package com.rsa.certj.provider.revocation.ocsp;

import com.rsa.asn1.ASN_Exception;
import com.rsa.certj.CertJ;
import com.rsa.certj.CertJUtils;
import com.rsa.certj.InvalidParameterException;
import com.rsa.certj.NotSupportedException;
import com.rsa.certj.Provider;
import com.rsa.certj.ProviderImplementation;
import com.rsa.certj.ProviderManagementException;
import com.rsa.certj.cert.Certificate;
import com.rsa.certj.cert.CertificateException;
import com.rsa.certj.cert.NameException;
import com.rsa.certj.cert.X509Certificate;
import com.rsa.certj.cert.X509V3Extensions;
import com.rsa.certj.internal.ConvertUtil;
import com.rsa.certj.provider.pki.PKICommonImplementation;
import com.rsa.certj.spi.path.CertPathCtx;
import com.rsa.certj.spi.pki.PKIException;
import com.rsa.certj.spi.pki.PKIResult;
import com.rsa.certj.spi.pki.PKIStatusInfo;
import com.rsa.certj.spi.revocation.CertRevocationInfo;
import com.rsa.certj.spi.revocation.CertStatusException;
import com.rsa.certj.spi.revocation.CertStatusInterface;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Hashtable;
import java.util.Properties;
import java.util.Vector;
import org.apache.tools.ant.DirectoryScanner;
import org.apache.tools.ant.util.ProxySetup;

/* loaded from: input_file:com/rsa/certj/provider/revocation/ocsp/OCSP.class */
public final class OCSP extends Provider {
    private OCSPResponder[] configedResponders;
    private OCSPResponderInternal[] responders;
    static final int SUPPORTED_VERSION = 0;
    static final int NONCE_LEN = 16;
    private static final String MIME_TYPE_OCSP_REQ = "application/ocsp-request";
    private static final String MIME_CONTENT_TYPE = "Content-type";
    private static final String MIME_CONTENT_LENGTH = "Content-length";
    private static final String MIME_USER_AGENT = "User-Agent";
    private static final String MIME_USER_AGENT_VALUE = "Cert-J/3.1";
    private boolean dbgWriteDERs;
    private Hashtable<String, Vector<String>> configProperties;

    /* loaded from: input_file:com/rsa/certj/provider/revocation/ocsp/OCSP$Implementation.class */
    private final class Implementation extends PKICommonImplementation implements CertStatusInterface {
        private Implementation(CertJ certJ, String str) throws InvalidParameterException, PKIException {
            super(certJ, str);
            if (OCSP.this.configProperties != null) {
                loadConfig(OCSP.this.configProperties);
            }
        }

        @Override // com.rsa.certj.spi.revocation.CertStatusInterface
        public CertRevocationInfo checkCertRevocation(CertPathCtx certPathCtx, Certificate certificate) throws NotSupportedException, CertStatusException {
            if (certPathCtx == null) {
                throw new NotSupportedException("pathCtx==null");
            }
            return checkCertRevocations(certPathCtx, new Certificate[]{certificate})[0];
        }

        private void writeDER(String str, byte[] bArr) throws NotSupportedException {
            FileOutputStream fileOutputStream = null;
            try {
                try {
                    fileOutputStream = new FileOutputStream(str);
                    fileOutputStream.write(bArr);
                    fileOutputStream.close();
                    if (fileOutputStream != null) {
                        try {
                            fileOutputStream.close();
                        } catch (IOException e) {
                        }
                    }
                } catch (Exception e2) {
                    throw new NotSupportedException("Could not write to file " + str + ": " + e2.getMessage());
                }
            } catch (Throwable th) {
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                    } catch (IOException e3) {
                    }
                }
                throw th;
            }
        }

        private CertRevocationInfo[] checkCertRevocations(CertPathCtx certPathCtx, Certificate[] certificateArr) throws NotSupportedException, CertStatusException {
            if (certificateArr == null) {
                return null;
            }
            int length = certificateArr.length;
            CertRevocationInfo[] certRevocationInfoArr = new CertRevocationInfo[length];
            OCSPMatchedResponder[] oCSPMatchedResponderArr = new OCSPMatchedResponder[length];
            for (int i = 0; i < length; i++) {
                if (certificateArr[i] == null) {
                    oCSPMatchedResponderArr[i] = null;
                    certRevocationInfoArr[i] = null;
                } else {
                    oCSPMatchedResponderArr[i] = matchResponder(certPathCtx.getPathOptions(), (X509Certificate) certificateArr[i]);
                }
            }
            for (int i2 = 0; i2 < length; i2++) {
                try {
                    String str = null;
                    if (certificateArr[i2] != null) {
                        X509V3Extensions extensions = ((X509Certificate) certificateArr[i2]).getExtensions();
                        if (extensions == null || extensions.getExtensionByType(117) == null) {
                            certRevocationInfoArr[i2] = new CertRevocationInfo(2, 0, null);
                            if (oCSPMatchedResponderArr[i2] != null) {
                                OCSPRequest oCSPRequest = new OCSPRequest(this.certJ, oCSPMatchedResponderArr[i2].responder, certificateArr);
                                byte[] encode = oCSPRequest.encode(certPathCtx);
                                if (OCSP.this.dbgWriteDERs) {
                                    byte[] uniqueID = certificateArr[i2].getUniqueID();
                                    str = uniqueID == null ? "" : new String(ConvertUtil.byteArrayToHexString(uniqueID));
                                    writeDER("ocspreq." + str + ".der", encode);
                                }
                                try {
                                    PKIResult sendMessage = sendMessage(oCSPMatchedResponderArr[i2].destList, oCSPMatchedResponderArr[i2].proxyList, encode);
                                    byte[] encodedResponse = sendMessage.getEncodedResponse();
                                    PKIStatusInfo statusInfo = sendMessage.getStatusInfo();
                                    if (statusInfo.getStatus() != 0) {
                                        throw new CertStatusException("OCSP Transport status != 0 (" + statusInfo.getStatus() + ")");
                                    }
                                    if (statusInfo.getFailInfoAux() != 200) {
                                        throw new CertStatusException("OCSP Transport HTTP status != 200\n" + CertJUtils.objectArrayToString(statusInfo.getStatusStrings(), ", "));
                                    }
                                    if (OCSP.this.dbgWriteDERs) {
                                        writeDER("ocspresp." + str + ".der", encodedResponse);
                                    }
                                    OCSPResponse oCSPResponse = new OCSPResponse(this.certJ, OCSP.this.responders[i2], (X509Certificate) certificateArr[i2]);
                                    oCSPResponse.decode(certPathCtx, encodedResponse, oCSPRequest);
                                    CertRevocationInfo revocationInfo = oCSPResponse.getRevocationInfo(oCSPRequest.getCertID(i2));
                                    byte[] nonce = oCSPRequest.getNonce();
                                    if (nonce != null) {
                                        byte[] nonce2 = oCSPResponse.getNonce();
                                        if (nonce2 == null) {
                                            OCSPEvidence oCSPEvidence = null;
                                            if (revocationInfo != null && revocationInfo.getType() == 2) {
                                                oCSPEvidence = (OCSPEvidence) revocationInfo.getEvidence();
                                            }
                                            if (oCSPEvidence != null) {
                                                oCSPEvidence.setFlags(oCSPEvidence.getFlags() | 1);
                                            }
                                        } else if (!CertJUtils.byteArraysEqual(nonce, nonce2)) {
                                            throw new NotSupportedException("OCSP nonce mismatch");
                                        }
                                    }
                                    if (revocationInfo != null) {
                                        certRevocationInfoArr[i2] = revocationInfo;
                                    }
                                } catch (PKIException e) {
                                    throw new CertStatusException(e);
                                }
                            }
                        } else {
                            certRevocationInfoArr[i2] = new CertRevocationInfo(0, 0, null);
                        }
                    }
                } catch (ASN_Exception e2) {
                    throw new CertStatusException((Exception) e2);
                } catch (CertificateException e3) {
                    throw new NotSupportedException(e3);
                }
            }
            return certRevocationInfoArr;
        }

        private PKIResult sendMessage(String[] strArr, String[] strArr2, byte[] bArr) throws PKIException {
            PKIResult sendOCSPRequest;
            boolean z = false;
            for (String str : strArr) {
                try {
                    URL url = new URL(str);
                    String protocol = url.getProtocol();
                    if (protocol.equals("http") || protocol.equals("https")) {
                        z = true;
                        int length = strArr2 != null ? strArr2.length : 0;
                        if (bArr == null) {
                            bArr = new byte[0];
                        }
                        if (strArr2 == null || length == 0) {
                            sendOCSPRequest = sendOCSPRequest(url, bArr);
                        } else {
                            sendOCSPRequest = null;
                            for (int i = 0; i < length; i++) {
                                String str2 = null;
                                try {
                                    str2 = strArr2[i];
                                    URL url2 = new URL(str2);
                                    String host = url2.getHost();
                                    String str3 = "" + url2.getPort();
                                    Properties properties = System.getProperties();
                                    properties.setProperty(ProxySetup.HTTP_PROXY_HOST, host);
                                    properties.setProperty(ProxySetup.HTTP_PROXY_PORT, str3);
                                    properties.setProperty(ProxySetup.HTTPS_PROXY_HOST, host);
                                    properties.setProperty(ProxySetup.HTTPS_PROXY_PORT, str3);
                                    try {
                                        sendOCSPRequest = sendOCSPRequest(url, bArr);
                                        break;
                                    } catch (Exception e) {
                                    }
                                } catch (MalformedURLException e2) {
                                    throw new PKIException("OCSP.sendMessage: unable to parse proxy specification" + str2 + ".", e2);
                                }
                            }
                        }
                        if (sendOCSPRequest != null) {
                            PKIStatusInfo statusInfo = sendOCSPRequest.getStatusInfo();
                            boolean z2 = (statusInfo.getFailInfo() & 2097152) != 0;
                            if (statusInfo.getStatus() != 2 || !z2) {
                                return sendOCSPRequest;
                            }
                        } else {
                            continue;
                        }
                    }
                } catch (Exception e3) {
                }
            }
            throw new PKIException(z ? "Unable to connect to an OCSP responder." : "Unable to choose an OCSP responder.");
        }

        private PKIResult sendOCSPRequest(URL url, byte[] bArr) throws PKIException {
            byte[] bArr2 = null;
            OutputStream outputStream = null;
            InputStream inputStream = null;
            try {
                try {
                    HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
                    httpURLConnection.setDoOutput(true);
                    httpURLConnection.setRequestMethod("POST");
                    httpURLConnection.setRequestProperty("User-Agent", OCSP.MIME_USER_AGENT_VALUE);
                    httpURLConnection.setRequestProperty("Content-type", OCSP.MIME_TYPE_OCSP_REQ);
                    httpURLConnection.setRequestProperty("Content-length", String.valueOf(bArr.length));
                    outputStream = httpURLConnection.getOutputStream();
                    outputStream.write(bArr);
                    outputStream.flush();
                    int responseCode = httpURLConnection.getResponseCode();
                    int mapHTTPStatus = mapHTTPStatus(responseCode);
                    int mapHTTPFailInfo = mapHTTPFailInfo(responseCode);
                    if (mapHTTPStatus == 0) {
                        inputStream = httpURLConnection.getInputStream();
                        int contentLength = httpURLConnection.getContentLength();
                        if (contentLength == -1) {
                            contentLength = Integer.MAX_VALUE;
                        }
                        int i = 0;
                        int i2 = 0;
                        bArr2 = new byte[contentLength];
                        while (i2 != -1 && i < contentLength) {
                            i2 = inputStream.read(bArr2, i, bArr2.length - i);
                            i += i2;
                        }
                    }
                    PKIResult pKIResult = new PKIResult(new PKIStatusInfo(mapHTTPStatus, mapHTTPFailInfo, new String[]{httpURLConnection.getHeaderFields().toString()}, responseCode), bArr2);
                    if (outputStream != null) {
                        try {
                            outputStream.close();
                        } catch (IOException e) {
                        }
                    }
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (IOException e2) {
                        }
                    }
                    return pKIResult;
                } catch (IOException e3) {
                    throw new PKIException("OCSP.SendOCSPRequest: " + e3.getMessage());
                }
            } catch (Throwable th) {
                if (outputStream != null) {
                    try {
                        outputStream.close();
                    } catch (IOException e4) {
                    }
                }
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e5) {
                    }
                }
                throw th;
            }
        }

        private OCSPMatchedResponder matchResponder(int i, X509Certificate x509Certificate) {
            String[] destList;
            OCSPResponderInternal oCSPResponderInternal = null;
            String aIALocation = (i & 2048) == 0 ? OCSPutil.getAIALocation(x509Certificate) : null;
            if (aIALocation == null) {
                for (int i2 = 0; i2 < OCSP.this.responders.length; i2++) {
                    OCSPResponderInternal oCSPResponderInternal2 = OCSP.this.responders[i2];
                    if (oCSPResponderInternal2.getResponderCACert(x509Certificate) != null && (destList = oCSPResponderInternal2.getDestList()) != null) {
                        return new OCSPMatchedResponder(oCSPResponderInternal2, destList, oCSPResponderInternal2.getProxyList());
                    }
                }
                return null;
            }
            String[] strArr = {aIALocation};
            for (int i3 = 0; i3 < OCSP.this.responders.length; i3++) {
                OCSPResponderInternal oCSPResponderInternal3 = OCSP.this.responders[i3];
                if (oCSPResponderInternal3.getResponderCACert(x509Certificate, aIALocation) != null) {
                    return new OCSPMatchedResponder(oCSPResponderInternal3, strArr, oCSPResponderInternal3.getProxyList());
                }
                if (oCSPResponderInternal3.getResponderCACert(x509Certificate) != null && oCSPResponderInternal == null) {
                    oCSPResponderInternal = oCSPResponderInternal3;
                }
            }
            if (oCSPResponderInternal == null) {
                return null;
            }
            return new OCSPMatchedResponder(oCSPResponderInternal, strArr, oCSPResponderInternal.getProxyList());
        }

        @Override // com.rsa.certj.ProviderImplementation
        public String toString() {
            return "OCSP Certificate Status provider named: " + getName();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/rsa/certj/provider/revocation/ocsp/OCSP$OCSPMatchedResponder.class */
    public class OCSPMatchedResponder {
        OCSPResponderInternal responder;
        String[] destList;
        String[] proxyList;

        protected OCSPMatchedResponder(OCSPResponderInternal oCSPResponderInternal, String[] strArr, String[] strArr2) {
            this.responder = oCSPResponderInternal;
            this.destList = strArr;
            this.proxyList = strArr2;
        }
    }

    public void setDebugWriteDERs(boolean z) {
        this.dbgWriteDERs = z;
    }

    public OCSP(String str, OCSPResponder oCSPResponder) throws InvalidParameterException, CertificateException, NameException {
        super(2, str);
        if (oCSPResponder == null) {
            throw new InvalidParameterException("responder == null");
        }
        this.configedResponders = new OCSPResponder[1];
        this.configedResponders[0] = new OCSPResponder(oCSPResponder);
    }

    public OCSP(String str, OCSPResponder[] oCSPResponderArr) throws InvalidParameterException, CertificateException, NameException {
        super(2, str);
        if (oCSPResponderArr == null) {
            throw new InvalidParameterException("responder == null");
        }
        int length = oCSPResponderArr.length;
        this.configedResponders = new OCSPResponder[length];
        for (int i = 0; i < length; i++) {
            if (oCSPResponderArr[i] == null) {
                throw new InvalidParameterException("responders[" + i + "] == null");
            }
            this.configedResponders[i] = new OCSPResponder(oCSPResponderArr[i]);
        }
    }

    public OCSP(String str, OCSPResponder oCSPResponder, InputStream inputStream) throws InvalidParameterException, CertificateException, NameException {
        this(str, oCSPResponder);
        if (inputStream == null) {
            throw new InvalidParameterException("OCSP: configStream should not be null.");
        }
        this.configProperties = PKICommonImplementation.loadProperties(inputStream);
    }

    public OCSP(String str, OCSPResponder oCSPResponder, File file) throws InvalidParameterException, CertificateException, NameException {
        this(str, oCSPResponder);
        if (file == null) {
            throw new InvalidParameterException("OCSP: configFile should not be null.");
        }
        FileInputStream fileInputStream = null;
        try {
            try {
                fileInputStream = new FileInputStream(file);
                this.configProperties = PKICommonImplementation.loadProperties(fileInputStream);
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e) {
                    }
                }
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e2) {
                    }
                }
                throw th;
            }
        } catch (FileNotFoundException e3) {
            throw new InvalidParameterException("OCSP: " + file.toString() + DirectoryScanner.DOES_NOT_EXIST_POSTFIX);
        }
    }

    public OCSP(String str, OCSPResponder[] oCSPResponderArr, InputStream inputStream) throws InvalidParameterException, CertificateException, NameException {
        this(str, oCSPResponderArr);
        if (inputStream == null) {
            throw new InvalidParameterException("OCSP: configStream should not be null.");
        }
        this.configProperties = PKICommonImplementation.loadProperties(inputStream);
    }

    public OCSP(String str, OCSPResponder[] oCSPResponderArr, File file) throws InvalidParameterException, CertificateException, NameException {
        this(str, oCSPResponderArr);
        if (file == null) {
            throw new InvalidParameterException("OCSP: configFile should not be null.");
        }
        FileInputStream fileInputStream = null;
        try {
            try {
                fileInputStream = new FileInputStream(file);
                this.configProperties = PKICommonImplementation.loadProperties(fileInputStream);
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e) {
                    }
                }
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e2) {
                    }
                }
                throw th;
            }
        } catch (FileNotFoundException e3) {
            throw new InvalidParameterException("OCSP: " + file.toString() + DirectoryScanner.DOES_NOT_EXIST_POSTFIX);
        }
    }

    @Override // com.rsa.certj.Provider
    public ProviderImplementation instantiate(CertJ certJ) throws ProviderManagementException {
        int length = this.configedResponders.length;
        try {
            this.responders = new OCSPResponderInternal[length];
            for (int i = 0; i < length; i++) {
                this.responders[i] = new OCSPResponderInternal(certJ, this.configedResponders[i]);
                this.configedResponders[i] = null;
            }
            return new Implementation(certJ, getName());
        } catch (InvalidParameterException e) {
            throw new ProviderManagementException("OCSP.instantiate.", e);
        } catch (CertificateException e2) {
            throw new ProviderManagementException("OCSP.instantiate.", e2);
        } catch (NameException e3) {
            throw new ProviderManagementException("OCSP.instantiate.", e3);
        } catch (PKIException e4) {
            throw new ProviderManagementException("OCSP.instantiate.", e4);
        }
    }
}
