package com.baltimore.jpkiplus.ocsp;

import com.baltimore.jcrypto.coders.DERCoder;
import com.baltimore.jcrypto.utils.OIDs;
import com.baltimore.jpkiplus.x509.extensions.ExtensionsException;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.net.ConnectException;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.ProtocolException;
import java.net.URL;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.Date;
import sun.misc.BASE64Encoder;

/* compiled from: [DashoPro-V1.3-013000] */
/* loaded from: input_file:com/baltimore/jpkiplus/ocsp/OcspOverHttp.class */
public class OcspOverHttp {
    private URL d;
    private CertStatus[] h;
    private byte[] j;
    protected HttpURLConnection a = null;
    private DataInputStream b = null;
    private DataOutputStream c = null;
    private String e = null;
    private String f = null;
    private boolean g = false;
    private int i = 5000;

    public OcspOverHttp(String str) throws MalformedURLException {
        this.d = null;
        this.h = null;
        this.d = new URL(str);
        this.h = new CertStatus[0];
    }

    public OcspOverHttp(URL url) {
        this.d = null;
        this.h = null;
        this.d = url;
        this.h = new CertStatus[0];
    }

    private boolean a(ResponseData responseData) throws Exception {
        if (responseData == null) {
            throw new Exception("OcspOverHttp Signed Response Acceptance Requirements Failed. Response Data is null.");
        }
        Date date = new Date();
        for (int i = 0; i < responseData.getNumberOfResponses(); i++) {
            a(responseData.getResponse(i), date, i);
        }
        return true;
    }

    private boolean a(SingleResponse singleResponse, Date date, int i) throws Exception {
        if (singleResponse == null) {
            throw new Exception(new StringBuffer("OcspOverHttp Signed Response Acceptance Requirements Failed. Response ").append(i).append(" is null.").toString());
        }
        Date nextUpdate = singleResponse.getNextUpdate();
        if (nextUpdate != null && date.after(nextUpdate)) {
            throw new Exception(new StringBuffer("OcspOverHttp Signed Response Acceptance Requirements Failed. Response ").append(i).append(". ").append("Today :").append(date).append(" is after nextUpdate :").append(nextUpdate).toString());
        }
        Date thisUpdate = singleResponse.getThisUpdate();
        if (thisUpdate == null || date.before(thisUpdate)) {
            throw new Exception(new StringBuffer("OcspOverHttp Signed Response Acceptance Requirements Failed. Response ").append(i).append(". ").append("Today :").append(date).append(" is before thisUpdate :").append(thisUpdate).toString());
        }
        return true;
    }

    protected void a() {
        this.a.disconnect();
    }

    public byte[] getID() {
        return this.j;
    }

    public String getOCSPServer() {
        return this.d.toString();
    }

    public String getProxyPassword() {
        return this.f;
    }

    public String getProxyUser() {
        return this.e;
    }

    public int getResponseCertStatus(int i) throws Exception {
        if (this.h == null || i < 0 || this.h.length <= i) {
            throw new Exception(new StringBuffer("OcspOverHttp::getResponseCertStatus : Invalid Response Cert Status index : ").append(i).toString());
        }
        return this.h[i].getStatus();
    }

    protected int b() throws IOException {
        return this.a.getResponseCode();
    }

    public String getRevokedReason(int i) throws ExtensionsException {
        RevokedInfo revokedInfo;
        if (this.h == null || i < 0 || this.h.length <= i || (revokedInfo = this.h[i].getRevokedInfo()) == null) {
            return null;
        }
        return revokedInfo.toString();
    }

    private void d() throws IOException {
        this.a = (HttpURLConnection) this.d.openConnection();
        c();
        this.a.setRequestProperty("Content-Type", "application/ocsp-request");
        if (this.g) {
            this.a.setRequestProperty("Proxy-Authorization", new StringBuffer("Basic ").append(new BASE64Encoder().encode(new StringBuffer(String.valueOf(this.e)).append(":").append(this.f).toString().getBytes())).toString());
        }
        this.a.setDoOutput(true);
        this.a.setDoInput(true);
        this.c = new DataOutputStream(this.a.getOutputStream());
    }

    public CertStatus[] parseResponse(ResponseData responseData) throws Exception {
        this.h = null;
        if (responseData == null) {
            throw new Exception("OcspOverHttp::parseResponse : Response Data is null");
        }
        int numberOfResponses = responseData.getNumberOfResponses();
        this.h = new CertStatus[numberOfResponses];
        for (int i = 0; i < numberOfResponses; i++) {
            this.h[i] = responseData.getResponse(i).getCertStatus();
        }
        return this.h;
    }

    public int parseResponse(ResponseData responseData, int i) throws Exception {
        parseResponse(responseData);
        return getResponseCertStatus(i);
    }

    public CertStatus[] parseResponse(byte[] bArr) throws Exception {
        this.h = null;
        if (bArr == null) {
            throw new Exception("OcspOverHttp::parseResponse : OCSP Response is null.");
        }
        OCSPResponse oCSPResponse = new OCSPResponse(bArr);
        if (oCSPResponse.getResponseStatus() != 0) {
            throw new Exception(new StringBuffer("OcspOverHttp::parseResponse : OCSP Response Not Successful. Status : ").append(oCSPResponse.getResponseStatusString()).toString());
        }
        if (!oCSPResponse.getResponseBytes().getResponseType().equals(OIDs.id_pkix_ocsp_basic)) {
            throw new Exception("OcspOverHttp::parseResponse : OCSP Basic Response NOT Received.");
        }
        BasicOCSPResponse basicOCSPResponse = new BasicOCSPResponse(oCSPResponse.getResponseBytes().getResponse());
        if (verify(basicOCSPResponse)) {
            return parseResponse(basicOCSPResponse.getResponseData());
        }
        throw new Exception("OcspOverHttp::parseResponse : Basic Response Did Not Verify.");
    }

    public int parseResponse(byte[] bArr, int i) throws Exception {
        parseResponse(bArr);
        return getResponseCertStatus(i);
    }

    public byte[] sendData(byte[] bArr) throws Exception {
        if (bArr == null) {
            throw new Exception("OcspOverHttp::sendData(ocspRequest) : OCSPRequest is null");
        }
        try {
            d();
            this.c.write(bArr, 0, bArr.length);
            this.a.connect();
            this.c.flush();
            if (b() != 200) {
                throw new Exception(new StringBuffer("Connection not established properly (").append(b()).append(" - ").append(this.a.getResponseMessage()).append(")").toString());
            }
            try {
                this.b = new DataInputStream(this.a.getInputStream());
                byte[] bArr2 = new byte[2];
                this.b.read(bArr2);
                int lengthOfLength = DERCoder.getLengthOfLength(bArr2, 1);
                byte[] bArr3 = new byte[(bArr2.length + lengthOfLength) - 1];
                bArr3[0] = bArr2[0];
                bArr3[1] = bArr2[1];
                this.b.read(bArr3, 2, lengthOfLength - 1);
                int length = DERCoder.getLength(bArr3, 1);
                byte[] bArr4 = new byte[length];
                this.b.readFully(bArr4, 0, length);
                byte[] bArr5 = new byte[length + bArr3.length];
                System.arraycopy(bArr3, 0, bArr5, 0, bArr3.length);
                System.arraycopy(bArr4, 0, bArr5, bArr3.length, bArr4.length);
                a();
                return bArr5;
            } catch (Exception e) {
                throw new Exception(new StringBuffer("OcspOverHttp::sendData(ocspRequest) : ").append(e.getMessage()).toString());
            }
        } catch (ConnectException e2) {
            throw new Exception(new StringBuffer("OcspOverHttp::sendData(ocspRequest) : ").append(e2.getMessage()).toString());
        } catch (MalformedURLException e3) {
            throw new Exception(new StringBuffer("OcspOverHttp::sendData(ocspRequest) : ").append(e3.getMessage()).toString());
        }
    }

    protected void c() throws ProtocolException {
        this.a.setRequestMethod("POST");
    }

    public void setProxyAuthentication(String str, String str2) {
        this.g = true;
        this.e = str;
        this.f = str2;
    }

    public boolean verify(BasicOCSPResponse basicOCSPResponse) throws Exception {
        if (basicOCSPResponse == null) {
            throw new Exception("OcspOverHttp Verify Failed. Basic Response is null.");
        }
        if (!basicOCSPResponse.isSigned()) {
            return true;
        }
        X509Certificate x509Certificate = null;
        for (int i = 0; i < basicOCSPResponse.getNumberOfCertificates(); i++) {
            x509Certificate = basicOCSPResponse.getCertificate(i);
            if (x509Certificate == null) {
                throw new Exception(new StringBuffer("OcspOverHttp Verify Failed. Response Certificate [").append(i).append("] Unavailable - ").append("the user must manually verify.").toString());
            }
        }
        ResponseData responseData = basicOCSPResponse.getResponseData();
        if (responseData == null) {
            return false;
        }
        a(responseData);
        try {
            String stringFromOID = OIDs.getStringFromOID(basicOCSPResponse.getSignatureAlgorithm(null).getAlgorithm());
            byte[] signature = basicOCSPResponse.getSignature(null);
            byte[] der = responseData.toDER();
            Signature signature2 = Signature.getInstance(stringFromOID);
            signature2.initVerify(x509Certificate.getPublicKey());
            signature2.update(der);
            return signature2.verify(signature);
        } catch (Exception unused) {
            return false;
        }
    }
}
