package com.nttdocomo.android.ocsplib;

import android.content.Context;
import android.net.TrafficStats;
import android.os.Build;
import android.security.NetworkSecurityPolicy;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.ASN1InputStream;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.ASN1Primitive;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.ASN1Sequence;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.DERIA5String;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.DEROctetString;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.x509.AccessDescription;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.x509.AuthorityInformationAccess;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.x509.Extension;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.x509.GeneralName;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.X509CertificateHolder;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.jcajce.SHA1DigestCalculator;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.CertificateID;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.OCSPReq;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.OCSPReqBuilder;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.OCSPResp;
import com.nttdocomo.android.ocsplib.exception.OcspParameterException;
import com.nttdocomo.android.ocsplib.exception.OcspRequestException;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.InetSocketAddress;
import java.net.MalformedURLException;
import java.net.Socket;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateRevokedException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import jp.watashi_move.api.internal.util.WMConstants;
import org.apache.http.HttpStatus;

/* loaded from: classes.dex */
public class OcspUtil {
    private static final String CA_PROVIDER_NAME_AFTER_ICS = "AndroidCAStore";
    private static final String CA_PROVIDER_NAME_BEFORE_HONEYCOMB = "BKS";
    private static final String DN_REPLACE_FROM = "[^\\\\], +";
    private static final String DN_REPLACE_TO = ",";
    private static final String KEYSTORE_PATH_DEFAULT = "/system/etc/security/cacerts.bks";
    private static final String KEYSTORE_PATH_PROPERTY_NAME = "javax.net.ssl.trustStore";
    private static final String MESSAGE_DIGEST_NAME = "SHA1";
    private static final String PROVIDER_NAME;
    private static final int REDIRECT_LIMIT = 20;
    private static final int RESPONSE_BUFFER_SIZE = 4096;
    public static final int STATUS_GOOD = 0;
    public static final int STATUS_PIN_VERIFICATION_FAILED = 3;
    public static final int STATUS_REVOKED = 1;
    public static final int STATUS_UNKNOWN = 2;
    private static final String USER_AGENT = toHumanReadableAscii(System.getProperty("http.agent", "ocsp client"));
    private static HashMap<String, String> sCertNameMap;
    private static int sConnectTimeout;
    private static KeyStore sKeyStore;
    private static final Object sLockCert;
    private static final Object sLockPinning;
    private static PinningCertificates sPinningCertificates;
    private static int sReadTimeout;

    static {
        PROVIDER_NAME = Build.VERSION.SDK_INT < 28 ? "BC" : null;
        sConnectTimeout = 5000;
        sReadTimeout = 5000;
        sCertNameMap = null;
        sKeyStore = null;
        sPinningCertificates = null;
        sLockCert = new Object();
        sLockPinning = new Object();
    }

    /* JADX WARN: Code restructure failed: missing block: B:10:0x002c, code lost:
    
        if (r9.isSignatureValid(new com.nttdocomo.android.ocsplib.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder().setProvider(com.nttdocomo.android.ocsplib.OcspUtil.PROVIDER_NAME).build(r10)) != false) goto L8;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static int analyseResponse(com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.OCSPResp r9, java.security.PublicKey r10, java.lang.String r11, java.lang.String r12) {
        /*
            Method dump skipped, instructions count: 482
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.nttdocomo.android.ocsplib.OcspUtil.analyseResponse(com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.OCSPResp, java.security.PublicKey, java.lang.String, java.lang.String):int");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean checkPins(List<X509Certificate> list, String str) {
        PinningCertificates pinningCertificates;
        LogUtil.d("checkPins start.");
        if (str == null || (pinningCertificates = sPinningCertificates) == null) {
            LogUtil.d("Pinning certificates is disabled or no hostname found. Skip checkPins.");
            return true;
        }
        try {
            boolean checkPins = pinningCertificates.checkPins(list, str);
            LogUtil.d("checkPins end. ret : " + checkPins);
            return checkPins;
        } catch (RuntimeException e) {
            throw new OcspParameterException(e.getMessage());
        }
    }

    private static void clearThreadStatsTag() {
        if (Build.VERSION.SDK_INT > 14) {
            TrafficStats.clearThreadStatsTag();
        }
    }

    public static void deleteCache() {
        String str;
        LogUtil.d("deleteCache() start");
        if (isInitialized()) {
            CacheUtil.deleteCache();
            str = "deleteCache() end";
        } else {
            str = "OcspUtil has not been initialized. No cache file deleted.";
        }
        LogUtil.d(str);
    }

    private static void ensureCertNameMapGenerated() {
        synchronized (sLockCert) {
            if (sCertNameMap == null) {
                sCertNameMap = new HashMap<>();
                try {
                    try {
                        try {
                            try {
                                if (Build.VERSION.SDK_INT >= 14) {
                                    KeyStore keyStore = KeyStore.getInstance(CA_PROVIDER_NAME_AFTER_ICS);
                                    sKeyStore = keyStore;
                                    keyStore.load(null, null);
                                } else {
                                    sKeyStore = KeyStore.getInstance(CA_PROVIDER_NAME_BEFORE_HONEYCOMB);
                                    String property = System.getProperty(KEYSTORE_PATH_PROPERTY_NAME);
                                    if (property == null) {
                                        LogUtil.d("TrustStore path not found. set default.");
                                        property = KEYSTORE_PATH_DEFAULT;
                                    }
                                    LogUtil.d("TrustStore path : " + property);
                                    sKeyStore.load(new FileInputStream(property), null);
                                }
                                Enumeration<String> aliases = sKeyStore.aliases();
                                String str = "Load root certificate list ...";
                                while (true) {
                                    LogUtil.d(str);
                                    if (!aliases.hasMoreElements()) {
                                        break;
                                    }
                                    String nextElement = aliases.nextElement();
                                    String replaceAll = ((X509Certificate) sKeyStore.getCertificate(nextElement)).getSubjectX500Principal().getName().replaceAll(DN_REPLACE_FROM, ",");
                                    sCertNameMap.put(replaceAll, nextElement);
                                    str = "  " + replaceAll;
                                }
                            } catch (KeyStoreException e) {
                                LogUtil.d("Failed to get root certificate. KeyStoreException : " + e.getMessage());
                                sCertNameMap = null;
                            }
                        } catch (NoSuchAlgorithmException e2) {
                            LogUtil.d("Failed to get root certificate. NoSuchAlgorithmException : " + e2.getMessage());
                            sCertNameMap = null;
                        }
                    } catch (CertificateException e3) {
                        LogUtil.d("Failed to get root certificate. CertificateException : " + e3.getMessage());
                        sCertNameMap = null;
                    }
                } catch (IOException e4) {
                    LogUtil.d("Failed to get root certificate. IOException : " + e4.getMessage());
                    sCertNameMap = null;
                }
            }
        }
    }

    private static OCSPReq generateOCSPRequest(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        try {
            OCSPReqBuilder oCSPReqBuilder = new OCSPReqBuilder();
            oCSPReqBuilder.addRequest(new CertificateID(new SHA1DigestCalculator(MessageDigest.getInstance("SHA1")), new X509CertificateHolder(x509Certificate2.getEncoded()), x509Certificate.getSerialNumber()));
            return oCSPReqBuilder.build();
        } catch (Exception e) {
            LogUtil.d("Failed to generate OCSP request. " + e.getMessage());
            throw new OcspRequestException("Failed to generate OCSP request. ", e);
        }
    }

    private static String getOcspServerUrl(X509Certificate x509Certificate) {
        String str;
        byte[] extensionValue = x509Certificate.getExtensionValue(Extension.authorityInfoAccess.getId());
        if (extensionValue == null) {
            str = "Certificate doesn't have authority information access points.";
        } else {
            try {
                for (AccessDescription accessDescription : AuthorityInformationAccess.getInstance(ASN1Sequence.getInstance(ASN1Primitive.fromByteArray(((DEROctetString) new ASN1InputStream(extensionValue).readObject()).getOctets()))).getAccessDescriptions()) {
                    GeneralName accessLocation = accessDescription.getAccessLocation();
                    if (accessLocation.getTagNo() == 6 && X509ObjectIdentifiers.ocspAccessMethod.getId().equals(accessDescription.getAccessMethod().getId())) {
                        return DERIA5String.getInstance(accessLocation.getName()).getString();
                    }
                }
                str = "Cannot find OCSP responder URL from certificate.";
            } catch (IOException unused) {
                str = "Cannot read authority information access points.";
            }
        }
        LogUtil.d(str);
        return null;
    }

    private static X509Certificate getRootCertificate(X509Certificate x509Certificate) {
        String replaceAll = x509Certificate.getIssuerX500Principal().getName().replaceAll(DN_REPLACE_FROM, ",");
        ensureCertNameMapGenerated();
        HashMap<String, String> hashMap = sCertNameMap;
        if (hashMap != null && sKeyStore != null) {
            try {
                String str = hashMap.get(replaceAll);
                if (str != null) {
                    return (X509Certificate) sKeyStore.getCertificate(str);
                }
            } catch (KeyStoreException e) {
                LogUtil.d("Failed to get root certificate. KeyStoreException : " + e.getMessage());
            }
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:25:0x009d  */
    /* JADX WARN: Removed duplicated region for block: B:27:0x00a2  */
    /* JADX WARN: Type inference failed for: r5v2 */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static java.security.cert.Certificate[] getServerCertificates(java.net.URL r5) {
        /*
            boolean r0 = setTheadStatsTagIfneed()
            r1 = 0
            java.net.URLConnection r5 = r5.openConnection()     // Catch: java.lang.Throwable -> L71 java.io.IOException -> L76
            javax.net.ssl.HttpsURLConnection r5 = (javax.net.ssl.HttpsURLConnection) r5     // Catch: java.lang.Throwable -> L71 java.io.IOException -> L76
            r1 = 0
            r5.setInstanceFollowRedirects(r1)     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            int r1 = com.nttdocomo.android.ocsplib.OcspUtil.sConnectTimeout     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            r5.setConnectTimeout(r1)     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            java.lang.StringBuilder r1 = new java.lang.StringBuilder     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            r1.<init>()     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            java.lang.String r2 = "Get server certificates connect timeout : "
            r1.append(r2)     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            int r2 = r5.getConnectTimeout()     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            r1.append(r2)     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            java.lang.String r1 = r1.toString()     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            com.nttdocomo.android.ocsplib.LogUtil.d(r1)     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            int r1 = com.nttdocomo.android.ocsplib.OcspUtil.sReadTimeout     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            r5.setReadTimeout(r1)     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            java.lang.StringBuilder r1 = new java.lang.StringBuilder     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            r1.<init>()     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            java.lang.String r2 = "Get server certificates read timeout : "
            r1.append(r2)     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            int r2 = r5.getReadTimeout()     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            r1.append(r2)     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            java.lang.String r1 = r1.toString()     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            com.nttdocomo.android.ocsplib.LogUtil.d(r1)     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            java.lang.String r1 = "Connect to server to get certificates. (HttpsURLConnection)"
            com.nttdocomo.android.ocsplib.LogUtil.d(r1)     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            r5.connect()     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            int r1 = android.os.Build.VERSION.SDK_INT     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            r2 = 14
            if (r1 == r2) goto L5d
            int r1 = android.os.Build.VERSION.SDK_INT     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            r2 = 15
            if (r1 != r2) goto L60
        L5d:
            r5.getResponseCode()     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
        L60:
            java.security.cert.Certificate[] r1 = r5.getServerCertificates()     // Catch: java.io.IOException -> L6f java.lang.Throwable -> L9a
            if (r5 == 0) goto L69
            r5.disconnect()
        L69:
            if (r0 == 0) goto L6e
            clearThreadStatsTag()
        L6e:
            return r1
        L6f:
            r1 = move-exception
            goto L7a
        L71:
            r5 = move-exception
            r4 = r1
            r1 = r5
            r5 = r4
            goto L9b
        L76:
            r5 = move-exception
            r4 = r1
            r1 = r5
            r5 = r4
        L7a:
            java.lang.StringBuilder r2 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> L9a
            r2.<init>()     // Catch: java.lang.Throwable -> L9a
            java.lang.String r3 = "Failed to get server certificates. "
            r2.append(r3)     // Catch: java.lang.Throwable -> L9a
            java.lang.String r3 = r1.getMessage()     // Catch: java.lang.Throwable -> L9a
            r2.append(r3)     // Catch: java.lang.Throwable -> L9a
            java.lang.String r2 = r2.toString()     // Catch: java.lang.Throwable -> L9a
            com.nttdocomo.android.ocsplib.LogUtil.d(r2)     // Catch: java.lang.Throwable -> L9a
            com.nttdocomo.android.ocsplib.exception.OcspRequestException r2 = new com.nttdocomo.android.ocsplib.exception.OcspRequestException     // Catch: java.lang.Throwable -> L9a
            java.lang.String r3 = "Failed to get server certificates."
            r2.<init>(r3, r1)     // Catch: java.lang.Throwable -> L9a
            throw r2     // Catch: java.lang.Throwable -> L9a
        L9a:
            r1 = move-exception
        L9b:
            if (r5 == 0) goto La0
            r5.disconnect()
        La0:
            if (r0 == 0) goto La5
            clearThreadStatsTag()
        La5:
            throw r1
        */
        throw new UnsupportedOperationException("Method not decompiled: com.nttdocomo.android.ocsplib.OcspUtil.getServerCertificates(java.net.URL):java.security.cert.Certificate[]");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<X509Certificate> getTrustedChain(Certificate[] certificateArr) {
        ArrayList arrayList = new ArrayList();
        for (Certificate certificate : certificateArr) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            arrayList.add(x509Certificate);
            X509Certificate rootCertificate = getRootCertificate(x509Certificate);
            if (rootCertificate != null) {
                LogUtil.d("Root certificate found. DN : " + rootCertificate.getSubjectX500Principal().getName());
                arrayList.add(rootCertificate);
                return arrayList;
            }
        }
        return null;
    }

    public static void init(Context context) {
        LogUtil.d("init() start");
        if (isInitialized()) {
            LogUtil.d("Already initialized.");
            LogUtil.d("init() end");
        } else {
            if (context == null) {
                LogUtil.d("Failed to initialize library.");
                throw new OcspParameterException("Failed to initialize library.");
            }
            CacheUtil.init(context.getCacheDir());
            LogUtil.d("init() end");
        }
    }

    public static void init(Context context, int i) {
        LogUtil.d("init() with PinningCertificates start");
        init(context);
        synchronized (sLockPinning) {
            if (sPinningCertificates == null) {
                PinningCertificates pinningCertificates = new PinningCertificates();
                sPinningCertificates = pinningCertificates;
                try {
                    pinningCertificates.init(context, i);
                } catch (RuntimeException e) {
                    LogUtil.d("PinningCertificates initialization failed. " + e.getMessage());
                    throw new OcspParameterException("PinningCertificates initialization failed. " + e.getMessage());
                }
            } else {
                LogUtil.d("PinningCertificates instance already initialized.");
            }
        }
        LogUtil.d("init() with PinningCertificates end");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isInitialized() {
        return CacheUtil.isInitialized();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isPinningCertificatesEnabled() {
        return sPinningCertificates != null;
    }

    private static OCSPResp sendOCSPRequest(OCSPReq oCSPReq, String str) {
        int i = 0;
        Socket socket = null;
        boolean z = false;
        while (i < 20) {
            try {
                try {
                    URL url = new URL(str);
                    if (Build.VERSION.SDK_INT > 22 && !NetworkSecurityPolicy.getInstance().isCleartextTrafficPermitted() && !"https".equals(url.getProtocol())) {
                        LogUtil.d("OCSP request send by socket");
                        int port = url.getPort();
                        String path = url.getPath();
                        if (port == -1) {
                            port = 80;
                        }
                        if (path == null || path.equals("")) {
                            path = WMConstants.SLASH;
                        }
                        z = setTheadStatsTagIfneed();
                        InetSocketAddress inetSocketAddress = new InetSocketAddress(url.getHost(), port);
                        Socket socket2 = new Socket();
                        try {
                            socket2.connect(inetSocketAddress, sConnectTimeout);
                            socket2.setSoTimeout(sReadTimeout);
                            DataOutputStream dataOutputStream = new DataOutputStream(new BufferedOutputStream(socket2.getOutputStream()));
                            DataInputStream dataInputStream = new DataInputStream(new BufferedInputStream(socket2.getInputStream()));
                            dataOutputStream.writeBytes("POST " + path + " HTTP/1.1\r\n");
                            dataOutputStream.writeBytes("Content-Type: application/ocsp-request\r\n");
                            dataOutputStream.writeBytes("Accept: application/ocsp-response\r\n");
                            dataOutputStream.writeBytes("Content-Length: " + oCSPReq.getEncoded().length + "\r\n");
                            dataOutputStream.writeBytes("User-Agent: " + USER_AGENT + "\r\n");
                            dataOutputStream.writeBytes("Host: " + url.getHost() + "\r\n");
                            dataOutputStream.writeBytes("\r\n");
                            dataOutputStream.write(oCSPReq.getEncoded());
                            dataOutputStream.flush();
                            HttpResponseParser httpResponseParser = new HttpResponseParser(dataInputStream);
                            dataOutputStream.close();
                            dataInputStream.close();
                            socket2.close();
                            int responseCode = httpResponseParser.getResponseCode();
                            if (responseCode == 200) {
                                OCSPResp oCSPResp = new OCSPResp(httpResponseParser.getContentBytes());
                                try {
                                    socket2.close();
                                } catch (IOException e) {
                                    LogUtil.d("Failed to socket close. " + e.getMessage());
                                }
                                if (z) {
                                    clearThreadStatsTag();
                                }
                                return oCSPResp;
                            }
                            switch (responseCode) {
                                case HttpStatus.SC_MULTIPLE_CHOICES /* 300 */:
                                case HttpStatus.SC_MOVED_PERMANENTLY /* 301 */:
                                case HttpStatus.SC_MOVED_TEMPORARILY /* 302 */:
                                case HttpStatus.SC_SEE_OTHER /* 303 */:
                                    String redirectURL = httpResponseParser.getRedirectURL();
                                    if (redirectURL == null) {
                                        LogUtil.d("Failed to send OCSP request. response code : " + httpResponseParser.getResponseCode());
                                        throw new OcspRequestException("Failed to send OCSP request. response code : " + httpResponseParser.getResponseCode());
                                    }
                                    i++;
                                    socket = socket2;
                                    str = redirectURL;
                                default:
                                    LogUtil.d("Failed to send OCSP request. response code : " + httpResponseParser.getResponseCode());
                                    throw new OcspRequestException("Failed to send OCSP request. response code : " + httpResponseParser.getResponseCode());
                            }
                        } catch (IOException e2) {
                            e = e2;
                            LogUtil.d("Failed to send OCSP request. " + e.getMessage());
                            throw new OcspRequestException("Failed to send OCSP request.", e);
                        } catch (Throwable th) {
                            th = th;
                            socket = socket2;
                            if (socket != null) {
                                try {
                                    socket.close();
                                } catch (IOException e3) {
                                    LogUtil.d("Failed to socket close. " + e3.getMessage());
                                }
                            }
                            if (!z) {
                                throw th;
                            }
                            clearThreadStatsTag();
                            throw th;
                        }
                    }
                    LogUtil.d("OCSP request send by HttpURLConnection");
                    OCSPResp sendOCSPRequest_LMR1_or_Earlier = sendOCSPRequest_LMR1_or_Earlier(oCSPReq, str);
                    if (socket != null) {
                        try {
                            socket.close();
                        } catch (IOException e4) {
                            LogUtil.d("Failed to socket close. " + e4.getMessage());
                        }
                    }
                    if (z) {
                        clearThreadStatsTag();
                    }
                    return sendOCSPRequest_LMR1_or_Earlier;
                } catch (Throwable th2) {
                    th = th2;
                }
            } catch (IOException e5) {
                e = e5;
            }
        }
        LogUtil.d("Dreirect count limit over");
        throw new OcspRequestException("Failed to send OCSP request. Dreirect count limit over");
    }

    private static OCSPResp sendOCSPRequest_LMR1_or_Earlier(OCSPReq oCSPReq, String str) {
        HttpURLConnection httpURLConnection;
        boolean theadStatsTagIfneed = setTheadStatsTagIfneed();
        HttpURLConnection httpURLConnection2 = null;
        try {
            try {
                httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
            } catch (Throwable th) {
                th = th;
            }
        } catch (IOException e) {
            e = e;
        }
        try {
            httpURLConnection.setRequestProperty("Content-Type", "application/ocsp-request");
            httpURLConnection.setRequestProperty("Accept", "application/ocsp-response");
            httpURLConnection.setDoOutput(true);
            httpURLConnection.setConnectTimeout(sConnectTimeout);
            LogUtil.d("OCSP request connect timeout : " + httpURLConnection.getConnectTimeout());
            httpURLConnection.setReadTimeout(sReadTimeout);
            LogUtil.d("OCSP request read timeout : " + httpURLConnection.getReadTimeout());
            LogUtil.d("Send OCSP request.");
            DataOutputStream dataOutputStream = new DataOutputStream(new BufferedOutputStream(httpURLConnection.getOutputStream()));
            dataOutputStream.write(oCSPReq.getEncoded());
            dataOutputStream.flush();
            dataOutputStream.close();
            LogUtil.d("OCSP response responseCode : " + httpURLConnection.getResponseCode());
            LogUtil.d("OCSP response Content-Length : " + httpURLConnection.getContentLength());
            LogUtil.d("OCSP response Content-Type : " + httpURLConnection.getContentType());
            if (httpURLConnection.getResponseCode() != 200) {
                LogUtil.d("Failed to send OCSP request. response code : " + httpURLConnection.getResponseCode());
                throw new OcspRequestException("Failed to send OCSP request. response code : " + httpURLConnection.getResponseCode());
            }
            InputStream inputStream = httpURLConnection.getInputStream();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            while (true) {
                byte[] bArr = new byte[RESPONSE_BUFFER_SIZE];
                int read = inputStream.read(bArr);
                if (read < 0) {
                    break;
                }
                byteArrayOutputStream.write(bArr, 0, read);
            }
            inputStream.close();
            OCSPResp oCSPResp = new OCSPResp(byteArrayOutputStream.toByteArray());
            LogUtil.d("OCSP response status : " + oCSPResp.getStatus());
            if (httpURLConnection != null) {
                httpURLConnection.disconnect();
            }
            if (theadStatsTagIfneed) {
                clearThreadStatsTag();
            }
            return oCSPResp;
        } catch (IOException e2) {
            e = e2;
            LogUtil.d("Failed to send OCSP request. " + e.getMessage());
            throw new OcspRequestException("Failed to send OCSP request.", e);
        } catch (Throwable th2) {
            th = th2;
            httpURLConnection2 = httpURLConnection;
            if (httpURLConnection2 != null) {
                httpURLConnection2.disconnect();
            }
            if (theadStatsTagIfneed) {
                clearThreadStatsTag();
            }
            throw th;
        }
    }

    public static void setConnectTimeout(int i) {
        LogUtil.d("setConnectTimeout() start");
        LogUtil.d("Timeout : " + i);
        if (i < 0) {
            LogUtil.d("Connect timeout must be zero or higher.");
            throw new OcspParameterException("Connect timeout must be zero or higher.");
        }
        sConnectTimeout = i;
        LogUtil.d("setConnectTimeout() end");
    }

    public static void setReadTimeout(int i) {
        LogUtil.d("setReadTimeout() start");
        LogUtil.d("Timeout : " + i);
        if (i < 0) {
            LogUtil.d("Read timeout must be zero or higher.");
            throw new OcspParameterException("Read timeout must be zero or higher.");
        }
        sReadTimeout = i;
        LogUtil.d("setReadTimeout() end");
    }

    private static boolean setTheadStatsTagIfneed() {
        if (Build.VERSION.SDK_INT <= 14 || TrafficStats.getThreadStatsTag() != -1) {
            return false;
        }
        TrafficStats.setThreadStatsTag(0);
        return true;
    }

    private static String toHumanReadableAscii(String str) {
        int length = str.length();
        int i = 0;
        while (i < length) {
            int codePointAt = str.codePointAt(i);
            if (codePointAt <= 31 || codePointAt >= 127) {
                StringBuilder sb = new StringBuilder();
                sb.append((CharSequence) str, 0, i);
                while (i < length) {
                    int codePointAt2 = str.codePointAt(i);
                    sb.appendCodePoint((codePointAt2 <= 31 || codePointAt2 >= 127) ? 63 : codePointAt2);
                    i += Character.charCount(codePointAt2);
                }
                return sb.toString();
            }
            i += Character.charCount(codePointAt);
        }
        return str;
    }

    @Deprecated
    public static int verifyCert(X509Certificate x509Certificate, X509Certificate x509Certificate2, boolean z) {
        LogUtil.d("verifyCert() start");
        LogUtil.d("Issuer : " + x509Certificate2.getSubjectX500Principal().getName());
        LogUtil.d("Target : " + x509Certificate.getSubjectX500Principal().getName());
        LogUtil.d("Target serial : " + x509Certificate.getSerialNumber().toString(16));
        LogUtil.d("useCache : " + z);
        if (!isInitialized()) {
            LogUtil.d("OcspUtil has not been initialized.");
            throw new OcspParameterException("OcspUtil has not been initialized.");
        }
        String generateCacheKey = CacheUtil.generateCacheKey(x509Certificate);
        if (z && generateCacheKey != null) {
            int verifyCertFromCache = CacheUtil.verifyCertFromCache(generateCacheKey);
            if (verifyCertFromCache == 0) {
                LogUtil.d("verifyCert() end");
                return 0;
            }
            if (verifyCertFromCache == 1) {
                LogUtil.d("verifyCert() end");
                return 1;
            }
            LogUtil.d("No valid cache found.");
        }
        String ocspServerUrl = getOcspServerUrl(x509Certificate);
        if (ocspServerUrl == null) {
            LogUtil.d("No OCSP responder URL. Skip verify.");
            LogUtil.d("verifyCert() end");
            return 0;
        }
        LogUtil.d("OCSP responder URL : " + ocspServerUrl);
        int analyseResponse = analyseResponse(sendOCSPRequest(generateOCSPRequest(x509Certificate, x509Certificate2), ocspServerUrl), x509Certificate2.getPublicKey(), x509Certificate.getSerialNumber().toString(16), generateCacheKey);
        LogUtil.d("verifyCert() end");
        return analyseResponse;
    }

    public static int verifyCert(Certificate[] certificateArr, String str, boolean z) {
        LogUtil.d("verifyCert(chain) start");
        LogUtil.d("useCache : " + z);
        if (!isInitialized()) {
            LogUtil.d("OcspUtil has not been initialized.");
            throw new OcspParameterException("OcspUtil has not been initialized.");
        }
        if (certificateArr == null || certificateArr.length == 0) {
            LogUtil.d("Certificate chain is null or length 0.");
            throw new OcspParameterException("Certificate chain is null or length 0.");
        }
        List<X509Certificate> trustedChain = getTrustedChain(certificateArr);
        if (trustedChain == null) {
            LogUtil.d("Failed to generate certificate chain.");
            return 2;
        }
        int i = 0;
        int i2 = 0;
        while (i < trustedChain.size() - 1 && i2 == 0) {
            X509Certificate x509Certificate = trustedChain.get(i);
            i++;
            i2 = verifyCert(x509Certificate, trustedChain.get(i), z);
        }
        if (Build.VERSION.SDK_INT < 24 && str != null && sPinningCertificates != null && i2 == 0 && !checkPins(trustedChain, str)) {
            LogUtil.d("Pin verification failed");
            i2 = 3;
        }
        LogUtil.d("verifyCert(chain) end");
        return i2;
    }

    public static int verifyUrl(String str, boolean z) {
        LogUtil.d("verifyUrl() start");
        LogUtil.d("Target URL : " + str);
        LogUtil.d("useCache : " + z);
        if (!isInitialized()) {
            LogUtil.d("OcspUtil has not been initialized.");
            throw new OcspParameterException("OcspUtil has not been initialized.");
        }
        try {
            URL url = new URL(str);
            if (!url.getProtocol().equals("https")) {
                LogUtil.d("Target protocol is " + url.getProtocol() + ". Skip verify.");
                return 0;
            }
            try {
                Certificate[] serverCertificates = getServerCertificates(url);
                if (serverCertificates == null || serverCertificates.length == 0) {
                    LogUtil.d("Failed to get server certificates. (chain is null or length 0)");
                    throw new OcspRequestException("Failed to get server certificates. (chain is null or length 0)");
                }
                int verifyCert = verifyCert(serverCertificates, url.getHost(), z);
                LogUtil.d("verifyUrl() end");
                return verifyCert;
            } catch (OcspRequestException e) {
                if (Build.VERSION.SDK_INT < 24 || !ExceptionUtil.containsCause(e, (Class<?>) CertificateRevokedException.class)) {
                    throw e;
                }
                LogUtil.d("CertificateRevokedException. " + e.getMessage());
                return 1;
            }
        } catch (MalformedURLException e2) {
            LogUtil.d("URL is malformed. " + e2.getMessage());
            throw new OcspParameterException("URL is malformed.", e2);
        }
    }
}
