package kh;

import com.rsa.certj.DatabaseService;
import com.rsa.certj.Service;
import com.rsa.certj.cert.X509Certificate;
import com.rsa.certj.provider.path.PKIXCertPath;
import com.rsa.certj.provider.revocation.ocsp.OCSPResponderInternal;
import com.rsa.jcp.OCSPParameters;
import com.rsa.jcp.OCSPResponderConfig;
import com.rsa.jcp.OCSPWithRespondersParameters;
import com.rsa.jsafe.CryptoJ;
import com.rsa.jsafe.FIPS140Context;
import com.rsa.jsafe.JSAFE_InvalidUseException;
import com.rsa.jsafe.JSAFE_PrivateKey;
import com.rsa.jsafe.JSAFE_SymmetricCipher;
import com.rsa.jsafe.provider.JsafeJCE;
import hh.s;
import java.io.ByteArrayInputStream;
import java.lang.ref.WeakReference;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.cert.CertSelector;
import java.security.cert.CertStore;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CRL;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocketFactory;
import lg.j;

/* loaded from: classes.dex */
public final class x3 {

    /* renamed from: v, reason: collision with root package name */
    public static final Map<s.b, j.b> f40688v = s();

    /* renamed from: w, reason: collision with root package name */
    public static final Map<s.c, j.c> f40689w = t();

    /* renamed from: x, reason: collision with root package name */
    public static Map f40690x = new HashMap();

    /* renamed from: a, reason: collision with root package name */
    public lg.l f40691a;

    /* renamed from: b, reason: collision with root package name */
    public JsafeJCE f40692b;

    /* renamed from: c, reason: collision with root package name */
    public lg.a f40693c;

    /* renamed from: d, reason: collision with root package name */
    public FIPS140Context f40694d;

    /* renamed from: e, reason: collision with root package name */
    public lg.j f40695e;

    /* renamed from: f, reason: collision with root package name */
    public lg.p f40696f;

    /* renamed from: g, reason: collision with root package name */
    public c4 f40697g;

    /* renamed from: h, reason: collision with root package name */
    public b5 f40698h;

    /* renamed from: i, reason: collision with root package name */
    public d4 f40699i;

    /* renamed from: j, reason: collision with root package name */
    public w3 f40700j;

    /* renamed from: k, reason: collision with root package name */
    public b4 f40701k;

    /* renamed from: l, reason: collision with root package name */
    public a5 f40702l;

    /* renamed from: m, reason: collision with root package name */
    public int f40703m;

    /* renamed from: n, reason: collision with root package name */
    public boolean f40704n;

    /* renamed from: o, reason: collision with root package name */
    public hh.c f40705o;

    /* renamed from: p, reason: collision with root package name */
    public e5 f40706p;

    /* renamed from: q, reason: collision with root package name */
    public a4 f40707q;

    /* renamed from: r, reason: collision with root package name */
    public hh.m f40708r;

    /* renamed from: s, reason: collision with root package name */
    public boolean f40709s;

    /* renamed from: t, reason: collision with root package name */
    public byte[] f40710t;

    /* renamed from: u, reason: collision with root package name */
    public hh.p f40711u;

    /* loaded from: classes.dex */
    public static class a {

        /* renamed from: a, reason: collision with root package name */
        public final lg.a f40712a;

        /* renamed from: b, reason: collision with root package name */
        public final lg.b f40713b;

        /* renamed from: c, reason: collision with root package name */
        public final lg.j f40714c;

        /* renamed from: d, reason: collision with root package name */
        public final boolean f40715d;

        public a() {
            this.f40712a = null;
            this.f40713b = null;
            this.f40714c = null;
            this.f40715d = true;
        }

        public a(hh.i iVar, hh.j jVar, hh.s sVar) {
            this.f40712a = iVar != null ? lg.a.i(iVar.b()) : a3.j();
            this.f40713b = jVar != null ? lg.b.e(jVar.b()) : a3.i();
            this.f40714c = sVar != null ? new lg.j((j.c) x3.f40689w.get(sVar.c()), (j.b) x3.f40688v.get(sVar.a())) : lg.j.f42879f;
            this.f40715d = false;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof a)) {
                return false;
            }
            a aVar = (a) obj;
            boolean z10 = this.f40715d;
            if (z10 && aVar.f40715d) {
                return true;
            }
            return z10 == aVar.f40715d && this.f40712a == aVar.f40712a && this.f40713b == aVar.f40713b && this.f40714c.d() == aVar.f40714c.d() && this.f40714c.b() == aVar.f40714c.b();
        }

        public int hashCode() {
            if (this.f40715d) {
                return 1;
            }
            return this.f40712a.hashCode() + this.f40713b.hashCode() + this.f40714c.d().hashCode() + this.f40714c.b().hashCode();
        }
    }

    public x3() {
        this(d(new a()));
    }

    public x3(hh.i iVar) {
        this(d(new a(iVar, null, null)));
    }

    public x3(hh.i iVar, hh.j jVar) {
        this(d(new a(iVar, jVar, null)));
    }

    public x3(hh.i iVar, hh.j jVar, hh.s sVar) {
        this(d(new a(iVar, jVar, sVar)));
    }

    public x3(hh.i iVar, hh.s sVar) {
        this(d(new a(iVar, null, sVar)));
    }

    public x3(hh.s sVar) {
        this(d(new a(null, null, sVar)));
    }

    public x3(lg.l lVar) {
        this.f40697g = new c4(this);
        this.f40701k = new b4(this);
        this.f40702l = new a5();
        this.f40703m = 16384;
        this.f40704n = y2.B();
        this.f40705o = hh.c.f34190c;
        this.f40706p = new e5();
        this.f40707q = new a4();
        boolean e10 = hh.l.e();
        this.f40691a = lVar;
        this.f40695e = lVar.l();
        lg.a g10 = lVar.g();
        this.f40693c = g10;
        int g11 = g10.g();
        int d10 = lVar.k().d();
        this.f40692b = lVar.m();
        if (e10) {
            try {
                this.f40694d = CryptoJ.getFIPS140Context().setMode(g11).setRole(d10);
            } catch (JSAFE_InvalidUseException unused) {
                throw new AssertionError("Implementation Error: JSAFE API FIPS 140 context");
            }
        }
        this.f40700j = new w3();
        this.f40698h = new b5(this, this.f40692b, this.f40694d, this.f40700j);
        this.f40699i = new d4(this);
    }

    public static synchronized lg.l d(a aVar) {
        lg.l lVar;
        synchronized (x3.class) {
            WeakReference weakReference = (WeakReference) f40690x.get(aVar);
            lVar = weakReference != null ? (lg.l) weakReference.get() : null;
            if (lVar == null) {
                lVar = aVar.f40715d ? new lg.l() : new lg.l(aVar.f40712a, aVar.f40713b, aVar.f40714c);
                f40690x.put(aVar, new WeakReference(lVar));
            }
        }
        return lVar;
    }

    public static Map<s.b, j.b> s() {
        HashMap hashMap = new HashMap();
        hashMap.put(s.b.STRICT, j.b.STRICT);
        hashMap.put(s.b.PREFERRED, j.b.PREFERRED);
        return Collections.unmodifiableMap(hashMap);
    }

    public static Map<s.c, j.c> t() {
        HashMap hashMap = new HashMap();
        hashMap.put(s.c.LEVEL_128, j.c.LEVEL_128);
        hashMap.put(s.c.LEVEL_128_AND_192, j.c.LEVEL_128_AND_192);
        hashMap.put(s.c.LEVEL_192, j.c.LEVEL_192);
        hashMap.put(s.c.LEVEL_192_AND_128, j.c.LEVEL_192_AND_128);
        hashMap.put(s.c.NONE, j.c.NONE);
        return Collections.unmodifiableMap(hashMap);
    }

    public final OCSPResponderConfig a(OCSPResponderInternal oCSPResponderInternal, int i10) throws Exception {
        X509Certificate signerCert;
        OCSPResponderConfig oCSPResponderConfig = new OCSPResponderConfig();
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X509", this.f40692b);
        if (oCSPResponderInternal.getRequestControl() != null && (signerCert = oCSPResponderInternal.getRequestControl().getSignerCert()) != null) {
            oCSPResponderConfig.setDigestAlgorithm(oCSPResponderInternal.getRequestControl().getDigestAlgorithm());
            JSAFE_PrivateKey selectPrivateKeyByCertificate = oCSPResponderInternal.getDatabase().selectPrivateKeyByCertificate(signerCert);
            ArrayList arrayList = new ArrayList(1);
            arrayList.add(e4.c(e4.d(signerCert), certificateFactory));
            oCSPResponderConfig.setSignOCSPRequest(b(selectPrivateKeyByCertificate), oCSPResponderInternal.getRequestControl().getSignatureAlgorithm(), arrayList);
        }
        if (oCSPResponderInternal.getProxyList() != null) {
            oCSPResponderConfig.setOCSPResponderProxy(oCSPResponderInternal.getProxyList()[0]);
        }
        oCSPResponderConfig.setResponderURL(oCSPResponderInternal.getDestList()[i10]);
        oCSPResponderConfig.setTimeTolerance(oCSPResponderInternal.getTimeTolerance());
        oCSPResponderConfig.setTrustedResponderCert(e4.c(e4.d(oCSPResponderInternal.getResponderCert()), certificateFactory));
        oCSPResponderConfig.setUseNonce((oCSPResponderInternal.getFlags() & 1) == 0);
        return oCSPResponderConfig;
    }

    public final PrivateKey b(JSAFE_PrivateKey jSAFE_PrivateKey) throws Exception {
        return KeyFactory.getInstance(jSAFE_PrivateKey.getAlgorithm(), this.f40692b).generatePrivate(new PKCS8EncodedKeySpec(jSAFE_PrivateKey.getKeyData(jSAFE_PrivateKey.getAlgorithm() + JSAFE_SymmetricCipher.f22654h)[0]));
    }

    public final X509CRL c(com.rsa.certj.cert.X509CRL x509crl) throws Exception {
        byte[] bArr = new byte[x509crl.getDERLen(0)];
        x509crl.getDEREncoding(bArr, 0, 0);
        return (X509CRL) CertificateFactory.getInstance("X509", this.f40692b).generateCRL(new ByteArrayInputStream(bArr));
    }

    public synchronized lg.p e() {
        if (this.f40696f == null) {
            n();
        }
        return this.f40696f;
    }

    public final void f(OCSPResponderInternal oCSPResponderInternal) throws Exception {
        int flags = oCSPResponderInternal.getFlags();
        if (oCSPResponderInternal.getDestList() == null) {
            throw new Exception("Responder destination URL must not be null");
        }
        if (oCSPResponderInternal.getProfile() != 0) {
            throw new Exception("Only OCSPResponder.PROFILE_GENERIC is supported");
        }
        if (oCSPResponderInternal.getProxyList() != null && oCSPResponderInternal.getProxyList().length > 1) {
            throw new Exception("More than one proxy is not supported");
        }
        if ((flags & 2) != 0) {
            throw new Exception("OCSPResponder.FLAG_DISABLE_CERT_SEND is not supported");
        }
        if ((flags & 4) != 0) {
            throw new Exception("OCSPResponder.FLAG_ENABLE_CHAIN_SEND is not supported");
        }
        if ((flags & 8) != 0) {
            throw new Exception("OCSPResponder.FLAG_RESPONDER_NOCHECK is not supported");
        }
        if (oCSPResponderInternal.getResponderCACerts() != null && oCSPResponderInternal.getResponderCACerts().length > 0) {
            throw new Exception("ResponderCACerts is not supported");
        }
    }

    public void g(hh.m mVar) {
        this.f40708r = mVar;
    }

    public void h(byte[] bArr, hh.p pVar) {
        this.f40710t = bArr;
        this.f40711u = pVar;
        r();
    }

    public synchronized void i() {
        this.f40696f = null;
    }

    public SSLServerSocketFactory j() {
        lg.p e10 = e();
        this.f40707q.f(this.f40708r, this.f40692b, e10.d(), false);
        this.f40709s = false;
        return e10.e();
    }

    public SSLSocketFactory k() {
        lg.p e10 = e();
        this.f40707q.f(this.f40708r, this.f40692b, e10.a(), true);
        this.f40709s = true;
        return e10.f();
    }

    /* JADX WARN: Code restructure failed: missing block: B:15:0x0044, code lost:
    
        if (r2 != null) goto L14;
     */
    /* JADX WARN: Code restructure failed: missing block: B:16:0x0046, code lost:
    
        r2 = new java.security.cert.PKIXBuilderParameters(r6.f40699i.g(), (java.security.cert.CertSelector) null);
     */
    /* JADX WARN: Code restructure failed: missing block: B:17:0x0052, code lost:
    
        r1.c(new javax.net.ssl.CertPathTrustManagerParameters(new com.rsa.jcp.CertPathWithOCSPParameters(r2, r3)));
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final void n() {
        /*
            r6 = this;
            lg.l r0 = r6.f40691a     // Catch: java.security.NoSuchAlgorithmException -> L98
            lg.p r0 = lg.p.b(r0)     // Catch: java.security.NoSuchAlgorithmException -> L98
            r6.f40696f = r0     // Catch: java.security.NoSuchAlgorithmException -> L98
            lg.l r0 = r6.f40691a     // Catch: java.lang.Exception -> L91
            lg.o r0 = lg.o.a(r0)     // Catch: java.lang.Exception -> L91
            kh.b5 r1 = r6.f40698h     // Catch: java.lang.Exception -> L91
            java.security.KeyStore r1 = r1.j()     // Catch: java.lang.Exception -> L91
            char[] r2 = kh.b5.f39896g     // Catch: java.lang.Exception -> L91
            r0.b(r1, r2)     // Catch: java.lang.Exception -> L91
            hh.c r1 = r6.f40705o     // Catch: java.lang.Exception -> L91
            java.lang.String r1 = r1.toString()     // Catch: java.lang.Exception -> L91
            lg.l r2 = r6.f40691a     // Catch: java.lang.Exception -> L91
            lg.q r1 = lg.q.a(r1, r2)     // Catch: java.lang.Exception -> L91
            hh.m r2 = r6.f40708r     // Catch: java.lang.Exception -> L91
            jh.c r2 = r2.L()     // Catch: java.lang.Exception -> L91
            if (r2 == 0) goto L6b
            java.security.cert.PKIXBuilderParameters r2 = r6.o()     // Catch: java.lang.Exception -> L91
            com.rsa.jcp.OCSPParameters r3 = r6.p()     // Catch: java.lang.Exception -> L91
            if (r2 != 0) goto L42
            if (r3 == 0) goto L3a
            goto L42
        L3a:
            java.lang.Exception r0 = new java.lang.Exception     // Catch: java.lang.Exception -> L91
            java.lang.String r1 = "The Truster must use OCSP or CRLs"
            r0.<init>(r1)     // Catch: java.lang.Exception -> L91
            throw r0     // Catch: java.lang.Exception -> L91
        L42:
            if (r3 == 0) goto L60
            if (r2 != 0) goto L52
            java.security.cert.PKIXBuilderParameters r2 = new java.security.cert.PKIXBuilderParameters     // Catch: java.lang.Exception -> L91
            kh.d4 r4 = r6.f40699i     // Catch: java.lang.Exception -> L91
            java.security.KeyStore r4 = r4.g()     // Catch: java.lang.Exception -> L91
            r5 = 0
            r2.<init>(r4, r5)     // Catch: java.lang.Exception -> L91
        L52:
            com.rsa.jcp.CertPathWithOCSPParameters r4 = new com.rsa.jcp.CertPathWithOCSPParameters     // Catch: java.lang.Exception -> L91
            r4.<init>(r2, r3)     // Catch: java.lang.Exception -> L91
            javax.net.ssl.CertPathTrustManagerParameters r2 = new javax.net.ssl.CertPathTrustManagerParameters     // Catch: java.lang.Exception -> L91
            r2.<init>(r4)     // Catch: java.lang.Exception -> L91
            r1.c(r2)     // Catch: java.lang.Exception -> L91
            goto L74
        L60:
            if (r2 == 0) goto L74
            javax.net.ssl.CertPathTrustManagerParameters r3 = new javax.net.ssl.CertPathTrustManagerParameters     // Catch: java.lang.Exception -> L91
            r3.<init>(r2)     // Catch: java.lang.Exception -> L91
            r1.c(r3)     // Catch: java.lang.Exception -> L91
            goto L74
        L6b:
            kh.d4 r2 = r6.f40699i     // Catch: java.lang.Exception -> L91
            java.security.KeyStore r2 = r2.g()     // Catch: java.lang.Exception -> L91
            r1.b(r2)     // Catch: java.lang.Exception -> L91
        L74:
            lg.p r2 = r6.f40696f     // Catch: java.lang.Exception -> L91
            javax.net.ssl.KeyManager[] r0 = r0.d()     // Catch: java.lang.Exception -> L91
            javax.net.ssl.TrustManager[] r1 = r1.d()     // Catch: java.lang.Exception -> L91
            kh.w3 r3 = r6.f40700j     // Catch: java.lang.Exception -> L91
            com.rsa.jsafe.JSAFE_SecureRandom r3 = r3.d()     // Catch: java.lang.Exception -> L91
            kh.e5 r4 = r6.f40706p     // Catch: java.lang.Exception -> L91
            com.rsa.jsafe.provider.PKCS11SessionParameterSpec[] r4 = r4.d()     // Catch: java.lang.Exception -> L91
            r2.c(r0, r1, r3, r4)     // Catch: java.lang.Exception -> L91
            r6.r()     // Catch: java.lang.Exception -> L91
            return
        L91:
            r0 = move-exception
            java.lang.RuntimeException r1 = new java.lang.RuntimeException
            r1.<init>(r0)
            throw r1
        L98:
            java.lang.AssertionError r0 = new java.lang.AssertionError
            java.lang.String r1 = "Implementation Error: SSLJ / JSSE inconsistent protocol versions"
            r0.<init>(r1)
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: kh.x3.n():void");
    }

    public final PKIXBuilderParameters o() throws Exception {
        hh.b b10 = ((jh.b) this.f40708r.L()).b();
        if (!b10.e().isProviderRegistered(new PKIXCertPath("PKIX Cert Path"), 3)) {
            throw new RuntimeException("Only PKIX based cert path validation supported");
        }
        ArrayList arrayList = new ArrayList();
        DatabaseService g10 = b10.g();
        com.rsa.certj.cert.X509CRL x509crl = (com.rsa.certj.cert.X509CRL) g10.firstCRL();
        if (x509crl == null) {
            return null;
        }
        arrayList.add(c(x509crl));
        boolean z10 = false;
        do {
            com.rsa.certj.cert.X509CRL x509crl2 = (com.rsa.certj.cert.X509CRL) g10.nextCRL();
            if (x509crl2 != null) {
                arrayList.add(c(x509crl2));
            } else {
                z10 = true;
            }
        } while (!z10);
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(this.f40699i.g(), (CertSelector) null);
        pKIXBuilderParameters.addCertStore(CertStore.getInstance(JsafeJCE.COLLECTION, new CollectionCertStoreParameters(arrayList)));
        pKIXBuilderParameters.setRevocationEnabled(true);
        return pKIXBuilderParameters;
    }

    public final OCSPParameters p() throws Exception {
        OCSPResponderInternal[] q10 = q();
        if (q10 == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (int i10 = 0; i10 < q10.length; i10++) {
            f(q10[i10]);
            for (int i11 = 0; i11 < q10[i10].getDestList().length; i11++) {
                arrayList.add(a(q10[i10], i11));
            }
        }
        return new OCSPWithRespondersParameters(arrayList);
    }

    public final OCSPResponderInternal[] q() throws Exception {
        try {
            Service bindServices = ((jh.b) this.f40708r.L()).b().e().bindServices(2);
            boolean z10 = false;
            Method declaredMethod = Service.class.getDeclaredMethod("getProviderAt", Integer.TYPE);
            declaredMethod.setAccessible(true);
            Object invoke = declaredMethod.invoke(bindServices, 0);
            Field[] declaredFields = invoke.getClass().getDeclaredFields();
            Object obj = null;
            int i10 = 0;
            while (true) {
                if (i10 >= declaredFields.length) {
                    z10 = true;
                    break;
                }
                declaredFields[i10].setAccessible(true);
                obj = declaredFields[i10].get(invoke);
                if (obj.getClass().getName().equals("com.rsa.certj.provider.revocation.ocsp.OCSP")) {
                    break;
                }
                i10++;
            }
            if (z10) {
                return null;
            }
            Field declaredField = obj.getClass().getDeclaredField("responders");
            declaredField.setAccessible(true);
            return (OCSPResponderInternal[]) declaredField.get(obj);
        } catch (Exception unused) {
            return null;
        }
    }

    public final void r() {
        lg.p pVar = this.f40696f;
        if (pVar == null || this.f40711u == null || this.f40710t == null) {
            return;
        }
        ((n0) pVar.d()).i(this.f40710t, new v3(this.f40711u));
    }
}
