.Throwable -> L91
            r0.<init>()     // Catch: java.io.IOException -> L66 java.lang.Throwable -> L91
            java.lang.String r1 = "Get server certificates read timeout : "
            r0.append(r1)     // Catch: java.io.IOException -> L66 java.lang.Throwable -> L91
            int r1 = r4.getReadTimeout()     // Catch: java.io.IOException -> L66 java.lang.Throwable -> L91
            r0.append(r1)     // Catch: java.io.IOException -> L66 java.lang.Throwable -> L91
            java.lang.String r0 = r0.toString()     // Catch: java.io.IOException -> L66 java.lang.Throwable -> L91
            com.nttdocomo.android.ocsplib.LogUtil.p(r0)     // Catch: java.io.IOException -> L66 java.lang.Throwable -> L91
            java.lang.String r0 = "Connect to server to get certificates. (HttpsURLConnection)"
            com.nttdocomo.android.ocsplib.LogUtil.p(r0)     // Catch: java.io.IOException -> L66 java.lang.Throwable -> L91
            r4.connect()     // Catch: java.io.IOException -> L66 java.lang.Throwable -> L91
            int r0 = android.os.Build.VERSION.SDK_INT     // Catch: java.io.IOException -> L66 java.lang.Throwable -> L91
            r1 = 14
            if (r0 == r1) goto L59
            int r0 = android.os.Build.VERSION.SDK_INT     // Catch: java.io.IOException -> L66 java.lang.Throwable -> L91
            r1 = 15
            if (r0 != r1) goto L5c
        L59:
            r4.getResponseCode()     // Catch: java.io.IOException -> L66 java.lang.Throwable -> L91
        L5c:
            java.security.cert.Certificate[] r0 = r4.getServerCertificates()     // Catch: java.io.IOException -> L66 java.lang.Throwable -> L91
            if (r4 == 0) goto L65
            r4.disconnect()
        L65:
            return r0
        L66:
            r0 = move-exception
            goto L71
        L68:
            r4 = move-exception
            r3 = r0
            r0 = r4
            r4 = r3
            goto L92
        L6d:
            r4 = move-exception
            r3 = r0
            r0 = r4
            r4 = r3
        L71:
            java.lang.StringBuilder r1 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> L91
            r1.<init>()     // Catch: java.lang.Throwable -> L91
            java.lang.String r2 = "Failed to get server certificates. "
            r1.append(r2)     // Catch: java.lang.Throwable -> L91
            java.lang.String r2 = r0.getMessage()     // Catch: java.lang.Throwable -> L91
            r1.append(r2)     // Catch: java.lang.Throwable -> L91
            java.lang.String r1 = r1.toString()     // Catch: java.lang.Throwable -> L91
            com.nttdocomo.android.ocsplib.LogUtil.p(r1)     // Catch: java.lang.Throwable -> L91
            com.nttdocomo.android.ocsplib.exception.OcspRequestException r1 = new com.nttdocomo.android.ocsplib.exception.OcspRequestException     // Catch: java.lang.Throwable -> L91
            java.lang.String r2 = "Failed to get server certificates."
            r1.<init>(r2, r0)     // Catch: java.lang.Throwable -> L91
            throw r1     // Catch: java.lang.Throwable -> L91
        L91:
            r0 = move-exception
        L92:
            if (r4 == 0) goto L97
            r4.disconnect()
        L97:
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.nttdocomo.android.ocsplib.OcspUtil.d(java.net.URL):java.security.cert.Certificate[]");
    }

    public static int e(Certificate[] certificateArr, String str, boolean z) throws OcspParameterException, OcspRequestException, OcspResponseException {
        LogUtil.p("verifyCert(chain) start");
        LogUtil.p("useCache : " + z);
        if (!w()) {
            LogUtil.p("OcspUtil has not been initialized.");
            throw new OcspParameterException("OcspUtil has not been initialized.");
        }
        if (certificateArr == null || certificateArr.length == 0) {
            LogUtil.p("Certificate chain is null or length 0.");
            throw new OcspParameterException("Certificate chain is null or length 0.");
        }
        List<X509Certificate> w = w(certificateArr);
        if (w == null) {
            LogUtil.p("Failed to generate certificate chain.");
            return 2;
        }
        int i2 = 0;
        int i3 = 0;
        while (i2 < w.size() - 1 && i3 == 0) {
            X509Certificate x509Certificate = w.get(i2);
            i2++;
            i3 = _(x509Certificate, w.get(i2), z);
        }
        if (Build.VERSION.SDK_INT < 24 && str != null && x != null && i3 == 0 && !j(w, str)) {
            LogUtil.p("Pin verification failed");
            i3 = 3;
        }
        LogUtil.p("verifyCert(chain) end");
        return i3;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean h() {
        return x != null;
    }

    public static void init(Context context) throws OcspParameterException {
        LogUtil.p("init() start");
        if (w()) {
            LogUtil.p("Already initialized.");
        } else {
            if (context == null) {
                LogUtil.p("Failed to initialize library.");
                throw new OcspParameterException("Failed to initialize library.");
            }
            CacheUtil.y(context.getCacheDir());
        }
        LogUtil.p("init() end");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean j(List<X509Certificate> list, String str) throws OcspParameterException {
        LogUtil.p("checkPins start.");
        if (str == null || x == null) {
            LogUtil.p("Pinning certificates is disabled or no hostname found. Skip checkPins.");
            return true;
        }
        try {
            boolean f2 = x.f(list, str);
            LogUtil.p("checkPins end. ret : " + f2);
            return f2;
        } catch (RuntimeException e) {
            throw new OcspParameterException(e.getMessage());
        }
    }

    public static void n(Context context, int i2) throws OcspParameterException {
        LogUtil.p("init() with PinningCertificates start");
        init(context);
        synchronized (u) {
            if (x == null) {
                x = new PinningCertificates();
                try {
                    x.u(context, i2);
                } catch (RuntimeException e) {
                    LogUtil.p("PinningCertificates initialization failed. " + e.getMessage());
                    throw new OcspParameterException("PinningCertificates initialization failed. " + e.getMessage());
                }
            } else {
                LogUtil.p("PinningCertificates instance already initialized.");
            }
        }
        LogUtil.p("init() with PinningCertificates end");
    }

    public static void q(int i2) throws OcspParameterException {
        LogUtil.p("setConnectTimeout() start");
        LogUtil.p("Timeout : " + i2);
        if (i2 < 0) {
            LogUtil.p("Connect timeout must be zero or higher.");
            throw new OcspParameterException("Connect timeout must be zero or higher.");
        }
        y = i2;
        LogUtil.p("setConnectTimeout() end");
    }

    public static void t(int i2) throws OcspParameterException {
        LogUtil.p("setReadTimeout() start");
        LogUtil.p("Timeout : " + i2);
        if (i2 < 0) {
            LogUtil.p("Read timeout must be zero or higher.");
            throw new OcspParameterException("Read timeout must be zero or higher.");
        }
        h = i2;
        LogUtil.p("setReadTimeout() end");
    }

    private static OCSPResp u(OCSPReq oCSPReq, String str) throws OcspRequestException {
        HttpURLConnection httpURLConnection;
        try {
            try {
                httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
            } catch (Throwable th) {
                th = th;
                httpURLConnection = null;
            }
        } catch (java.io.IOException e) {
            e = e;
        }
        try {
            httpURLConnection.setRequestProperty("Content-Type", "application/ocsp-request");
            httpURLConnection.setRequestProperty("Accept", "application/ocsp-response");
            httpURLConnection.setDoOutput(true);
            httpURLConnection.setConnectTimeout(y);
            LogUtil.p("OCSP request connect timeout : " + httpURLConnection.getConnectTimeout());
            httpURLConnection.setReadTimeout(h);
            LogUtil.p("OCSP request read timeout : " + httpURLConnection.getReadTimeout());
            LogUtil.p("Send OCSP request.");
            DataOutputStream dataOutputStream = new DataOutputStream(new BufferedOutputStream(httpURLConnection.getOutputStream()));
            dataOutputStream.write(oCSPReq.r());
            dataOutputStream.flush();
            dataOutputStream.close();
            LogUtil.p("OCSP response responseCode : " + httpURLConnection.getResponseCode());
            LogUtil.p("OCSP response Content-Length : " + httpURLConnection.getContentLength());
            LogUtil.p("OCSP response Content-Type : " + httpURLConnection.getContentType());
            if (httpURLConnection.getResponseCode() != 200) {
                LogUtil.p("Failed to send OCSP request. response code : " + httpURLConnection.getResponseCode());
                throw new OcspRequestException("Failed to send OCSP request. response code : " + httpURLConnection.getResponseCode());
            }
            InputStream inputStream = httpURLConnection.getInputStream();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            while (true) {
                byte[] bArr = new byte[4096];
                int read = inputStream.read(bArr);
                if (read < 0) {
                    break;
                }
                byteArrayOutputStream.write(bArr, 0, read);
            }
            inputStream.close();
            OCSPResp oCSPResp = new OCSPResp(byteArrayOutputStream.toByteArray());
            LogUtil.p("OCSP response status : " + oCSPResp.x());
            if (httpURLConnection != null) {
                httpURLConnection.disconnect();
            }
            return oCSPResp;
        } catch (java.io.IOException e2) {
            e = e2;
            LogUtil.p("Failed to send OCSP request. " + e.getMessage());
            throw new OcspRequestException("Failed to send OCSP request.", e);
        } catch (Throwable th2) {
            th = th2;
            if (httpURLConnection != null) {
                httpURLConnection.disconnect();
            }
            throw th;
        }
    }

    public static int verifyUrl(String str, boolean z) throws OcspParameterException, OcspRequestException, OcspResponseException {
        LogUtil.p("verifyUrl() start");
        LogUtil.p("Target URL : " + str);
        LogUtil.p("useCache : " + z);
        if (!w()) {
            LogUtil.p("OcspUtil has not been initialized.");
            throw new OcspParameterException("OcspUtil has not been initialized.");
        }
        try {
            URL url = new URL(str);
            if (!url.getProtocol().equals("https")) {
                LogUtil.p("Target protocol is " + url.getProtocol() + ". Skip verify.");
                return 0;
            }
            Certificate[] d2 = d(url);
            if (d2 == null || d2.length == 0) {
                LogUtil.p("Failed to get server certificates. (chain is null or length 0)");
                throw new OcspRequestException("Failed to get server certificates. (chain is null or length 0)");
            }
            int e = e(d2, url.getHost(), z);
            LogUtil.p("verifyUrl() end");
            return e;
        } catch (MalformedURLException e2) {
            LogUtil.p("URL is malformed. " + e2.getMessage());
            throw new OcspParameterException("URL is malformed.", e2);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:10:0x0028, code lost:
    
        if (r7.a(new com.nttdocomo.android.ocsplib.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder().p(com.nttdocomo.android.ocsplib.OcspUtil.v).w(r8)) != false) goto L8;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static int w(com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.OCSPResp r7, java.security.PublicKey r8, java.lang.String r9, java.lang.String r10) throws com.nttdocomo.android.ocsplib.exception.OcspResponseException {
        /*
            Method dump skipped, instructions count: 491
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.nttdocomo.android.ocsplib.OcspUtil.w(com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.OCSPResp, java.security.PublicKey, java.lang.String, java.lang.String):int");
    }

    private static OCSPReq w(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws OcspRequestException {
        try {
            OCSPReqBuilder oCSPReqBuilder = new OCSPReqBuilder();
            oCSPReqBuilder.x(new CertificateID(new SHA1DigestCalculator(MessageDigest.getInstance(f)), new X509CertificateHolder(x509Certificate2.getEncoded()), x509Certificate.getSerialNumber()));
            return oCSPReqBuilder.g();
        } catch (Exception e) {
            LogUtil.p("Failed to generate OCSP request. " + e.getMessage());
            throw new OcspRequestException("Failed to generate OCSP request. ", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<X509Certificate> w(Certificate[] certificateArr) {
        ArrayList arrayList = new ArrayList();
        for (Certificate certificate : certificateArr) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            arrayList.add(x509Certificate);
            X509Certificate x2 = x(x509Certificate);
            if (x2 != null) {
                LogUtil.p("Root certificate found. DN : " + x2.getSubjectX500Principal().getName());
                arrayList.add(x2);
                return arrayList;
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean w() {
        return CacheUtil.h();
    }

    private static X509Certificate x(X509Certificate x509Certificate) {
        String replaceAll = x509Certificate.getIssuerX500Principal().getName().replaceAll(d, t);
        y();
        if (i == null || o == null) {
            return null;
        }
        try {
            String str = i.get(replaceAll);
            if (str != null) {
                return (X509Certificate) o.getCertificate(str);
            }
        } catch (KeyStoreException e) {
            LogUtil.p("Failed to get root certificate. KeyStoreException : " + e.getMessage());
        }
        return null;
    }

    private static void y() {
        synchronized (n) {
            if (i == null) {
                i = new HashMap<>();
                try {
                    try {
                        try {
                            try {
                                if (Build.VERSION.SDK_INT >= 14) {
                                    o = KeyStore.getInstance(g);
                                    o.load(null, null);
                                } else {
                                    o = KeyStore.getInstance(_);
                                    String property = System.getProperty(s);
                                    if (property == null) {
                                        LogUtil.p("TrustStore path not found. set default.");
                                        property = r;
                                    }
                                    LogUtil.p("TrustStore path : " + property);
                                    o.load(new FileInputStream(property), null);
                                }
                                Enumeration<String> aliases = o.aliases();
                                String str = "Load root certificate list ...";
                                while (true) {
                                    LogUtil.p(str);
                                    if (!aliases.hasMoreElements()) {
                                        break;
                                    }
                                    String nextElement = aliases.nextElement();
                                    String replaceAll = ((X509Certificate) o.getCertificate(nextElement)).getSubjectX500Principal().getName().replaceAll(d, t);
                                    i.put(replaceAll, nextElement);
                                    str = "  " + replaceAll;
                                }
                            } catch (NoSuchAlgorithmException e) {
                                LogUtil.p("Failed to get root certificate. NoSuchAlgorithmException : " + e.getMessage());
                                i = null;
                            }
                        } catch (java.io.IOException e2) {
                            LogUtil.p("Failed to get root certificate. IOException : " + e2.getMessage());
                            i = null;
                        }
                    } catch (KeyStoreException e3) {
                        LogUtil.p("Failed to get root certificate. KeyStoreException : " + e3.getMessage());
                        i = null;
                    }
                } catch (CertificateException e4) {
                    LogUtil.p("Failed to get root certificate. CertificateException : " + e4.getMessage());
                    i = null;
                }
            }
        }
    }
}
