package com.rsa.sslj.x;

import com.rsa.certj.DatabaseService;
import com.rsa.certj.Service;
import com.rsa.certj.cert.X509Certificate;
import com.rsa.certj.provider.path.PKIXCertPath;
import com.rsa.certj.provider.revocation.ocsp.OCSPResponderInternal;
import com.rsa.jcp.OCSPParameters;
import com.rsa.jcp.OCSPResponderConfig;
import com.rsa.jcp.OCSPWithRespondersParameters;
import com.rsa.jsafe.CryptoJ;
import com.rsa.jsafe.FIPS140Context;
import com.rsa.jsafe.JSAFE_InvalidUseException;
import com.rsa.jsafe.JSAFE_PrivateKey;
import com.rsa.jsafe.provider.JsafeJCE;
import com.rsa.jsse.FIPS140Mode;
import com.rsa.jsse.FIPS140Role;
import com.rsa.jsse.SuiteBMode;
import com.rsa.ssl.CertJIntegrator;
import com.rsa.ssl.CertPathValidationAlgorithm;
import com.rsa.ssl.SSLJVersion;
import com.rsa.ssl.SSLParams;
import com.rsa.ssl.SSLSessionCache;
import com.rsa.ssl.SuiteBMode;
import com.rsa.ssl.external.IntegratedCertJVerifier;
import java.io.ByteArrayInputStream;
import java.lang.ref.WeakReference;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.cert.CertSelector;
import java.security.cert.CertStore;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CRL;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocketFactory;

/* loaded from: classes.dex */
public final class cC {
    private static final Map<SuiteBMode.EnforcementLevel, SuiteBMode.EnforcementLevel> r = l();
    private static final Map<SuiteBMode.SecurityLevel, SuiteBMode.SecurityLevel> s = m();
    private static Map u = new HashMap();

    /* renamed from: a, reason: collision with root package name */
    public com.rsa.jsse.b f4386a;

    /* renamed from: b, reason: collision with root package name */
    public JsafeJCE f4387b;

    /* renamed from: c, reason: collision with root package name */
    public FIPS140Mode f4388c;

    /* renamed from: d, reason: collision with root package name */
    public com.rsa.jsse.SuiteBMode f4389d;
    public cH e;
    public cw f;
    public cI g;
    public cB h;
    public cG i;
    public cv j;
    public int k;
    public boolean l;
    public CertPathValidationAlgorithm m;
    public cz n;
    public cF o;
    SSLParams p;
    boolean q;
    private FIPS140Context t;
    private com.rsa.jsse.f v;
    private byte[] w;
    private SSLSessionCache x;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class a {

        /* renamed from: a, reason: collision with root package name */
        public final FIPS140Mode f4390a;

        /* renamed from: b, reason: collision with root package name */
        public final FIPS140Role f4391b;

        /* renamed from: c, reason: collision with root package name */
        public final com.rsa.jsse.SuiteBMode f4392c;

        /* renamed from: d, reason: collision with root package name */
        public final boolean f4393d;

        public a() {
            this.f4390a = null;
            this.f4391b = null;
            this.f4392c = null;
            this.f4393d = true;
        }

        public a(com.rsa.ssl.FIPS140Mode fIPS140Mode, com.rsa.ssl.FIPS140Role fIPS140Role, com.rsa.ssl.SuiteBMode suiteBMode) {
            this.f4390a = fIPS140Mode != null ? FIPS140Mode.lookup(fIPS140Mode.getValue()) : C0112bg.c();
            this.f4391b = fIPS140Role != null ? FIPS140Role.lookup(fIPS140Role.getValue()) : C0112bg.b();
            this.f4392c = suiteBMode != null ? new com.rsa.jsse.SuiteBMode((SuiteBMode.SecurityLevel) cC.s.get(suiteBMode.getSecurityLevel()), (SuiteBMode.EnforcementLevel) cC.r.get(suiteBMode.getEnforcementLevel())) : com.rsa.jsse.SuiteBMode.NON_SUITEB_MODE;
            this.f4393d = false;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof a)) {
                return false;
            }
            a aVar = (a) obj;
            if (this.f4393d && aVar.f4393d) {
                return true;
            }
            return this.f4393d == aVar.f4393d && this.f4390a == aVar.f4390a && this.f4391b == aVar.f4391b && this.f4392c.getSecurityLevel() == aVar.f4392c.getSecurityLevel() && this.f4392c.getEnforcementLevel() == aVar.f4392c.getEnforcementLevel();
        }

        public int hashCode() {
            if (this.f4393d) {
                return 1;
            }
            return this.f4392c.getSecurityLevel().hashCode() + this.f4391b.hashCode() + this.f4390a.hashCode() + this.f4392c.getEnforcementLevel().hashCode();
        }
    }

    public cC() {
        this(a(new a()));
    }

    private cC(com.rsa.jsse.b bVar) {
        this.e = new cH(this);
        this.i = new cG(this);
        this.j = new cv();
        this.k = 16384;
        this.l = C0110be.p();
        this.m = CertPathValidationAlgorithm.PKIX;
        this.n = new cz();
        this.o = new cF();
        boolean isFIPS140Compliant = SSLJVersion.isFIPS140Compliant();
        this.f4386a = bVar;
        this.f4389d = bVar.c();
        this.f4388c = bVar.a();
        int value = this.f4388c.getValue();
        int value2 = bVar.b().getValue();
        this.f4387b = bVar.d();
        if (isFIPS140Compliant) {
            try {
                this.t = CryptoJ.getFIPS140Context().setMode(value).setRole(value2);
            } catch (JSAFE_InvalidUseException unused) {
                throw new AssertionError("Implementation Error: JSAFE API FIPS 140 context");
            }
        }
        this.h = new cB();
        this.f = new cw(this, this.f4387b, this.t, this.h);
        this.g = new cI(this);
    }

    public cC(com.rsa.ssl.FIPS140Mode fIPS140Mode) {
        this(a(new a(fIPS140Mode, null, null)));
    }

    public cC(com.rsa.ssl.FIPS140Mode fIPS140Mode, com.rsa.ssl.FIPS140Role fIPS140Role) {
        this(a(new a(fIPS140Mode, fIPS140Role, null)));
    }

    public cC(com.rsa.ssl.FIPS140Mode fIPS140Mode, com.rsa.ssl.FIPS140Role fIPS140Role, com.rsa.ssl.SuiteBMode suiteBMode) {
        this(a(new a(fIPS140Mode, fIPS140Role, suiteBMode)));
    }

    public cC(com.rsa.ssl.FIPS140Mode fIPS140Mode, com.rsa.ssl.SuiteBMode suiteBMode) {
        this(a(new a(fIPS140Mode, null, suiteBMode)));
    }

    public cC(com.rsa.ssl.SuiteBMode suiteBMode) {
        this(a(new a(null, null, suiteBMode)));
    }

    private OCSPResponderConfig a(OCSPResponderInternal oCSPResponderInternal, int i) {
        X509Certificate signerCert;
        OCSPResponderConfig oCSPResponderConfig = new OCSPResponderConfig();
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X509", this.f4387b);
        if (oCSPResponderInternal.getRequestControl() != null && (signerCert = oCSPResponderInternal.getRequestControl().getSignerCert()) != null) {
            oCSPResponderConfig.setDigestAlgorithm(oCSPResponderInternal.getRequestControl().getDigestAlgorithm());
            JSAFE_PrivateKey selectPrivateKeyByCertificate = oCSPResponderInternal.getDatabase().selectPrivateKeyByCertificate(signerCert);
            ArrayList arrayList = new ArrayList(1);
            arrayList.add(cJ.a(cJ.a(signerCert), certificateFactory));
            oCSPResponderConfig.setSignOCSPRequest(a(selectPrivateKeyByCertificate), oCSPResponderInternal.getRequestControl().getSignatureAlgorithm(), arrayList);
        }
        if (oCSPResponderInternal.getProxyList() != null) {
            oCSPResponderConfig.setOCSPResponderProxy(oCSPResponderInternal.getProxyList()[0]);
        }
        oCSPResponderConfig.setResponderURL(oCSPResponderInternal.getDestList()[i]);
        oCSPResponderConfig.setTimeTolerance(oCSPResponderInternal.getTimeTolerance());
        oCSPResponderConfig.setTrustedResponderCert(cJ.a(cJ.a(oCSPResponderInternal.getResponderCert()), certificateFactory));
        oCSPResponderConfig.setUseNonce((oCSPResponderInternal.getFlags() & 1) == 0);
        return oCSPResponderConfig;
    }

    private static synchronized com.rsa.jsse.b a(a aVar) {
        com.rsa.jsse.b bVar;
        synchronized (cC.class) {
            WeakReference weakReference = (WeakReference) u.get(aVar);
            bVar = weakReference != null ? (com.rsa.jsse.b) weakReference.get() : null;
            if (bVar == null) {
                bVar = aVar.f4393d ? new com.rsa.jsse.b() : new com.rsa.jsse.b(aVar.f4390a, aVar.f4391b, aVar.f4392c);
                u.put(aVar, new WeakReference(bVar));
            }
        }
        return bVar;
    }

    private PrivateKey a(JSAFE_PrivateKey jSAFE_PrivateKey) {
        return KeyFactory.getInstance(jSAFE_PrivateKey.getAlgorithm(), this.f4387b).generatePrivate(new PKCS8EncodedKeySpec(jSAFE_PrivateKey.getKeyData(jSAFE_PrivateKey.getAlgorithm() + "PrivateKeyBER")[0]));
    }

    private X509CRL a(com.rsa.certj.cert.X509CRL x509crl) {
        byte[] bArr = new byte[x509crl.getDERLen(0)];
        x509crl.getDEREncoding(bArr, 0, 0);
        return (X509CRL) CertificateFactory.getInstance("X509", this.f4387b).generateCRL(new ByteArrayInputStream(bArr));
    }

    private void a(OCSPResponderInternal oCSPResponderInternal) {
        int flags = oCSPResponderInternal.getFlags();
        if (oCSPResponderInternal.getDestList() == null) {
            throw new Exception("Responder destination URL must not be null");
        }
        if (oCSPResponderInternal.getProfile() != 0) {
            throw new Exception("Only OCSPResponder.PROFILE_GENERIC is supported");
        }
        if (oCSPResponderInternal.getProxyList() != null && oCSPResponderInternal.getProxyList().length > 1) {
            throw new Exception("More than one proxy is not supported");
        }
        if ((flags & 2) != 0) {
            throw new Exception("OCSPResponder.FLAG_DISABLE_CERT_SEND is not supported");
        }
        if ((flags & 4) != 0) {
            throw new Exception("OCSPResponder.FLAG_ENABLE_CHAIN_SEND is not supported");
        }
        if ((flags & 8) != 0) {
            throw new Exception("OCSPResponder.FLAG_RESPONDER_NOCHECK is not supported");
        }
        if (oCSPResponderInternal.getResponderCACerts() != null && oCSPResponderInternal.getResponderCACerts().length > 0) {
            throw new Exception("ResponderCACerts is not supported");
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:15:0x0044, code lost:
    
        if (r2 != null) goto L14;
     */
    /* JADX WARN: Code restructure failed: missing block: B:16:0x0046, code lost:
    
        r2 = new java.security.cert.PKIXBuilderParameters(r6.g.c(), (java.security.cert.CertSelector) null);
     */
    /* JADX WARN: Code restructure failed: missing block: B:17:0x0052, code lost:
    
        r1.a(new javax.net.ssl.CertPathTrustManagerParameters(new com.rsa.jcp.CertPathWithOCSPParameters(r2, r3)));
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void g() {
        /*
            r6 = this;
            com.rsa.jsse.b r0 = r6.f4386a     // Catch: java.security.NoSuchAlgorithmException -> L98
            com.rsa.jsse.f r0 = com.rsa.jsse.f.a(r0)     // Catch: java.security.NoSuchAlgorithmException -> L98
            r6.v = r0     // Catch: java.security.NoSuchAlgorithmException -> L98
            com.rsa.jsse.b r0 = r6.f4386a     // Catch: java.lang.Exception -> L91
            com.rsa.jsse.e r0 = com.rsa.jsse.e.a(r0)     // Catch: java.lang.Exception -> L91
            com.rsa.sslj.x.cw r1 = r6.f     // Catch: java.lang.Exception -> L91
            java.security.KeyStore r1 = r1.b()     // Catch: java.lang.Exception -> L91
            char[] r2 = com.rsa.sslj.x.cw.f4449a     // Catch: java.lang.Exception -> L91
            r0.a(r1, r2)     // Catch: java.lang.Exception -> L91
            com.rsa.ssl.CertPathValidationAlgorithm r1 = r6.m     // Catch: java.lang.Exception -> L91
            java.lang.String r1 = r1.toString()     // Catch: java.lang.Exception -> L91
            com.rsa.jsse.b r2 = r6.f4386a     // Catch: java.lang.Exception -> L91
            com.rsa.jsse.g r1 = com.rsa.jsse.g.a(r1, r2)     // Catch: java.lang.Exception -> L91
            com.rsa.ssl.SSLParams r2 = r6.p     // Catch: java.lang.Exception -> L91
            com.rsa.ssl.external.Truster r2 = r2.getTruster()     // Catch: java.lang.Exception -> L91
            if (r2 == 0) goto L6b
            java.security.cert.PKIXBuilderParameters r2 = r6.h()     // Catch: java.lang.Exception -> L91
            com.rsa.jcp.OCSPParameters r3 = r6.i()     // Catch: java.lang.Exception -> L91
            if (r2 != 0) goto L42
            if (r3 == 0) goto L3a
            goto L42
        L3a:
            java.lang.Exception r0 = new java.lang.Exception     // Catch: java.lang.Exception -> L91
            java.lang.String r1 = "The Truster must use OCSP or CRLs"
            r0.<init>(r1)     // Catch: java.lang.Exception -> L91
            throw r0     // Catch: java.lang.Exception -> L91
        L42:
            if (r3 == 0) goto L60
            if (r2 != 0) goto L52
            java.security.cert.PKIXBuilderParameters r2 = new java.security.cert.PKIXBuilderParameters     // Catch: java.lang.Exception -> L91
            com.rsa.sslj.x.cI r4 = r6.g     // Catch: java.lang.Exception -> L91
            java.security.KeyStore r4 = r4.c()     // Catch: java.lang.Exception -> L91
            r5 = 0
            r2.<init>(r4, r5)     // Catch: java.lang.Exception -> L91
        L52:
            com.rsa.jcp.CertPathWithOCSPParameters r4 = new com.rsa.jcp.CertPathWithOCSPParameters     // Catch: java.lang.Exception -> L91
            r4.<init>(r2, r3)     // Catch: java.lang.Exception -> L91
            javax.net.ssl.CertPathTrustManagerParameters r2 = new javax.net.ssl.CertPathTrustManagerParameters     // Catch: java.lang.Exception -> L91
            r2.<init>(r4)     // Catch: java.lang.Exception -> L91
            r1.a(r2)     // Catch: java.lang.Exception -> L91
            goto L74
        L60:
            if (r2 == 0) goto L74
            javax.net.ssl.CertPathTrustManagerParameters r3 = new javax.net.ssl.CertPathTrustManagerParameters     // Catch: java.lang.Exception -> L91
            r3.<init>(r2)     // Catch: java.lang.Exception -> L91
            r1.a(r3)     // Catch: java.lang.Exception -> L91
            goto L74
        L6b:
            com.rsa.sslj.x.cI r2 = r6.g     // Catch: java.lang.Exception -> L91
            java.security.KeyStore r2 = r2.c()     // Catch: java.lang.Exception -> L91
            r1.a(r2)     // Catch: java.lang.Exception -> L91
        L74:
            com.rsa.jsse.f r2 = r6.v     // Catch: java.lang.Exception -> L91
            javax.net.ssl.KeyManager[] r0 = r0.a()     // Catch: java.lang.Exception -> L91
            javax.net.ssl.TrustManager[] r1 = r1.a()     // Catch: java.lang.Exception -> L91
            com.rsa.sslj.x.cB r3 = r6.h     // Catch: java.lang.Exception -> L91
            com.rsa.jsafe.JSAFE_SecureRandom r3 = r3.b()     // Catch: java.lang.Exception -> L91
            com.rsa.sslj.x.cz r4 = r6.n     // Catch: java.lang.Exception -> L91
            com.rsa.jsafe.provider.PKCS11SessionParameterSpec[] r4 = r4.c()     // Catch: java.lang.Exception -> L91
            r2.a(r0, r1, r3, r4)     // Catch: java.lang.Exception -> L91
            r6.k()     // Catch: java.lang.Exception -> L91
            return
        L91:
            r0 = move-exception
            java.lang.RuntimeException r1 = new java.lang.RuntimeException
            r1.<init>(r0)
            throw r1
        L98:
            java.lang.AssertionError r0 = new java.lang.AssertionError
            java.lang.String r1 = "Implementation Error: SSLJ / JSSE inconsistent protocol versions"
            r0.<init>(r1)
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.rsa.sslj.x.cC.g():void");
    }

    private PKIXBuilderParameters h() {
        CertJIntegrator certJIntegrator = ((IntegratedCertJVerifier) this.p.getTruster()).getCertJIntegrator();
        if (!certJIntegrator.getCertJObject().isProviderRegistered(new PKIXCertPath("PKIX Cert Path"), 3)) {
            throw new RuntimeException("Only PKIX based cert path validation supported");
        }
        ArrayList arrayList = new ArrayList();
        DatabaseService databaseService = certJIntegrator.getDatabaseService();
        com.rsa.certj.cert.X509CRL x509crl = (com.rsa.certj.cert.X509CRL) databaseService.firstCRL();
        if (x509crl == null) {
            return null;
        }
        arrayList.add(a(x509crl));
        boolean z = false;
        do {
            com.rsa.certj.cert.X509CRL x509crl2 = (com.rsa.certj.cert.X509CRL) databaseService.nextCRL();
            if (x509crl2 != null) {
                arrayList.add(a(x509crl2));
            } else {
                z = true;
            }
        } while (!z);
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(this.g.c(), (CertSelector) null);
        pKIXBuilderParameters.addCertStore(CertStore.getInstance(JsafeJCE.COLLECTION, new CollectionCertStoreParameters(arrayList)));
        pKIXBuilderParameters.setRevocationEnabled(true);
        return pKIXBuilderParameters;
    }

    private OCSPParameters i() {
        OCSPResponderInternal[] j = j();
        if (j == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < j.length; i++) {
            a(j[i]);
            for (int i2 = 0; i2 < j[i].getDestList().length; i2++) {
                arrayList.add(a(j[i], i2));
            }
        }
        return new OCSPWithRespondersParameters(arrayList);
    }

    private OCSPResponderInternal[] j() {
        try {
            Service bindServices = ((IntegratedCertJVerifier) this.p.getTruster()).getCertJIntegrator().getCertJObject().bindServices(2);
            boolean z = false;
            Method declaredMethod = Service.class.getDeclaredMethod("getProviderAt", Integer.TYPE);
            declaredMethod.setAccessible(true);
            Object invoke = declaredMethod.invoke(bindServices, 0);
            Field[] declaredFields = invoke.getClass().getDeclaredFields();
            Object obj = null;
            int i = 0;
            while (true) {
                if (i >= declaredFields.length) {
                    z = true;
                    break;
                }
                declaredFields[i].setAccessible(true);
                obj = declaredFields[i].get(invoke);
                if (obj.getClass().getName().equals("com.rsa.certj.provider.revocation.ocsp.OCSP")) {
                    break;
                }
                i++;
            }
            if (z) {
                return null;
            }
            Field declaredField = obj.getClass().getDeclaredField("responders");
            declaredField.setAccessible(true);
            return (OCSPResponderInternal[]) declaredField.get(obj);
        } catch (Exception unused) {
            return null;
        }
    }

    private void k() {
        com.rsa.jsse.f fVar = this.v;
        if (fVar == null || this.x == null || this.w == null) {
            return;
        }
        ((aP) fVar.b()).a(this.w, new cA(this.x));
    }

    private static Map<SuiteBMode.EnforcementLevel, SuiteBMode.EnforcementLevel> l() {
        HashMap hashMap = new HashMap();
        hashMap.put(SuiteBMode.EnforcementLevel.STRICT, SuiteBMode.EnforcementLevel.STRICT);
        hashMap.put(SuiteBMode.EnforcementLevel.PREFERRED, SuiteBMode.EnforcementLevel.PREFERRED);
        return Collections.unmodifiableMap(hashMap);
    }

    private static Map<SuiteBMode.SecurityLevel, SuiteBMode.SecurityLevel> m() {
        HashMap hashMap = new HashMap();
        hashMap.put(SuiteBMode.SecurityLevel.LEVEL_128, SuiteBMode.SecurityLevel.LEVEL_128);
        hashMap.put(SuiteBMode.SecurityLevel.LEVEL_128_AND_192, SuiteBMode.SecurityLevel.LEVEL_128_AND_192);
        hashMap.put(SuiteBMode.SecurityLevel.LEVEL_192, SuiteBMode.SecurityLevel.LEVEL_192);
        hashMap.put(SuiteBMode.SecurityLevel.LEVEL_192_AND_128, SuiteBMode.SecurityLevel.LEVEL_192_AND_128);
        hashMap.put(SuiteBMode.SecurityLevel.NONE, SuiteBMode.SecurityLevel.NONE);
        return Collections.unmodifiableMap(hashMap);
    }

    public synchronized com.rsa.jsse.f a() {
        if (this.v == null) {
            g();
        }
        return this.v;
    }

    public void a(SSLParams sSLParams) {
        this.p = sSLParams;
    }

    public void a(byte[] bArr, SSLSessionCache sSLSessionCache) {
        this.w = bArr;
        this.x = sSLSessionCache;
        k();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized void b() {
        this.v = null;
    }

    public SSLServerSocketFactory c() {
        com.rsa.jsse.f a2 = a();
        this.o.a(this.p, this.f4387b, a2.b(), false);
        this.q = false;
        return a2.c();
    }

    public SSLSocketFactory d() {
        com.rsa.jsse.f a2 = a();
        this.o.a(this.p, this.f4387b, a2.a(), true);
        this.q = true;
        return a2.d();
    }
}
