package com.rsa.cryptoj.o;

import com.rsa.crypto.ParamNames;
import com.samsung.android.knox.accounts.Account;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes3.dex */
public class ql {

    /* renamed from: a, reason: collision with root package name */
    private String f22116a;

    /* renamed from: b, reason: collision with root package name */
    private boolean f22117b;

    /* renamed from: c, reason: collision with root package name */
    private byte[] f22118c;

    /* renamed from: d, reason: collision with root package name */
    private ow f22119d;

    /* renamed from: e, reason: collision with root package name */
    private byte[] f22120e;

    /* renamed from: g, reason: collision with root package name */
    private X500Principal f22122g;

    /* renamed from: h, reason: collision with root package name */
    private byte[] f22123h;

    /* renamed from: j, reason: collision with root package name */
    private byte[] f22125j;

    /* renamed from: k, reason: collision with root package name */
    private final ch f22126k;

    /* renamed from: l, reason: collision with root package name */
    private final List<cc> f22127l;

    /* renamed from: f, reason: collision with root package name */
    private final List<X509Certificate> f22121f = new ArrayList();

    /* renamed from: i, reason: collision with root package name */
    private final List<a> f22124i = new ArrayList();

    /* loaded from: classes3.dex */
    public class a {

        /* renamed from: b, reason: collision with root package name */
        private final byte[] f22129b;

        /* renamed from: c, reason: collision with root package name */
        private final ow f22130c;

        /* renamed from: d, reason: collision with root package name */
        private final int f22131d;

        /* renamed from: e, reason: collision with root package name */
        private final Date f22132e;

        /* renamed from: f, reason: collision with root package name */
        private Date f22133f;

        /* renamed from: g, reason: collision with root package name */
        private Date f22134g;

        /* renamed from: h, reason: collision with root package name */
        private int f22135h;

        public a(d dVar, Date date, int i10, Date date2, Date date3, d dVar2) {
            this.f22135h = -1;
            this.f22129b = com.rsa.cryptoj.o.a.c(dVar);
            this.f22130c = new ow(dVar.a("hashAlgorithm"));
            this.f22134g = date;
            this.f22132e = (Date) date2.clone();
            if (date3 != null) {
                this.f22133f = (Date) date3.clone();
            }
            this.f22131d = 1;
            this.f22135h = i10;
            a(dVar2);
        }

        public a(d dVar, Date date, Date date2, boolean z10, d dVar2) {
            this.f22135h = -1;
            this.f22129b = com.rsa.cryptoj.o.a.c(dVar);
            this.f22130c = new ow(dVar.a("hashAlgorithm"));
            this.f22132e = (Date) date.clone();
            if (date2 != null) {
                this.f22133f = (Date) date2.clone();
            }
            this.f22131d = z10 ? 2 : 0;
            a(dVar2);
        }

        private void a(d dVar) {
        }

        public Date a() {
            return (Date) this.f22132e.clone();
        }

        public Date b() {
            Date date = this.f22133f;
            if (date == null) {
                return null;
            }
            return (Date) date.clone();
        }

        public int c() {
            return this.f22135h;
        }

        public ow d() {
            return this.f22130c;
        }

        public Date e() {
            return (Date) this.f22134g.clone();
        }

        public int f() {
            return this.f22131d;
        }
    }

    public ql(ch chVar, List<cc> list, byte[] bArr) {
        this.f22126k = chVar;
        this.f22127l = list;
        try {
            d a10 = com.rsa.cryptoj.o.a.a("OCSPResponse", bArr, 0);
            int i10 = ((r) a10.a("responseStatus")).i();
            if (i10 != 0) {
                this.f22116a = "OCSP response status was not successful (" + i10 + ")";
                return;
            }
            d a11 = a10.a("responseBytes");
            if (a11 == null) {
                this.f22116a = "OCSP response did not not contain status information.";
                return;
            }
            if (!a11.a("responseType").equals(pj.dy.c())) {
                this.f22116a = "Only basic OCSP responders are supported";
                return;
            }
            ByteBuffer i11 = ((ad) a11.a("response")).i();
            d a12 = com.rsa.cryptoj.o.a.a("BasicOCSPResponse", i11);
            if (a(a12.a("tbsResponseData"))) {
                this.f22119d = new ow(a12.a("signatureAlgorithm"));
                this.f22120e = ((k) a12.a(Account.SIGNATURE)).g();
                d a13 = a12.a("certs");
                int c10 = a13 == null ? 0 : a13.c();
                i11.rewind();
                com.rsa.cryptoj.o.a.c(i11);
                this.f22118c = ((f) com.rsa.cryptoj.o.a.a((c) e.f20468a, i11)).h();
                com.rsa.cryptoj.o.a.a(i11);
                com.rsa.cryptoj.o.a.a(i11);
                if (i11.remaining() > 0) {
                    com.rsa.cryptoj.o.a.c(i11);
                    com.rsa.cryptoj.o.a.c(i11);
                    for (int i12 = 0; i12 < c10; i12++) {
                        try {
                            this.f22121f.add(qa.a(chVar, list, com.rsa.cryptoj.o.a.a(i11)));
                        } catch (CertificateException unused) {
                            this.f22116a = "Error reading certificates.";
                            return;
                        }
                    }
                }
                this.f22117b = true;
            }
        } catch (b unused2) {
            this.f22116a = "Invalid OCSP response.";
        }
    }

    private boolean a(d dVar) {
        d a10 = dVar.a(ParamNames.VERSION);
        if (a10 != null && ((v) a10).i() != 0) {
            this.f22116a = "Only OCSP version 1 is supported.";
            return false;
        }
        d a11 = dVar.a("responderID");
        if (com.rsa.cryptoj.o.a.f(a11.b().c()) == 1) {
            ByteBuffer wrap = ByteBuffer.wrap(com.rsa.cryptoj.o.a.a(a11));
            com.rsa.cryptoj.o.a.c(wrap);
            byte[] bArr = new byte[wrap.remaining()];
            wrap.get(bArr);
            this.f22122g = new X500Principal(bArr);
        } else {
            this.f22123h = ((ad) a11).h();
        }
        d a12 = dVar.a("responses");
        for (int i10 = 0; i10 < a12.c(); i10++) {
            if (!c(a12.a(i10))) {
                return false;
            }
        }
        b(dVar.a("responseExtensions"));
        return true;
    }

    private void b(d dVar) {
        if (dVar == null) {
            return;
        }
        this.f22125j = new pr(dVar, 4).a(pj.f21950dg.toString());
    }

    private boolean c(d dVar) {
        a aVar;
        d a10 = dVar.a("certStatus");
        int f10 = com.rsa.cryptoj.o.a.f(a10.b().e());
        Date g10 = ((aq) dVar.a("thisUpdate")).g();
        Date date = dVar.a("nextUpdate") == null ? new Date(g10.getTime() + rd.a()) : ((aq) dVar.a("nextUpdate")).g();
        if (f10 == 1) {
            r rVar = (r) a10.a("revocationReason");
            aVar = new a(dVar.a("certID"), ((aq) a10.a("revocationTime")).g(), rVar == null ? 0 : rVar.i(), g10, date, dVar.a("singleExtensions"));
        } else {
            aVar = new a(dVar.a("certID"), g10, date, f10 == 2, dVar.a("singleExtensions"));
        }
        if (aVar.d().d().a()) {
            this.f22116a = "OCSP response uses unsupported message digest algorithm.";
            return false;
        }
        this.f22124i.add(aVar);
        return true;
    }

    public a a(X509Certificate x509Certificate, PublicKey publicKey) throws InvalidAlgorithmParameterException {
        for (a aVar : this.f22124i) {
            if (Arrays.equals(qo.a(this.f22126k, this.f22127l, aVar.d().c(), x509Certificate, publicKey), aVar.f22129b)) {
                return aVar;
            }
        }
        return null;
    }

    public X500Principal a() {
        return this.f22122g;
    }

    public boolean a(pz pzVar) {
        if (pzVar.d() != null) {
            return a(pzVar.d());
        }
        X500Principal x500Principal = this.f22122g;
        return x500Principal != null ? x500Principal.equals(pzVar.c()) : Arrays.equals(this.f22123h, qo.a(pzVar.b(), false, this.f22126k, this.f22127l)) || Arrays.equals(this.f22123h, qo.a(pzVar.b(), this.f22126k, this.f22127l));
    }

    public boolean a(PublicKey publicKey) {
        try {
            os c10 = kj.c(this.f22119d.c(), this.f22126k, this.f22127l);
            c10.initVerify(publicKey);
            c10.update(this.f22118c);
            return c10.verify(this.f22120e);
        } catch (GeneralSecurityException unused) {
            return false;
        }
    }

    public boolean a(X509Certificate x509Certificate) {
        X500Principal x500Principal = this.f22122g;
        return x500Principal != null ? x500Principal.equals(x509Certificate.getSubjectX500Principal()) : Arrays.equals(this.f22123h, qo.a(x509Certificate.getPublicKey(), false, this.f22126k, this.f22127l)) || Arrays.equals(this.f22123h, qo.a(x509Certificate.getPublicKey(), this.f22126k, this.f22127l));
    }

    public boolean a(byte[] bArr) {
        if ((bArr == null && this.f22125j == null) || bArr == null) {
            return true;
        }
        if (this.f22125j == null) {
            return false;
        }
        return Arrays.equals(this.f22125j, com.rsa.cryptoj.o.a.a(com.rsa.cryptoj.o.a.a((c) ac.f19980a, (Object) bArr)));
    }

    public a b(byte[] bArr) {
        for (a aVar : this.f22124i) {
            if (Arrays.equals(bArr, aVar.f22129b)) {
                return aVar;
            }
        }
        return null;
    }

    public List<X509Certificate> b() {
        return this.f22121f;
    }

    public boolean c() {
        return this.f22117b;
    }

    public String d() {
        return this.f22116a;
    }
}
