package com.rsa.certj.provider.revocation.ocsp;

import com.rsa.asn1.ASN_Exception;
import com.rsa.certj.CertJ;
import com.rsa.certj.CertJUtils;
import com.rsa.certj.InvalidParameterException;
import com.rsa.certj.NoServiceException;
import com.rsa.certj.NotSupportedException;
import com.rsa.certj.Provider;
import com.rsa.certj.ProviderImplementation;
import com.rsa.certj.ProviderManagementException;
import com.rsa.certj.cert.Certificate;
import com.rsa.certj.cert.CertificateException;
import com.rsa.certj.cert.NameException;
import com.rsa.certj.cert.X509Certificate;
import com.rsa.certj.provider.TransportImplementation;
import com.rsa.certj.spi.path.CertPathCtx;
import com.rsa.certj.spi.pki.PKIException;
import com.rsa.certj.spi.pki.PKIResult;
import com.rsa.certj.spi.pki.PKIStatusInfo;
import com.rsa.certj.spi.revocation.CertRevocationInfo;
import com.rsa.certj.spi.revocation.CertStatusException;
import com.rsa.certj.spi.revocation.CertStatusInterface;
import java.io.FileOutputStream;
import java.net.URL;

/* compiled from: com/rsa/certj/provider/revocation/ocsp/OCSP.java */
/* loaded from: input_file:weblogic.jar:com/rsa/certj/provider/revocation/ocsp/OCSP.class */
public final class OCSP extends Provider {
    private OCSPResponder[] configedResponders;
    private OCSPResponderInternal[] responders;
    protected static final int SUPPORTED_VERSION = 0;
    protected static final int NONCE_LEN = 16;
    private static String MIME_TYPE_OCSP_REQ = "application/ocsp-request";
    private static String MIME_TYPE_OCSP_RES = "application/ocsp-response";
    private boolean dbgWriteDERs;
    private static final String DEBUG_REQFILE = "ocspreq.ber";
    private static final String DEBUG_RESPFILE = "ocspresp.ber";

    /* compiled from: com/rsa/certj/provider/revocation/ocsp/OCSP.java */
    /* renamed from: com.rsa.certj.provider.revocation.ocsp.OCSP$1, reason: invalid class name */
    /* loaded from: input_file:weblogic.jar:com/rsa/certj/provider/revocation/ocsp/OCSP$1.class */
    class AnonymousClass1 {
    }

    /* compiled from: com/rsa/certj/provider/revocation/ocsp/OCSP.java */
    /* loaded from: input_file:weblogic.jar:com/rsa/certj/provider/revocation/ocsp/OCSP$Implementation.class */
    private final class Implementation extends TransportImplementation implements CertStatusInterface {
        CertJ certJ;
        private final OCSP this$0;

        private Implementation(OCSP ocsp, CertJ certJ, String str) throws InvalidParameterException {
            super(certJ, str);
            this.this$0 = ocsp;
            this.certJ = certJ;
        }

        @Override // com.rsa.certj.spi.revocation.CertStatusInterface
        public CertRevocationInfo checkCertRevocation(CertPathCtx certPathCtx, Certificate certificate) throws NotSupportedException, CertStatusException {
            if (certPathCtx == null) {
                throw new NotSupportedException("pathCtx==null");
            }
            return checkCertRevocations(certPathCtx, new Certificate[]{certificate})[0];
        }

        private void writeDER(String str, byte[] bArr) {
            try {
                FileOutputStream fileOutputStream = new FileOutputStream(str);
                fileOutputStream.write(bArr);
                fileOutputStream.close();
            } catch (Exception e) {
            }
        }

        private CertRevocationInfo[] checkCertRevocations(CertPathCtx certPathCtx, Certificate[] certificateArr) throws NotSupportedException, CertStatusException {
            if (certificateArr == null) {
                return null;
            }
            int length = certificateArr.length;
            CertRevocationInfo[] certRevocationInfoArr = new CertRevocationInfo[length];
            OCSPMatchedResponder[] oCSPMatchedResponderArr = new OCSPMatchedResponder[length];
            for (int i = 0; i < length; i++) {
                if (certificateArr[i] != null) {
                    oCSPMatchedResponderArr[i] = matchResponder(certPathCtx.getPathOptions(), (X509Certificate) certificateArr[i]);
                }
            }
            int length2 = oCSPMatchedResponderArr.length;
            for (int i2 = 0; i2 < length2; i2++) {
                try {
                    certRevocationInfoArr[i2] = new CertRevocationInfo(2, 0, null);
                    if (certificateArr[i2] != null && oCSPMatchedResponderArr[i2] != null) {
                        OCSPRequest oCSPRequest = new OCSPRequest(this.certJ, oCSPMatchedResponderArr[i2].responder, certificateArr);
                        byte[] encode = oCSPRequest.encode(certPathCtx);
                        if (this.this$0.dbgWriteDERs) {
                            writeDER(OCSP.DEBUG_REQFILE, encode);
                        }
                        try {
                            PKIResult sendMessage = sendMessage(oCSPMatchedResponderArr[i2].destList, encode);
                            byte[] encodedResponse = sendMessage.getEncodedResponse();
                            PKIStatusInfo statusInfo = sendMessage.getStatusInfo();
                            if (statusInfo.getStatus() != 0) {
                                throw new CertStatusException(new StringBuffer().append("OCSP Transport status != 0 (").append(statusInfo.getStatus()).append(")").toString());
                            }
                            if (statusInfo.getFailInfoAux() != 200) {
                                throw new CertStatusException(new StringBuffer().append("OCSP Transport HTTP status != 200\n").append(statusInfo.getStatusStrings()).toString());
                            }
                            if (this.this$0.dbgWriteDERs) {
                                writeDER(OCSP.DEBUG_RESPFILE, encodedResponse);
                            }
                            OCSPResponse oCSPResponse = new OCSPResponse(this.certJ, this.this$0.responders[i2], (X509Certificate) certificateArr[i2]);
                            oCSPResponse.decode(certPathCtx, encodedResponse, oCSPRequest);
                            CertRevocationInfo revocationInfo = oCSPResponse.getRevocationInfo(oCSPRequest.getCertID(i2));
                            byte[] nonce = oCSPRequest.getNonce();
                            if (nonce != null) {
                                byte[] nonce2 = oCSPResponse.getNonce();
                                if (nonce2 == null) {
                                    OCSPEvidence oCSPEvidence = revocationInfo.getType() == 2 ? (OCSPEvidence) revocationInfo.getEvidence() : null;
                                    if (oCSPEvidence != null) {
                                        oCSPEvidence.setFlags(oCSPEvidence.getFlags() | 1);
                                    }
                                } else if (!CertJUtils.byteArraysEqual(nonce, nonce2)) {
                                    throw new NotSupportedException("OCSP nonce mismatch");
                                }
                            }
                            if (revocationInfo != null) {
                                certRevocationInfoArr[i2] = revocationInfo;
                            }
                        } catch (PKIException e) {
                            throw new CertStatusException(e.getMessage());
                        }
                    }
                } catch (ASN_Exception e2) {
                    throw new CertStatusException(e2.getMessage());
                } catch (InvalidParameterException e3) {
                    throw new NotSupportedException(e3.getMessage());
                } catch (NoServiceException e4) {
                    throw new NotSupportedException(e4.getMessage());
                } catch (CertificateException e5) {
                    throw new NotSupportedException(e5.getMessage());
                }
            }
            return certRevocationInfoArr;
        }

        private PKIResult sendMessage(String[] strArr, byte[] bArr) throws NotSupportedException, PKIException {
            boolean z = false;
            for (String str : strArr) {
                try {
                    URL url = new URL(str);
                    if (url.getProtocol().equals("http")) {
                        z = true;
                        PKIResult sendAndReceiveHttp = sendAndReceiveHttp(url, new String[]{"User-Agent: Cert-J/2.0", new StringBuffer().append(TransportImplementation.MIME_CONTENT_TYPE_PREFIX).append(OCSP.MIME_TYPE_OCSP_REQ).toString()}, this.proxyList, bArr, new String[]{new StringBuffer().append(TransportImplementation.MIME_CONTENT_TYPE_PREFIX).append(OCSP.MIME_TYPE_OCSP_RES).toString()});
                        PKIStatusInfo statusInfo = sendAndReceiveHttp.getStatusInfo();
                        if (statusInfo.getStatus() != 2 || (statusInfo.getFailInfo() & 2097152) == 0) {
                            return sendAndReceiveHttp;
                        }
                    } else {
                        continue;
                    }
                } catch (Exception e) {
                }
            }
            throw new PKIException(z ? "Unable to connect to an OCSP responder." : "Unable to choose an OCSP responder.");
        }

        private OCSPMatchedResponder matchResponder(int i, X509Certificate x509Certificate) {
            String[] destList;
            OCSPResponderInternal oCSPResponderInternal = null;
            x509Certificate.getIssuerName();
            String aIALocation = (i & 2048) == 0 ? OCSPutil.getAIALocation(x509Certificate) : null;
            if (aIALocation == null) {
                for (int i2 = 0; i2 < this.this$0.responders.length; i2++) {
                    OCSPResponderInternal oCSPResponderInternal2 = this.this$0.responders[i2];
                    if (oCSPResponderInternal2.getResponderCACert(x509Certificate) != null && (destList = oCSPResponderInternal2.getDestList()) != null) {
                        return new OCSPMatchedResponder(this.this$0, oCSPResponderInternal2, destList);
                    }
                }
                return null;
            }
            String[] strArr = {aIALocation};
            for (int i3 = 0; i3 < this.this$0.responders.length; i3++) {
                OCSPResponderInternal oCSPResponderInternal3 = this.this$0.responders[i3];
                if (oCSPResponderInternal3.getResponderCACert(x509Certificate, aIALocation) != null) {
                    return new OCSPMatchedResponder(this.this$0, oCSPResponderInternal3, strArr);
                }
                if (oCSPResponderInternal3.getResponderCACert(x509Certificate) != null && oCSPResponderInternal == null) {
                    oCSPResponderInternal = oCSPResponderInternal3;
                }
            }
            if (oCSPResponderInternal == null) {
                return null;
            }
            return new OCSPMatchedResponder(this.this$0, oCSPResponderInternal, strArr);
        }

        @Override // com.rsa.certj.ProviderImplementation
        public String toString() {
            return new StringBuffer().append("OCSP Certificate Status provider named: ").append(getName()).toString();
        }

        Implementation(OCSP ocsp, CertJ certJ, String str, AnonymousClass1 anonymousClass1) throws InvalidParameterException {
            this(ocsp, certJ, str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: com/rsa/certj/provider/revocation/ocsp/OCSP.java */
    /* loaded from: input_file:weblogic.jar:com/rsa/certj/provider/revocation/ocsp/OCSP$OCSPMatchedResponder.class */
    public class OCSPMatchedResponder {
        public OCSPResponderInternal responder;
        public String[] destList;
        private final OCSP this$0;

        protected OCSPMatchedResponder(OCSP ocsp, OCSPResponderInternal oCSPResponderInternal, String[] strArr) {
            this.this$0 = ocsp;
            this.responder = oCSPResponderInternal;
            this.destList = strArr;
        }
    }

    public final void setDebugWriteDERs(boolean z) {
        this.dbgWriteDERs = z;
    }

    public OCSP(String str, OCSPResponder oCSPResponder) throws InvalidParameterException, CertificateException, NameException {
        super(2, str);
        this.dbgWriteDERs = false;
        if (oCSPResponder == null) {
            throw new InvalidParameterException("responder == null");
        }
        this.configedResponders = new OCSPResponder[1];
        this.configedResponders[0] = new OCSPResponder(oCSPResponder);
    }

    public OCSP(String str, OCSPResponder[] oCSPResponderArr) throws InvalidParameterException, CertificateException, NameException {
        super(2, str);
        this.dbgWriteDERs = false;
        if (oCSPResponderArr == null) {
            throw new InvalidParameterException("responder == null");
        }
        int length = oCSPResponderArr.length;
        this.configedResponders = new OCSPResponder[length];
        for (int i = 0; i < length; i++) {
            if (oCSPResponderArr[i] == null) {
                throw new InvalidParameterException(new StringBuffer().append("responders[").append(i).append("] == null").toString());
            }
            this.configedResponders[i] = new OCSPResponder(oCSPResponderArr[i]);
        }
    }

    @Override // com.rsa.certj.Provider
    public ProviderImplementation instantiate(CertJ certJ) throws ProviderManagementException {
        int length = this.configedResponders.length;
        try {
            this.responders = new OCSPResponderInternal[length];
            for (int i = 0; i < length; i++) {
                this.responders[i] = new OCSPResponderInternal(certJ, this.configedResponders[i]);
                this.configedResponders[i] = null;
            }
            return new Implementation(this, certJ, getName(), null);
        } catch (InvalidParameterException e) {
            throw new ProviderManagementException(new StringBuffer().append("OCSP.instantiate: ").append(e.getMessage()).toString());
        } catch (CertificateException e2) {
            throw new ProviderManagementException(new StringBuffer().append("OCSP.instantiate: ").append(e2.getMessage()).toString());
        } catch (NameException e3) {
            throw new ProviderManagementException(new StringBuffer().append("OCSP.instantiate: ").append(e3.getMessage()).toString());
        }
    }
}
