package sun.security.provider.certpath;

import java.net.URI;
import java.net.URISyntaxException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.Security;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import sun.security.util.Debug;
import sun.security.x509.AccessDescription;
import sun.security.x509.AuthorityInfoAccessExtension;
import sun.security.x509.GeneralName;
import sun.security.x509.URIName;
import sun.security.x509.X509CertImpl;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public class OCSPChecker extends PKIXCertPathChecker {
    private static final Debug DEBUG = Debug.getInstance("certpath");
    private static final String HEX_DIGITS = "0123456789ABCDEFabcdef";
    static final String OCSP_CERT_ISSUER_PROP = "ocsp.responderCertIssuerName";
    static final String OCSP_CERT_NUMBER_PROP = "ocsp.responderCertSerialNumber";
    static final String OCSP_CERT_SUBJECT_PROP = "ocsp.responderCertSubjectName";
    static final String OCSP_ENABLE_PROP = "ocsp.enable";
    static final String OCSP_URL_PROP = "ocsp.responderURL";
    private static final boolean dump = false;
    private X509Certificate[] certs;
    private CertPath cp;
    private boolean onlyEECert;
    private PKIXParameters pkixParams;
    private int remainingCerts;

    OCSPChecker(CertPath certPath, PKIXParameters pKIXParameters) throws CertPathValidatorException {
        this(certPath, pKIXParameters, false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OCSPChecker(CertPath certPath, PKIXParameters pKIXParameters, boolean z) throws CertPathValidatorException {
        this.onlyEECert = false;
        this.cp = certPath;
        this.pkixParams = pKIXParameters;
        this.onlyEECert = z;
        List<? extends Certificate> certificates = certPath.getCertificates();
        this.certs = (X509Certificate[]) certificates.toArray(new X509Certificate[certificates.size()]);
        init(false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] getKeyId(X509Certificate x509Certificate) {
        Debug debug;
        byte[] bArr = null;
        try {
            bArr = X509CertImpl.toImpl(x509Certificate).getSubjectKeyIdentifier();
            if (bArr == null && (debug = DEBUG) != null) {
                debug.println("No subject key identifier (SKID) in the certificate (Subject: " + x509Certificate.getSubjectX500Principal() + ")");
            }
        } catch (CertificateException e) {
            Debug debug2 = DEBUG;
            if (debug2 != null) {
                debug2.println("Error parsing X.509 certificate (Subject: " + x509Certificate.getSubjectX500Principal() + ") " + e);
            }
        }
        return bArr;
    }

    private static String[] getOCSPProperties() {
        final String[] strArr = new String[4];
        AccessController.doPrivileged(new PrivilegedAction<Void>() { // from class: sun.security.provider.certpath.OCSPChecker.1
            @Override // java.security.PrivilegedAction
            public Void run() {
                strArr[0] = Security.getProperty(OCSPChecker.OCSP_URL_PROP);
                strArr[1] = Security.getProperty(OCSPChecker.OCSP_CERT_SUBJECT_PROP);
                strArr[2] = Security.getProperty(OCSPChecker.OCSP_CERT_ISSUER_PROP);
                strArr[3] = Security.getProperty(OCSPChecker.OCSP_CERT_NUMBER_PROP);
                return null;
            }
        });
        return strArr;
    }

    private static URI getOCSPServerURI(X509CertImpl x509CertImpl, String str) throws CertPathValidatorException {
        if (str != null) {
            try {
                return new URI(str);
            } catch (URISyntaxException e) {
                throw new CertPathValidatorException(e);
            }
        }
        AuthorityInfoAccessExtension authorityInfoAccessExtension = x509CertImpl.getAuthorityInfoAccessExtension();
        if (authorityInfoAccessExtension == null) {
            throw new CertPathValidatorException("Must specify the location of an OCSP Responder");
        }
        for (AccessDescription accessDescription : authorityInfoAccessExtension.getAccessDescriptions()) {
            if (accessDescription.getAccessMethod().equals((Object) AccessDescription.Ad_OCSP_Id)) {
                GeneralName accessLocation = accessDescription.getAccessLocation();
                if (accessLocation.getType() == 6) {
                    return ((URIName) accessLocation.getName()).getURI();
                }
            }
        }
        throw new CertPathValidatorException("Cannot find the location of the OCSP Responder");
    }

    private static String stripOutSeparators(String str) {
        char[] charArray = str.toCharArray();
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < charArray.length; i++) {
            if (HEX_DIGITS.indexOf(charArray[i]) != -1) {
                sb.append(charArray[i]);
            }
        }
        return sb.toString();
    }

    /* JADX WARN: Removed duplicated region for block: B:130:0x016a  */
    /* JADX WARN: Removed duplicated region for block: B:149:0x02d9  */
    /* JADX WARN: Removed duplicated region for block: B:151:0x0090  */
    /* JADX WARN: Removed duplicated region for block: B:23:0x0080  */
    /* JADX WARN: Removed duplicated region for block: B:65:0x00b8  */
    @Override // java.security.cert.PKIXCertPathChecker
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void check(java.security.cert.Certificate r24, java.util.Collection<java.lang.String> r25) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 752
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: sun.security.provider.certpath.OCSPChecker.check(java.security.cert.Certificate, java.util.Collection):void");
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set<String> getSupportedExtensions() {
        return Collections.emptySet();
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("Forward checking not supported");
        }
        this.remainingCerts = this.certs.length + 1;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }
}
