package com.initech.pki.ocsp;

import com.initech.cpv.wrapper.CPVWrapper;
import com.initech.pki.asn1.ASN1Exception;
import com.initech.pki.asn1.DEREncoder;
import com.initech.pki.asn1.useful.AlgorithmID;
import com.initech.pki.ocsp.extensions.AcceptableResponses;
import com.initech.pki.ocsp.extensions.Nonce;
import com.initech.pki.ocsp.net.HttpOCSPRequest;
import com.initech.pki.ocsp.util.CertificateUtil;
import com.initech.pki.ocsp.util.PKIUtil;
import com.initech.pki.x509.X509CertImpl;
import com.initech.pki.x509.extensions.AccessDescription;
import com.initech.pki.x509.extensions.AuthorityInfoAccess;
import com.initech.provider.crypto.InitechProvider;
import com.shinhan.sbanking.GlobalStatic;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.URL;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.Properties;
import java.util.StringTokenizer;

/* loaded from: classes.dex */
public class OCSPManager {
    private DEREncoder der;
    private String propFilePath;
    private OCSPRequest req;
    private OCSPResponse resp;
    private static String REQ_SIGN_ALG = "OCSP_REQUEST_SIGN_ALGORITHM";
    private static String OCSP_SERVER_CERT_PATH = "OCSP_SERVER_CERT";
    private static String NEED_TO_SIGN = "OCSP_SERVER_REQUIRED_SIGN";
    private static String OCSP_CLIENT_PRI_KEY = "OCSP_CLIENT_PRIVATEKEY";
    private static String OCSP_CLIENT_PRI_KEY_PW = "OCSP_CLIENT_PRIVATEKEY_PASSWORD";
    private static String OCSP_CLIENT_PRI_KEY_ALG = "OCSP_CLIENT_PRIVATEKEY_ALGORITHM";
    private static String OCSP_CLIENT_CERT = "OCSP_CLIENT_CERT";
    private static String NONCE_CHECK = "OCSP_SERVER_NONCE_CHECK";
    private Properties prop = null;
    private int count = 0;
    private int num = 0;
    private X509Certificate serverCert = null;
    private X509Certificate clientCert = null;
    private PrivateKey clientPriv = null;
    private AlgorithmID algorithmID = null;
    private String ip = null;
    private String port = null;
    private String responderURL = null;
    private ResponseDataInfos infos = null;
    private Enumeration enu = null;
    private boolean doSign = false;
    private boolean doVerify = true;
    private boolean doNonce = false;
    private byte[] nonce = null;

    static {
        InitechProvider.addAsProvider();
    }

    public OCSPManager(String str) {
        this.propFilePath = null;
        this.req = null;
        this.resp = null;
        this.der = null;
        this.req = new OCSPRequest();
        this.resp = new OCSPResponse();
        this.der = new DEREncoder();
        this.propFilePath = str;
    }

    private int checkOcspServer(X509Certificate x509Certificate) {
        int i = 0;
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
            messageDigest.update(x509Certificate.getEncoded());
            byte[] digest = messageDigest.digest();
            i = 0;
            while (i < this.count) {
                messageDigest.update(CertificateUtil.loadCertFromFile(this.prop.getProperty("OCSP_SERVER_CACERT." + Integer.toString(i + 1))).getEncoded());
                if (Arrays.equals(digest, messageDigest.digest())) {
                    break;
                }
                i++;
            }
        } catch (Exception e) {
            System.out.println("OCSPManager:checkOcspServer:Exception:" + e.getMessage());
        }
        if (i == 0 || i == this.count) {
            return 0;
        }
        return i + 1;
    }

    private boolean checkPathValidation(X509Certificate x509Certificate) throws OCSPException {
        try {
            CPVWrapper.getInstance(this.prop.getProperty("PATH_VALIDATION_PROPERTY_FILE"), this.prop.getProperty("PATH_VALIDATION_CATEGORY")).validate(x509Certificate);
            return true;
        } catch (Exception e) {
            e.printStackTrace();
            throw new OCSPException("OCSP_0012", "OCSPManager:OCSP Server Cert's PathValidation is faild");
        }
    }

    private String getResponderURL(X509Certificate x509Certificate) throws OCSPException {
        ASN1Exception aSN1Exception;
        try {
            X509CertImpl x509CertImpl = new X509CertImpl(x509Certificate.getEncoded());
            if (x509CertImpl.getExtension(AuthorityInfoAccess.OID) == null) {
                return null;
            }
            try {
            } catch (ASN1Exception e) {
                aSN1Exception = e;
            }
            try {
                Enumeration elements = new AuthorityInfoAccess(x509CertImpl.getExtension(AuthorityInfoAccess.OID).getExtValue()).elements();
                while (elements.hasMoreElements()) {
                    AccessDescription accessDescription = (AccessDescription) elements.nextElement();
                    if (accessDescription.getMethod().equals("1.3.6.1.5.5.7.48.1")) {
                        return accessDescription.getName().toString();
                    }
                }
                return null;
            } catch (ASN1Exception e2) {
                aSN1Exception = e2;
                aSN1Exception.printStackTrace();
                throw new OCSPException("AuthorityInfoAccess parsing Exception");
            }
        } catch (CertificateEncodingException e3) {
            e3.printStackTrace();
            throw new OCSPException("Invalid Encoding User Cert");
        } catch (CertificateException e4) {
            e4.printStackTrace();
            throw new OCSPException("Certificate Exception");
        }
    }

    private void loadProperties(String str) throws IOException {
        if (this.prop == null) {
            this.prop = new Properties();
            this.prop.load(new FileInputStream(str));
            Enumeration<?> propertyNames = this.prop.propertyNames();
            int i = 0;
            while (propertyNames.hasMoreElements()) {
                try {
                    if (((String) propertyNames.nextElement()).startsWith("OCSP_SERVER_IP.")) {
                        i++;
                    }
                } catch (Exception e) {
                    System.err.println("Please check the properties file(valid String, formatting, etc)");
                    return;
                }
            }
            this.count = i;
        }
    }

    private String removeSpace(String str) {
        StringTokenizer stringTokenizer = new StringTokenizer(str, " ");
        String str2 = "";
        while (stringTokenizer.hasMoreTokens()) {
            str2 = String.valueOf(str2) + stringTokenizer.nextToken();
        }
        return str2;
    }

    private void serverConfig(int i) throws Exception {
        String property;
        char[] charArray;
        String property2;
        this.algorithmID = new AlgorithmID(this.prop.getProperty(REQ_SIGN_ALG));
        if (i != -2) {
            FileInputStream fileInputStream = null;
            try {
                if (i == -1) {
                    fileInputStream = new FileInputStream(this.prop.getProperty(OCSP_SERVER_CERT_PATH));
                } else if (i > -1) {
                    fileInputStream = new FileInputStream(this.prop.getProperty(String.valueOf(OCSP_SERVER_CERT_PATH) + "." + Integer.toString(i)));
                }
                byte[] bArr = new byte[fileInputStream.available()];
                fileInputStream.read(bArr);
                fileInputStream.close();
                this.serverCert = CertificateUtil.loadCertificate(bArr);
            } catch (FileNotFoundException e) {
                System.err.println("Not Found OCSP Server Certificate");
                e.printStackTrace();
            } catch (IOException e2) {
                System.err.println("Error OCSP Server Certificate Loading");
                e2.printStackTrace();
            }
        }
        if (this.prop.getProperty(NEED_TO_SIGN).equalsIgnoreCase("YES")) {
            this.doSign = true;
            if (i == -1 || i == -2) {
                property = this.prop.getProperty(OCSP_CLIENT_PRI_KEY);
                charArray = this.prop.getProperty(OCSP_CLIENT_PRI_KEY_PW).toCharArray();
                property2 = this.prop.getProperty(OCSP_CLIENT_PRI_KEY_ALG);
            } else {
                property = this.prop.getProperty(String.valueOf(OCSP_CLIENT_PRI_KEY) + "." + Integer.toString(i));
                charArray = this.prop.getProperty(String.valueOf(OCSP_CLIENT_PRI_KEY_PW) + "." + Integer.toString(i)).toCharArray();
                property2 = this.prop.getProperty(String.valueOf(OCSP_CLIENT_PRI_KEY_ALG) + "." + Integer.toString(i));
            }
            try {
                this.clientPriv = PKIUtil.loadPrivateKey(property, charArray, property2);
            } catch (Exception e3) {
                e3.printStackTrace();
            }
            try {
                FileInputStream fileInputStream2 = (i == -1 || i == -2) ? new FileInputStream(this.prop.getProperty(OCSP_CLIENT_CERT)) : new FileInputStream(this.prop.getProperty(String.valueOf(OCSP_CLIENT_CERT) + "." + Integer.toString(i)));
                byte[] bArr2 = new byte[fileInputStream2.available()];
                fileInputStream2.read(bArr2);
                fileInputStream2.close();
                this.clientCert = CertificateUtil.loadCertificate(bArr2);
            } catch (FileNotFoundException e4) {
                System.err.println("Not Found OCSP Client Certificate)");
                e4.printStackTrace();
            } catch (IOException e5) {
                System.err.println("Error OCSP Client Certificate Loading)");
                e5.printStackTrace();
            }
        } else {
            this.doSign = false;
        }
        if (this.prop.getProperty(NONCE_CHECK).equalsIgnoreCase("YES")) {
            this.doNonce = true;
        } else {
            this.doNonce = false;
        }
    }

    public String getPropertiesFile() {
        if (this.propFilePath == null) {
            System.err.println("Maybe You must be use a loadProperties(Properties prop) for setting a property , You must use a loadProperties(String path)");
        }
        return this.propFilePath;
    }

    public void loadProperties(Properties properties) {
        this.prop = properties;
        this.propFilePath = null;
    }

    public Enumeration request(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws IOException, OCSPException {
        String str;
        X509Certificate x509Certificate3;
        SecureRandom secureRandom;
        String str2 = null;
        String str3 = null;
        String str4 = null;
        if (!removeSpace(x509Certificate2.getSubjectDN().getName()).equalsIgnoreCase(removeSpace(x509Certificate.getIssuerDN().getName()))) {
            throw new OCSPException("OCSP_9999", "Invalid CA Certificate");
        }
        try {
            try {
                loadProperties(this.propFilePath);
                if (this.prop.getProperty("ONLY_ONE_OCSP_SERVER").equalsIgnoreCase("YES")) {
                    this.responderURL = null;
                } else {
                    this.responderURL = getResponderURL(x509Certificate);
                }
                if (this.responderURL != null) {
                    serverConfig(-2);
                } else if (this.prop.getProperty("ONLY_ONE_OCSP_SERVER").equalsIgnoreCase("YES")) {
                    serverConfig(-1);
                    str2 = this.prop.getProperty("OCSP_SERVER_IP");
                    str3 = this.prop.getProperty("OCSP_SERVER_PORT");
                    if (this.prop.getProperty("OCSP_SERVER_ETC") != null) {
                        str4 = this.prop.getProperty("OCSP_SERVER_ETC");
                    }
                } else {
                    this.num = checkOcspServer(x509Certificate2);
                    if (this.num == 0) {
                        throw new OCSPException("OCSP_9999", "Can't Find OCSP Server Certificate");
                    }
                    serverConfig(this.num);
                    str2 = this.prop.getProperty("OCSP_SERVER_IP." + Integer.toString(this.num));
                    str3 = this.prop.getProperty("OCSP_SERVER_PORT." + Integer.toString(this.num));
                    if (this.prop.getProperty("OCSP_SERVER_ETC." + Integer.toString(this.num)) != null) {
                        str4 = this.prop.getProperty("OCSP_SERVER_ETC." + Integer.toString(this.num));
                    }
                }
                this.req.add(x509Certificate2, x509Certificate);
                if (this.doNonce) {
                    try {
                        secureRandom = SecureRandom.getInstance("X9.17", "Initech");
                    } catch (Exception e) {
                        secureRandom = new SecureRandom();
                    }
                    if (this.prop.getProperty("OCSP_SERVER_NONCE_MANUAL_VALUE").equals("")) {
                        this.nonce = new byte[16];
                        secureRandom.nextBytes(this.nonce);
                    } else {
                        this.nonce = this.prop.getProperty("OCSP_SERVER_NONCE_MANUAL_VALUE").getBytes();
                    }
                    Nonce nonce = new Nonce();
                    nonce.setNonce(this.nonce);
                    this.req.addExtension(nonce);
                }
                if (this.doSign) {
                    this.req.sign(this.clientCert, this.clientPriv, this.algorithmID, "Initech");
                }
                this.req.encode(this.der);
                if (this.responderURL != null) {
                    str = this.responderURL;
                } else if (str3.equals("")) {
                    str = String.valueOf(GlobalStatic.HTTP_SCHEME) + str2 + "/";
                    if (str4 != null) {
                        str = String.valueOf(str) + str4;
                    }
                } else {
                    str = String.valueOf(GlobalStatic.HTTP_SCHEME) + str2 + ":" + str3 + "/";
                    if (str4 != null) {
                        str = String.valueOf(str) + str4;
                    }
                }
                HttpOCSPRequest httpOCSPRequest = new HttpOCSPRequest(new URL(str));
                int request = httpOCSPRequest.request(this.req);
                if (request != 200) {
                    if (request == 403) {
                        throw new OCSPException("OCSP_0001", "HttpStatusCode:Forbidden");
                    }
                    if (request == 500) {
                        throw new OCSPException("OCSP_0002", "HttpStatusCode:Internal Server Error");
                    }
                    if (request == 401) {
                        throw new OCSPException("OCSP_0003", "HttpStatusCode:Unauthorized");
                    }
                    throw new OCSPException("OCSP_0004", "HttpStatusCode:" + request);
                }
                this.resp = httpOCSPRequest.getOCSPResponse();
                switch (this.resp.getStatus()) {
                    case 0:
                    case 4:
                    default:
                        OCSPResponseType oCSPResponseType = this.resp.getResponseType().equals(AcceptableResponses.BASIC) ? (BasicResponse) this.resp.getResponse() : (RAWResponse) this.resp.getResponse();
                        if (this.doNonce) {
                            byte[] nonce2 = new Nonce(((BasicResponse) oCSPResponseType).getExtensionValue(Nonce.OID)).getNonce();
                            for (int i = 0; i < this.nonce.length; i++) {
                                if (this.nonce[i] != nonce2[i]) {
                                    throw new OCSPException("OCSP_0011", "OCSPManager:response:Invalid nonce value");
                                }
                            }
                        }
                        if (this.doVerify) {
                            X509Certificate[] certs = oCSPResponseType.getCerts();
                            if (certs.length == 0) {
                                oCSPResponseType.verify(this.serverCert.getPublicKey());
                                x509Certificate3 = this.serverCert;
                            } else {
                                oCSPResponseType.verify(certs[0].getPublicKey());
                                x509Certificate3 = certs[0];
                            }
                            checkPathValidation(x509Certificate3);
                        }
                        return oCSPResponseType.getResponses();
                    case 1:
                        throw new OCSPException("OCSP_0006", "OCSPManager:request:[MALFORMED_REQUEST])");
                    case 2:
                        throw new OCSPException("OCSP_0007", "OCSPManager:request:[INTERNAL_ERROR]");
                    case 3:
                        throw new OCSPException("OCSP_0008", "OCSPManager:request[TRY_LATER]");
                    case 5:
                        throw new OCSPException("OCSP_0009", "OCSPManager:request[SIG_REQUIRED]");
                    case 6:
                        throw new OCSPException("OCSP_0010", "OCSPManager:request:[UNAUTHORIZED]");
                }
            } catch (Exception e2) {
                e2.printStackTrace();
                throw new OCSPException("OCSP_0005", "OCSPManager:request:Exception:[" + e2.getMessage() + "]");
            }
        } catch (OCSPException e3) {
            throw e3;
        } catch (IOException e4) {
            throw e4;
        }
    }

    public void setMDAlgorithmID(String str) {
        this.algorithmID.setAlgorithm(str);
    }
}
