package sun.security.provider.certpath;

import java.io.IOException;
import java.net.URI;
import java.security.AccessController;
import java.security.cert.CRLReason;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.Extension;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Map;
import sun.security.action.GetIntegerAction;
import sun.security.util.Debug;
import sun.security.util.ObjectIdentifier;
import sun.security.x509.AccessDescription;
import sun.security.x509.AuthorityInfoAccessExtension;
import sun.security.x509.GeneralName;
import sun.security.x509.URIName;
import sun.security.x509.X509CertImpl;

/* loaded from: classes2.dex */
public final class OCSP {
    private static final int DEFAULT_CONNECT_TIMEOUT = 15000;
    static final ObjectIdentifier NONCE_EXTENSION_OID = ObjectIdentifier.newInternal(new int[]{1, 3, 6, 1, 5, 5, 7, 48, 1, 2});
    private static final Debug debug = Debug.getInstance("certpath");
    private static final int CONNECT_TIMEOUT = initializeTimeout();

    /* loaded from: classes2.dex */
    public interface RevocationStatus {

        /* loaded from: classes2.dex */
        public enum CertStatus {
            GOOD,
            REVOKED,
            UNKNOWN
        }

        CertStatus getCertStatus();

        CRLReason getRevocationReason();

        Date getRevocationTime();

        Map<String, Extension> getSingleExtensions();
    }

    private OCSP() {
    }

    public static RevocationStatus check(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws IOException, CertPathValidatorException {
        try {
            X509CertImpl impl = X509CertImpl.toImpl(x509Certificate);
            URI responderURI = getResponderURI(impl);
            if (responderURI == null) {
                throw new CertPathValidatorException("No OCSP Responder URI in certificate");
            }
            CertId certId = new CertId(x509Certificate2, impl.getSerialNumberObject());
            return check((List<CertId>) Collections.singletonList(certId), responderURI, x509Certificate2, (X509Certificate) null, (Date) null, (List<Extension>) Collections.emptyList()).getSingleResponse(certId);
        } catch (IOException | CertificateException e) {
            throw new CertPathValidatorException("Exception while encoding OCSPRequest", e);
        }
    }

    public static RevocationStatus check(X509Certificate x509Certificate, X509Certificate x509Certificate2, URI uri, X509Certificate x509Certificate3, Date date) throws IOException, CertPathValidatorException {
        return check(x509Certificate, x509Certificate2, uri, x509Certificate3, date, (List<Extension>) Collections.emptyList());
    }

    public static RevocationStatus check(X509Certificate x509Certificate, X509Certificate x509Certificate2, URI uri, X509Certificate x509Certificate3, Date date, List<Extension> list) throws IOException, CertPathValidatorException {
        try {
            CertId certId = new CertId(x509Certificate2, X509CertImpl.toImpl(x509Certificate).getSerialNumberObject());
            return check((List<CertId>) Collections.singletonList(certId), uri, x509Certificate2, x509Certificate3, date, list).getSingleResponse(certId);
        } catch (IOException | CertificateException e) {
            throw new CertPathValidatorException("Exception while encoding OCSPRequest", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Removed duplicated region for block: B:71:0x011a A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:76:0x0112 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static sun.security.provider.certpath.OCSPResponse check(java.util.List<sun.security.provider.certpath.CertId> r8, java.net.URI r9, java.security.cert.X509Certificate r10, java.security.cert.X509Certificate r11, java.util.Date r12, java.util.List<java.security.cert.Extension> r13) throws java.io.IOException, java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 298
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: sun.security.provider.certpath.OCSP.check(java.util.List, java.net.URI, java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.util.Date, java.util.List):sun.security.provider.certpath.OCSPResponse");
    }

    public static URI getResponderURI(X509Certificate x509Certificate) {
        try {
            return getResponderURI(X509CertImpl.toImpl(x509Certificate));
        } catch (CertificateException e) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static URI getResponderURI(X509CertImpl x509CertImpl) {
        AuthorityInfoAccessExtension authorityInfoAccessExtension = x509CertImpl.getAuthorityInfoAccessExtension();
        if (authorityInfoAccessExtension == null) {
            return null;
        }
        for (AccessDescription accessDescription : authorityInfoAccessExtension.getAccessDescriptions()) {
            if (accessDescription.getAccessMethod().equals((Object) AccessDescription.Ad_OCSP_Id)) {
                GeneralName accessLocation = accessDescription.getAccessLocation();
                if (accessLocation.getType() == 6) {
                    return ((URIName) accessLocation.getName()).getURI();
                }
            }
        }
        return null;
    }

    private static int initializeTimeout() {
        Integer num = (Integer) AccessController.doPrivileged(new GetIntegerAction("com.sun.security.ocsp.timeout"));
        if (num == null || num.intValue() < 0) {
            return 15000;
        }
        return num.intValue() * 1000;
    }
}
