package com.htc.mirrorlinkserver.certhandler;

import android.content.Context;
import android.util.Log;
import com.htc.mirrorlinkserver.certhandler.d;
import java.io.BufferedOutputStream;
import java.io.ByteArrayInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLEncoder;
import java.security.MessageDigest;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import org.eclipse.jetty.http.HttpHeaders;
import org.eclipse.jetty.util.StringUtil;
import org.spongycastle.asn1.ASN1InputStream;
import org.spongycastle.asn1.ASN1Integer;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.ASN1OctetString;
import org.spongycastle.asn1.DEROctetString;
import org.spongycastle.asn1.ocsp.CertID;
import org.spongycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.spongycastle.asn1.ocsp.OCSPResponse;
import org.spongycastle.asn1.ocsp.ResponseData;
import org.spongycastle.asn1.ocsp.SingleResponse;
import org.spongycastle.asn1.x509.Extension;
import org.spongycastle.asn1.x509.Extensions;
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cert.ocsp.BasicOCSPResp;
import org.spongycastle.cert.ocsp.OCSPReq;
import org.spongycastle.cert.ocsp.OCSPReqBuilder;
import org.spongycastle.cert.ocsp.OCSPResp;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.ocsp.CertificateID;
import org.spongycastle.ocsp.OCSPException;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.jcajce.JcaContentVerifierProviderBuilder;

/* loaded from: classes.dex */
public class b {
    private static final String d = "[MirrorLinkServer]" + b.class.getSimpleName();

    /* renamed from: a, reason: collision with root package name */
    public int f657a = 168;
    public int b = 720;
    public int c = 2160;
    private d.a e = d.a.RESERVED_RETRY;
    private int f = 2;
    private String g = null;
    private Context h;
    private d.b i;
    private d.f j;
    private d.g k;

    public b(Context context) {
        this.h = null;
        this.h = context;
    }

    /* JADX WARN: Removed duplicated region for block: B:58:0x00cd  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.lang.String a(java.lang.String r10) {
        /*
            Method dump skipped, instructions count: 273
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.htc.mirrorlinkserver.certhandler.b.a(java.lang.String):java.lang.String");
    }

    private String a(String str, String str2) {
        try {
            return a("http://acms.carconnectivity.org/obtainDeveloperCertificate.html?certificateVersion=1.0&developerID=" + URLEncoder.encode(str, StringUtil.__UTF8) + "&serverID=" + str2);
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
            return null;
        }
    }

    private OCSPReq a(X509Certificate x509Certificate, BigInteger bigInteger) {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
        ASN1InputStream aSN1InputStream = new ASN1InputStream(x509Certificate.getPublicKey().getEncoded());
        messageDigest.update(SubjectPublicKeyInfo.getInstance(aSN1InputStream.readObject()).getPublicKeyData().getBytes());
        Log.d(d, "Signature Alg::" + x509Certificate.getPublicKey().getAlgorithm());
        aSN1InputStream.close();
        Log.d(d, "Serial number:" + bigInteger);
        CertificateID certificateID = new CertificateID(CertificateID.HASH_SHA1, x509Certificate, bigInteger);
        org.spongycastle.cert.ocsp.CertificateID certificateID2 = new org.spongycastle.cert.ocsp.CertificateID(new CertID(org.spongycastle.cert.ocsp.CertificateID.HASH_SHA1, new DEROctetString(certificateID.getIssuerNameHash()), new DEROctetString(certificateID.getIssuerKeyHash()), new ASN1Integer(certificateID.getSerialNumber())));
        this.g = "" + System.currentTimeMillis();
        OCSPReqBuilder oCSPReqBuilder = new OCSPReqBuilder();
        Extensions extensions = new Extensions(new Extension[]{new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, this.g.getBytes())});
        oCSPReqBuilder.addRequest(certificateID2);
        oCSPReqBuilder.setRequestExtensions(extensions);
        return oCSPReqBuilder.build();
    }

    private OCSPResp a(String str, byte[] bArr) {
        Log.i(d, "Starting communication through HTTP");
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
        httpURLConnection.setRequestProperty(HttpHeaders.CONTENT_TYPE, "application/ocsp-request");
        httpURLConnection.setRequestProperty(HttpHeaders.ACCEPT, "application/ocsp-response");
        httpURLConnection.setDoOutput(true);
        httpURLConnection.setChunkedStreamingMode(0);
        DataOutputStream dataOutputStream = new DataOutputStream(new BufferedOutputStream(httpURLConnection.getOutputStream()));
        dataOutputStream.write(bArr);
        dataOutputStream.flush();
        dataOutputStream.close();
        Log.i(d, "An OCSP request is sent.");
        int responseCode = httpURLConnection.getResponseCode();
        if (responseCode / 100 != 2) {
            Log.e(d, "ErrorCode Received: " + responseCode);
            if (responseCode == 302 || responseCode == 301 || responseCode == 303) {
                Log.e(d, "Redirect location : " + httpURLConnection.getHeaderField(HttpHeaders.LOCATION));
            }
            httpURLConnection.disconnect();
            this.f = 2;
            return null;
        }
        InputStream inputStream = (InputStream) httpURLConnection.getContent();
        if (inputStream == null) {
            Log.i(d, "content is null, retry it");
            httpURLConnection.disconnect();
            this.f = 2;
            return null;
        }
        ASN1InputStream aSN1InputStream = new ASN1InputStream(inputStream);
        OCSPResp oCSPResp = new OCSPResp(OCSPResponse.getInstance(aSN1InputStream.readObject()));
        this.j = d.f.values()[oCSPResp.getStatus()];
        Log.d(d, "OCSP Response Status=" + this.j.a() + " " + this.j.b());
        if (this.j != d.f.OCSP_RESP_STATUS_SUCCESSFUL) {
            switch (this.j) {
                case OCSP_RESP_STATUS_MALFORMED_REQUEST:
                case OCSP_RESP_STATUS_SIG_REQUIRED:
                case OCSP_RESP_STATUS_UNAUTHORIZED:
                    this.f = 8;
                    break;
                case OCSP_RESP_STATUS_INTERNAL_ERROR:
                    this.f = 3;
                    break;
                case OCSP_RESP_STATUS_TRY_LATER:
                    this.f = 2;
                    break;
                default:
                    this.f = 8;
                    break;
            }
        } else {
            BasicOCSPResp basicOCSPResp = (BasicOCSPResp) oCSPResp.getResponseObject();
            String str2 = new String(basicOCSPResp.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce).getExtnValue().getOctets());
            if (str2.equals(this.g)) {
                X509CertificateHolder[] certs = basicOCSPResp.getCerts();
                if (1 > certs.length) {
                    Log.d(d, "No Certificates included with OCSP Response");
                    this.f = 2;
                    Log.d(d, "CertificateLength is invalid--Size::" + certs.length);
                    this.k = d.g.OCSP_RESP_NO_CERTIFICATE_INCLUDE;
                } else {
                    Log.i(d, "OCSP response certificate size=" + certs.length);
                    try {
                        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(certs[0].getEncoded()));
                        try {
                            if (basicOCSPResp.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build(x509Certificate.getPublicKey()))) {
                                ArrayList arrayList = new ArrayList();
                                arrayList.add(x509Certificate);
                                if (new f(e()).a(arrayList)) {
                                    int tagNo = SingleResponse.getInstance(ResponseData.getInstance(basicOCSPResp.getTBSResponseData()).getResponses().getObjectAt(0)).getCertStatus().getTagNo();
                                    Log.d(d, "Revocation result is  " + tagNo);
                                    if (tagNo == 0) {
                                        Log.d(d, "STATUS CHECK -- OCSP Good");
                                        this.f = 0;
                                    } else if (tagNo == 1) {
                                        Log.d(d, "STATUS CHECK -- OCSP Revoked");
                                        this.f = 1;
                                        this.j = d.f.OCSP_RESP_STATUS_REVOKE;
                                    } else if (tagNo == 2) {
                                        Log.d(d, "STATUS CHECK -- OCSP Unknown");
                                        this.f = 6;
                                        this.j = d.f.OCSP_RESP_STATUS_UNKNOWN;
                                    }
                                } else {
                                    Log.e(d, "The certificate trust chain is wrong.");
                                    this.f = 2;
                                    this.k = d.g.OCSP_RESP_TRUST_CHAIN_WRONG;
                                }
                            } else {
                                Log.e(d, "The signature of the OCSP response is wrong.");
                                this.f = 2;
                                this.k = d.g.OCSP_RESP_SIGNATURE_WRONG;
                            }
                        } catch (OperatorCreationException e) {
                            e.printStackTrace();
                        }
                    } catch (CertificateException e2) {
                        Log.d(d, "Error in creating certificate");
                        this.f = 2;
                        e2.printStackTrace();
                        this.k = d.g.OCSP_RESP_ERROR_CREATING_CERTIFICATE;
                    }
                }
            } else {
                Log.i(d, "Nonce value is erroneous in OCSP response: Stored Nonce:" + this.g + "--OCSP Resp Nonce:" + str2);
                this.f = 2;
                this.k = d.g.OCSP_RESP_NONCE_WRONG;
            }
        }
        Log.i(d, "Certificate Revocation Status::" + this.f);
        aSN1InputStream.close();
        httpURLConnection.disconnect();
        return oCSPResp;
    }

    private void a(OCSPResp oCSPResp) {
        BasicOCSPResp basicOCSPResp = (BasicOCSPResp) oCSPResp.getResponseObject();
        if (basicOCSPResp == null) {
            Log.d(d, "No ResponseBytes.");
            return;
        }
        Extension extension = basicOCSPResp.getExtension(new ASN1ObjectIdentifier("1.3.6.1.4.1.41577.1.1"));
        Extension extension2 = basicOCSPResp.getExtension(new ASN1ObjectIdentifier("1.3.6.1.4.1.41577.1.2"));
        Extension extension3 = basicOCSPResp.getExtension(new ASN1ObjectIdentifier("1.3.6.1.4.1.41577.1.3"));
        ASN1OctetString extnValue = extension.getExtnValue();
        ASN1OctetString extnValue2 = extension2.getExtnValue();
        ASN1OctetString extnValue3 = extension3.getExtnValue();
        this.f657a = Integer.parseInt(new String(extnValue.getOctets()));
        this.b = Integer.parseInt(new String(extnValue2.getOctets()));
        this.c = Integer.parseInt(new String(extnValue3.getOctets()));
        Log.i(d, "processOcspResponse::Periods: " + this.f657a + " " + this.b + " " + this.c);
    }

    private String b(String str) {
        try {
            return a("http://acms.carconnectivity.org/obtainCertificate.html?certificateVersion=1.0&platformID=" + URLEncoder.encode("Android", StringUtil.__UTF8) + "&runtimeID=" + URLEncoder.encode("Native", StringUtil.__UTF8) + "&appID=" + URLEncoder.encode(str, StringUtil.__UTF8));
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
            return null;
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:30:0x004b  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.security.cert.X509Certificate e() {
        /*
            r4 = this;
            r2 = 0
            android.content.Context r0 = r4.h
            android.content.SharedPreferences r0 = android.preference.PreferenceManager.getDefaultSharedPreferences(r0)
            java.lang.String r1 = "ml_root_certificate"
            java.lang.String r3 = "CCC"
            java.lang.String r0 = r0.getString(r1, r3)
            java.lang.String r1 = "CCC"
            boolean r0 = r0.equals(r1)
            if (r0 == 0) goto L30
            java.lang.String r0 = "CCC_Root_Certificate.crt"
        L19:
            android.content.Context r1 = r4.h     // Catch: java.io.IOException -> L51 java.security.cert.CertificateException -> L5a
            android.content.res.AssetManager r1 = r1.getAssets()     // Catch: java.io.IOException -> L51 java.security.cert.CertificateException -> L5a
            java.io.InputStream r3 = r1.open(r0)     // Catch: java.io.IOException -> L51 java.security.cert.CertificateException -> L5a
            r1 = 0
            java.security.cert.X509Certificate r0 = com.htc.mirrorlinkserver.certhandler.e.a(r3)     // Catch: java.lang.Throwable -> L46 java.lang.Throwable -> L62
            if (r3 == 0) goto L2f
            if (r2 == 0) goto L3d
            r3.close()     // Catch: java.lang.Throwable -> L33 java.io.IOException -> L38 java.security.cert.CertificateException -> L41
        L2f:
            return r0
        L30:
            java.lang.String r0 = "CTS_DAP_Root_Certificate.crt"
            goto L19
        L33:
            r2 = move-exception
            r1.addSuppressed(r2)     // Catch: java.io.IOException -> L38 java.security.cert.CertificateException -> L41
            goto L2f
        L38:
            r1 = move-exception
        L39:
            r1.printStackTrace()
            goto L2f
        L3d:
            r3.close()     // Catch: java.io.IOException -> L38 java.security.cert.CertificateException -> L41
            goto L2f
        L41:
            r1 = move-exception
        L42:
            r1.printStackTrace()
            goto L2f
        L46:
            r1 = move-exception
            throw r1     // Catch: java.lang.Throwable -> L48
        L48:
            r0 = move-exception
        L49:
            if (r3 == 0) goto L50
            if (r1 == 0) goto L5e
            r3.close()     // Catch: java.io.IOException -> L51 java.lang.Throwable -> L55 java.security.cert.CertificateException -> L5a
        L50:
            throw r0     // Catch: java.io.IOException -> L51 java.security.cert.CertificateException -> L5a
        L51:
            r0 = move-exception
            r1 = r0
            r0 = r2
            goto L39
        L55:
            r3 = move-exception
            r1.addSuppressed(r3)     // Catch: java.io.IOException -> L51 java.security.cert.CertificateException -> L5a
            goto L50
        L5a:
            r0 = move-exception
            r1 = r0
            r0 = r2
            goto L42
        L5e:
            r3.close()     // Catch: java.io.IOException -> L51 java.security.cert.CertificateException -> L5a
            goto L50
        L62:
            r0 = move-exception
            r1 = r2
            goto L49
        */
        throw new UnsupportedOperationException("Method not decompiled: com.htc.mirrorlinkserver.certhandler.b.e():java.security.cert.X509Certificate");
    }

    public int a(List<X509Certificate> list) {
        OCSPException e;
        int i;
        org.spongycastle.cert.ocsp.OCSPException e2;
        IOException e3;
        BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
        try {
            try {
                X509Certificate x509Certificate = list.get(1);
                X509Certificate x509Certificate2 = list.size() == 1 ? x509Certificate : list.get(0);
                Log.i(d, "Generating OCSP Request Message");
                Security.addProvider(bouncyCastleProvider);
                OCSPReq a2 = a(x509Certificate, x509Certificate2.getSerialNumber());
                byte[] octets = ASN1OctetString.getInstance(x509Certificate2.getExtensionValue("1.3.6.1.5.5.7.1.1")).getOctets();
                if (octets == null) {
                    Log.d(d, "Service Address array is NULL");
                    i = 2;
                } else {
                    String str = new String(octets);
                    String substring = str.substring(str.indexOf("http://"));
                    if (!substring.startsWith("http://")) {
                        substring = "http://acms.carconnectivity.org/OCSP";
                    }
                    Log.d(d, "OCSP URI:" + substring);
                    OCSPResp a3 = a(substring, a2.getEncoded());
                    i = this.f;
                    try {
                        if (this.f == 2) {
                            Log.d(d, "Revocation status is unchecked, Re-scheduled");
                        } else {
                            if (this.f == 1) {
                                Log.d(d, "Certificate is revoked");
                            } else if (this.f == 8) {
                                Log.d(d, "Certificate is invalid in OCSP Response");
                            }
                            a(a3);
                        }
                    } catch (IOException e4) {
                        e3 = e4;
                        e3.printStackTrace();
                        return i;
                    } catch (org.spongycastle.cert.ocsp.OCSPException e5) {
                        e2 = e5;
                        e2.printStackTrace();
                        return i;
                    } catch (OCSPException e6) {
                        e = e6;
                        e.printStackTrace();
                        return i;
                    }
                }
            } finally {
                Security.removeProvider(bouncyCastleProvider.getName());
            }
        } catch (IOException e7) {
            e3 = e7;
            i = 2;
        } catch (org.spongycastle.cert.ocsp.OCSPException e8) {
            e2 = e8;
            i = 2;
        } catch (OCSPException e9) {
            e = e9;
            i = 2;
        }
        return i;
    }

    public d.a a() {
        return this.e;
    }

    public d.EnumC0046d a(List<X509Certificate> list, AppDevCertInfo appDevCertInfo) {
        d.EnumC0046d enumC0046d = d.EnumC0046d.FAILED;
        if (list == null || appDevCertInfo == null) {
            Log.e(d, "Input data is NULL");
        } else {
            f fVar = new f(e(), this.h.getPackageManager());
            enumC0046d = fVar.a(list, appDevCertInfo.f());
            if (enumC0046d != d.EnumC0046d.SUCCESS) {
                this.i = fVar.a();
            }
        }
        return enumC0046d;
    }

    public d.EnumC0046d a(List<X509Certificate> list, String str, String str2, String str3) {
        d.EnumC0046d enumC0046d = d.EnumC0046d.FAILED;
        if (list == null || str == null || str2 == null) {
            Log.e(d, "Input Data is NULL");
        } else {
            f fVar = new f(e(), this.h.getPackageManager());
            enumC0046d = fVar.a(list, str, str2, str3);
            if (enumC0046d != d.EnumC0046d.SUCCESS) {
                this.i = fVar.a();
            }
        }
        return enumC0046d;
    }

    public boolean a(String str, List<X509Certificate> list, AppDevCertInfo appDevCertInfo) {
        Log.i(d, "downloadAppDevCertificate::Downloading Application Certificate from ACMS");
        if (str == null || list == null) {
            Log.e(d, "Input data is NULL");
            return false;
        }
        String b = b(str);
        if (b == null) {
            Log.e(d, "Http Response obtained from the ACMS is NULL");
            return false;
        }
        boolean a2 = e.a(b, list);
        if (!a2) {
            Log.e(d, "Certificate not downloaded");
            return a2;
        }
        if (2 > list.size()) {
            Log.d(d, "Downloaded Certificates length is smaller than 2 --  missing intermediate certificate");
            return false;
        }
        try {
            appDevCertInfo.b(list.get(1).getEncoded());
            appDevCertInfo.c(list.get(0).getEncoded());
            Log.d(d, "Certificate Downloaded and AppDevCertInfo is updated");
            return true;
        } catch (CertificateEncodingException e) {
            Log.e(d, "Certificate encoding exception");
            e.printStackTrace();
            return false;
        }
    }

    public boolean a(String str, List<X509Certificate> list, String str2, AppDevCertInfo appDevCertInfo) {
        Log.i(d, "downloadDevCertificate::Downloading Dev ID certificate from ACMS");
        if (str == null || list == null || str2 == null) {
            Log.e(d, "Input data is NULL");
            return false;
        }
        String a2 = a(str, str2);
        if (a2 == null) {
            Log.e(d, "Http Response obtained from the ACMS is NULL");
            return false;
        }
        boolean a3 = e.a(a2, list);
        if (!a3) {
            Log.e(d, "Certificate not downloaded");
            return a3;
        }
        if (2 > list.size()) {
            Log.d(d, "Downloaded Certificates length is smaller than 2 --  missing intermediate certificate");
            return false;
        }
        try {
            appDevCertInfo.b(list.get(1).getEncoded());
            appDevCertInfo.c(list.get(0).getEncoded());
            Log.d(d, "Certificate Downloaded and AppDevCertInfo is updated");
            return true;
        } catch (CertificateEncodingException e) {
            Log.e(d, "Certificate encoding exception");
            e.printStackTrace();
            return false;
        }
    }

    public d.b b() {
        return this.i;
    }

    public d.f c() {
        return this.j;
    }

    public d.g d() {
        return this.k;
    }
}
