package org.bouncycastle.jce.provider;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.lang.ref.WeakReference;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URL;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Extension;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.WeakHashMap;
import org.bouncycastle.asn1.AbstractC0416q;
import org.bouncycastle.asn1.AbstractC0420v;
import org.bouncycastle.asn1.C0395d;
import org.bouncycastle.asn1.C0403h;
import org.bouncycastle.asn1.C0415p;
import org.bouncycastle.asn1.m0;
import tt.AV;
import tt.Aq0;
import tt.BV;
import tt.C0676Hu;
import tt.C0707Iu;
import tt.C1119Wc;
import tt.C1474c9;
import tt.C2874pY;
import tt.C3365u80;
import tt.CV;
import tt.Cl0;
import tt.Jn0;
import tt.NI;
import tt.U90;
import tt.V90;

/* loaded from: classes.dex */
class OcspCache {
    private static final int DEFAULT_MAX_RESPONSE_SIZE = 32768;
    private static final int DEFAULT_TIMEOUT = 15000;
    private static Map<URI, WeakReference<Map<C1119Wc, CV>>> cache = Collections.synchronizedMap(new WeakHashMap());

    OcspCache() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static CV getOcspResponse(C1119Wc c1119Wc, C2874pY c2874pY, URI uri, X509Certificate x509Certificate, List<Extension> list, NI ni) {
        CV cv;
        WeakReference<Map<C1119Wc, CV>> weakReference = cache.get(uri);
        Map<C1119Wc, CV> map = weakReference != null ? weakReference.get() : null;
        if (map != null && (cv = map.get(c1119Wc)) != null) {
            if (isCertIDFoundAndCurrent(C1474c9.k(AbstractC0416q.v(cv.k().m()).x()), c2874pY.e(), c1119Wc)) {
                return cv;
            }
            map.remove(c1119Wc);
        }
        try {
            URL url = uri.toURL();
            C0395d c0395d = new C0395d();
            c0395d.a(new C3365u80(c1119Wc, null));
            C0395d c0395d2 = new C0395d();
            byte[] bArr = null;
            for (int i = 0; i != list.size(); i++) {
                Extension extension = list.get(i);
                byte[] value = extension.getValue();
                if (AV.c.z().equals(extension.getId())) {
                    bArr = value;
                }
                c0395d2.a(new C0676Hu(new C0415p(extension.getId()), extension.isCritical(), value));
            }
            try {
                byte[] encoded = new BV(c0395d2.f() != 0 ? new Aq0(null, new m0(c0395d), C0707Iu.q(new m0(c0395d2))) : new Aq0(null, new m0(c0395d), null), null).getEncoded();
                HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
                httpURLConnection.setConnectTimeout(DEFAULT_TIMEOUT);
                httpURLConnection.setReadTimeout(DEFAULT_TIMEOUT);
                httpURLConnection.setDoOutput(true);
                httpURLConnection.setDoInput(true);
                httpURLConnection.setRequestMethod("POST");
                httpURLConnection.setRequestProperty("Content-type", "application/ocsp-request");
                httpURLConnection.setRequestProperty("Content-length", String.valueOf(encoded.length));
                OutputStream outputStream = httpURLConnection.getOutputStream();
                outputStream.write(encoded);
                outputStream.flush();
                InputStream inputStream = httpURLConnection.getInputStream();
                int contentLength = httpURLConnection.getContentLength();
                if (contentLength < 0) {
                    contentLength = 32768;
                }
                CV j = CV.j(Jn0.e(inputStream, contentLength));
                try {
                    if (j.m().k() != 0) {
                        throw new CertPathValidatorException("OCSP responder failed: " + j.m().m(), null, c2874pY.a(), c2874pY.b());
                    }
                    U90 j2 = U90.j(j.k());
                    if (j2.n().p(AV.b)) {
                        C1474c9 k = C1474c9.k(j2.m().x());
                        if (ProvOcspRevocationChecker.validatedOcspResponse(k, c2874pY, bArr, x509Certificate, ni) && isCertIDFoundAndCurrent(k, c2874pY.e(), c1119Wc)) {
                            WeakReference<Map<C1119Wc, CV>> weakReference2 = cache.get(uri);
                            if (weakReference2 != null) {
                                map = weakReference2.get();
                            }
                            if (map != null) {
                                map.put(c1119Wc, j);
                            } else {
                                HashMap hashMap = new HashMap();
                                hashMap.put(c1119Wc, j);
                                cache.put(uri, new WeakReference<>(hashMap));
                            }
                            return j;
                        }
                    }
                    throw new CertPathValidatorException("OCSP response failed to validate", null, c2874pY.a(), c2874pY.b());
                } catch (IOException e) {
                    e = e;
                    throw new CertPathValidatorException("configuration error: " + e.getMessage(), e, c2874pY.a(), c2874pY.b());
                }
            } catch (IOException e2) {
                e = e2;
            }
        } catch (MalformedURLException e3) {
            throw new CertPathValidatorException("configuration error: " + e3.getMessage(), e3, c2874pY.a(), c2874pY.b());
        }
    }

    private static boolean isCertIDFoundAndCurrent(C1474c9 c1474c9, Date date, C1119Wc c1119Wc) {
        AbstractC0420v n = V90.j(c1474c9.o()).n();
        for (int i = 0; i != n.size(); i++) {
            Cl0 m = Cl0.m(n.y(i));
            if (c1119Wc.equals(m.j())) {
                C0403h n2 = m.n();
                if (n2 != null) {
                    return !date.after(n2.y());
                }
                return true;
            }
        }
        return false;
    }
}
