package at.rundquadrat.android.r2mail2;

import at.rundquadrat.android.r2mail2.KeyServer;
import at.rundquadrat.javax.naming.NamingException;
import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.LDAPURL;
import com.unboundid.ldap.sdk.SearchResult;
import com.unboundid.ldap.sdk.SearchResultEntry;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.List;
import microsoft.exchange.webservices.data.EWSConstants;
import org2.bouncycastle.cert.X509CertificateHolder;
import org2.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org2.bouncycastle.cert.ocsp.BasicOCSPResp;
import org2.bouncycastle.cert.ocsp.CertificateID;
import org2.bouncycastle.cert.ocsp.OCSPException;
import org2.bouncycastle.cert.ocsp.OCSPReqBuilder;
import org2.bouncycastle.cert.ocsp.OCSPResp;
import org2.bouncycastle.cert.ocsp.RevokedStatus;
import org2.bouncycastle.cert.ocsp.SingleResp;
import org2.bouncycastle.cert.ocsp.UnknownStatus;
import org2.bouncycastle.jce.provider.BouncyCastleProvider;
import org2.bouncycastle.operator.DigestCalculatorProvider;
import org2.bouncycastle.operator.OperatorCreationException;
import org2.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org2.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;

/* loaded from: classes.dex */
public class CertCrlOcspDownloader {
    public static final int OCSP_ERROR = -1;
    public static final int OCSP_REVOKED = 2;
    public static final int OCSP_UNKNOWN = 0;
    public static final int OCSP_VALID = 1;

    public static int checkOCSP(BigInteger bigInteger, String str, X509Certificate x509Certificate) throws IOException, OperatorCreationException, OCSPException, CertificateException {
        int contentLength;
        DigestCalculatorProvider build = new JcaDigestCalculatorProviderBuilder().setProvider(new BouncyCastleProvider()).build();
        OCSPReqBuilder oCSPReqBuilder = new OCSPReqBuilder();
        CertificateID certificateID = new CertificateID(build.get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(x509Certificate), bigInteger);
        oCSPReqBuilder.addRequest(certificateID);
        byte[] encoded = oCSPReqBuilder.build().getEncoded();
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
        httpURLConnection.setConnectTimeout(10000);
        httpURLConnection.setReadTimeout(10000);
        httpURLConnection.setAllowUserInteraction(false);
        httpURLConnection.setDoInput(true);
        httpURLConnection.setDoOutput(true);
        httpURLConnection.setUseCaches(false);
        HttpURLConnection.setFollowRedirects(false);
        httpURLConnection.setRequestMethod("POST");
        httpURLConnection.setRequestProperty("Content-Type", "application/ocsp-request");
        httpURLConnection.setRequestProperty("Content-Length", String.valueOf(encoded.length));
        OutputStream outputStream = httpURLConnection.getOutputStream();
        outputStream.write(encoded);
        outputStream.flush();
        httpURLConnection.connect();
        outputStream.close();
        try {
            if (httpURLConnection.getResponseCode() != 200 || httpURLConnection.getContentType() == null || !httpURLConnection.getContentType().equals("application/ocsp-response") || (contentLength = httpURLConnection.getContentLength()) < 1) {
                return -1;
            }
            InputStream inputStream = httpURLConnection.getInputStream();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byte[] bArr = new byte[1024];
            while (true) {
                int read = inputStream.read(bArr);
                if (read == -1) {
                    break;
                }
                byteArrayOutputStream.write(bArr, 0, read);
            }
            inputStream.close();
            httpURLConnection.disconnect();
            if (byteArrayOutputStream.size() != contentLength) {
                return -1;
            }
            OCSPResp oCSPResp = new OCSPResp(byteArrayOutputStream.toByteArray());
            if (oCSPResp.getStatus() != 0) {
                return -1;
            }
            BasicOCSPResp basicOCSPResp = (BasicOCSPResp) oCSPResp.getResponseObject();
            X509CertificateHolder[] certs = basicOCSPResp.getCerts();
            if (certs.length > 0 && !basicOCSPResp.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(new BouncyCastleProvider()).build(certs[0]))) {
                return -1;
            }
            for (SingleResp singleResp : basicOCSPResp.getResponses()) {
                if (certificateID.equals(singleResp.getCertID())) {
                    if (singleResp.getCertStatus() == null) {
                        return 1;
                    }
                    if (singleResp.getCertStatus() instanceof UnknownStatus) {
                        return 0;
                    }
                    if (singleResp.getCertStatus() instanceof RevokedStatus) {
                        return 2;
                    }
                }
            }
            return -1;
        } catch (IOException e) {
            return -1;
        }
    }

    public static X509CRL downloadCRL(String str) throws CRLException, CertificateException, IOException, NamingException {
        if (!str.startsWith(EWSConstants.HTTP_SCHEME)) {
            if (!str.startsWith("ldap")) {
                return null;
            }
            try {
                LDAPURL ldapurl = new LDAPURL(str);
                LDAPConnection lDAPConnection = new LDAPConnection();
                if (ldapurl.getHost() == null) {
                    return null;
                }
                lDAPConnection.connect(ldapurl.getHost(), ldapurl.getPort());
                if (!lDAPConnection.isConnected()) {
                    throw new IOException("Error getting crl from LDAP " + str + " : cannot connect!");
                }
                SearchResult search = lDAPConnection.search(ldapurl.toSearchRequest());
                if (search != null) {
                    List<SearchResultEntry> searchEntries = search.getSearchEntries();
                    if (searchEntries.size() > 0) {
                        byte[] attributeValueBytes = searchEntries.get(0).getAttributeValueBytes(ldapurl.getAttributes().length > 0 ? ldapurl.getAttributes()[0] : "certificateRevocationList;binary");
                        if (attributeValueBytes != null) {
                            return (X509CRL) CertificateFactory.getInstance(KeyServer.KeyType.X509).generateCRL(new ByteArrayInputStream(attributeValueBytes));
                        }
                    }
                }
                return null;
            } catch (LDAPException e) {
                throw new IOException("Error getting crl from LDAP " + str);
            }
        }
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
        httpURLConnection.setRequestMethod("GET");
        httpURLConnection.setDoOutput(true);
        httpURLConnection.setConnectTimeout(10000);
        httpURLConnection.connect();
        InputStream inputStream = httpURLConnection.getInputStream();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[1024];
        while (true) {
            int read = inputStream.read(bArr);
            if (read == -1) {
                inputStream.close();
                return (X509CRL) CertificateFactory.getInstance(KeyServer.KeyType.X509).generateCRL(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()));
            }
            byteArrayOutputStream.write(bArr, 0, read);
        }
    }

    public static FullX509Certificate downloadCert(String str) throws IOException, CertificateException, NamingException {
        byte[] attributeValueBytes;
        if (str.startsWith(EWSConstants.HTTP_SCHEME)) {
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
            httpURLConnection.setRequestMethod("GET");
            httpURLConnection.setConnectTimeout(10000);
            httpURLConnection.connect();
            InputStream inputStream = httpURLConnection.getInputStream();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byte[] bArr = new byte[1024];
            while (true) {
                int read = inputStream.read(bArr);
                if (read == -1) {
                    break;
                }
                byteArrayOutputStream.write(bArr, 0, read);
            }
            inputStream.close();
            return byteArrayOutputStream.toString().startsWith("-----BEGIN CERTIFICATE-----") ? new FullX509Certificate(byteArrayOutputStream.toString()) : new FullX509Certificate(byteArrayOutputStream.toByteArray());
        }
        if (!str.startsWith("ldap")) {
            return null;
        }
        try {
            LDAPURL ldapurl = new LDAPURL(str);
            LDAPConnection lDAPConnection = new LDAPConnection();
            if (ldapurl.getHost() == null) {
                return null;
            }
            lDAPConnection.connect(ldapurl.getHost(), ldapurl.getPort());
            if (!lDAPConnection.isConnected()) {
                throw new IOException("Error getting certificate from LDAP " + str + " : cannot connect!");
            }
            SearchResult search = lDAPConnection.search(ldapurl.toSearchRequest());
            if (search != null) {
                String str2 = ldapurl.getAttributes().length > 0 ? ldapurl.getAttributes()[0] : "cACertificate;binary";
                List<SearchResultEntry> searchEntries = search.getSearchEntries();
                if (searchEntries.size() > 0 && (attributeValueBytes = searchEntries.get(0).getAttributeValueBytes(str2)) != null) {
                    return new FullX509Certificate(attributeValueBytes);
                }
            }
            return null;
        } catch (LDAPException e) {
            throw new IOException("Error getting certificate from LDAP " + str);
        }
    }
}
