package com.airwatch.revocationcheck;

import android.text.TextUtils;
import androidx.annotation.Nullable;
import androidx.annotation.VisibleForTesting;
import androidx.annotation.WorkerThread;
import com.airwatch.sdk.context.m;
import com.airwatch.util.o;
import com.airwatch.util.x;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.List;

/* loaded from: classes.dex */
public class h {

    /* renamed from: a, reason: collision with root package name */
    public static final int f2018a = 2;

    /* renamed from: b, reason: collision with root package name */
    static final int f2019b = 0;
    static final int c = -1;
    static final int d = -2;
    static final int e = -3;
    static final int f = -4;
    static final int g = -5;
    static final int h = -6;
    static final int i = -7;
    static final int j = -8;
    static final int k = -9;
    static final int l = -10;
    static final int m = -11;
    static final int n = -12;
    static final int o = -13;
    static final int p = -14;
    static final int q = -15;
    static final int r = -16;
    private static final String s = "RevocationChecker";
    private com.airwatch.sdk.certificate.c t;
    private c u;
    private com.airwatch.crypto.openssl.d v;
    private o w;
    private f x;

    /* JADX INFO: Access modifiers changed from: package-private */
    public h(com.airwatch.sdk.certificate.c cVar, c cVar2, com.airwatch.crypto.openssl.d dVar, o oVar, f fVar) {
        this.t = cVar;
        this.u = cVar2;
        this.v = dVar;
        this.w = oVar;
        this.x = fVar;
    }

    private int a() {
        int i2 = this.u.e() == 1 ? 1 : 0;
        if (this.u.c() != 0) {
            i2 |= 2;
        }
        return this.u.d() == 1 ? i2 | 4 : i2;
    }

    private e a(X509Certificate[] x509CertificateArr, e eVar) {
        if (e(x509CertificateArr) == null) {
            return f(x509CertificateArr);
        }
        if (this.u.c() == 0 && TextUtils.isEmpty(this.u.b())) {
            return g(x509CertificateArr);
        }
        x.a(s, "Serving RevocationCheckResponse from cache for: " + eVar.getCertSubject());
        x.a(s, eVar.toString());
        a(x509CertificateArr, eVar, 0);
        return eVar;
    }

    /* JADX WARN: Removed duplicated region for block: B:10:0x0081  */
    /* JADX WARN: Removed duplicated region for block: B:13:0x008c  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void a(java.security.cert.X509Certificate[] r4, com.airwatch.revocationcheck.e r5, int r6) {
        /*
            r3 = this;
            java.lang.String r0 = "RevocationChecker"
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            r1.<init>()
            java.lang.String r2 = "setCertUsagePolicy for: "
            r1.append(r2)
            java.lang.String r2 = r5.getCertSubject()
            r1.append(r2)
            java.lang.String r1 = r1.toString()
            com.airwatch.util.x.a(r0, r1)
            com.airwatch.revocationcheck.a r0 = new com.airwatch.revocationcheck.a
            r0.<init>()
            r0.a(r6)
            com.airwatch.util.o r6 = r3.w
            com.airwatch.sdk.certificate.c r1 = r3.t
            com.airwatch.revocationcheck.c r2 = r3.u
            int r2 = r2.g()
            java.util.List r1 = r1.a(r2)
            boolean r4 = r6.b(r4, r1)
            if (r4 != 0) goto L3b
            r4 = 64
            r0.a(r4)
        L3b:
            int r4 = r5.getRevocationStatus()
            r6 = 1
            if (r4 != r6) goto L48
            r4 = 32
        L44:
            r0.a(r4)
            goto L7b
        L48:
            int r4 = r5.getRevocationStatus()
            r1 = 2
            if (r4 != r1) goto L52
            r4 = 16
            goto L44
        L52:
            com.airwatch.revocationcheck.c r4 = r3.u
            int r4 = r4.e()
            if (r4 != r6) goto L6c
            boolean r4 = r5.isNonceVerified()
            if (r4 != 0) goto L6c
            java.lang.String r4 = "RevocationChecker"
            java.lang.String r1 = "Nonce verification failed"
            com.airwatch.util.x.a(r4, r1)
            r4 = 8
            r0.a(r4)
        L6c:
            boolean r4 = r5.isResponseVerified()
            if (r4 != 0) goto L7b
            java.lang.String r4 = "RevocationChecker"
            java.lang.String r1 = "Response verification failed"
            com.airwatch.util.x.a(r4, r1)
            r4 = 4
            goto L44
        L7b:
            int r4 = r0.b()
            if (r4 != 0) goto L84
            r0.a(r6)
        L84:
            com.airwatch.revocationcheck.c r4 = r3.u
            int r4 = r4.h()
            if (r4 != 0) goto L8f
            r0.a(r6)
        L8f:
            r5.setCertUsagePolicy(r0)
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: com.airwatch.revocationcheck.h.a(java.security.cert.X509Certificate[], com.airwatch.revocationcheck.e, int):void");
    }

    private boolean b() {
        return m.a().h().getBoolean(com.airwatch.storage.d.aO, false);
    }

    private boolean c() {
        return b() && this.u.a() == 1;
    }

    private e f(X509Certificate[] x509CertificateArr) {
        x.d(s, "Certificates to preform revocation check not available");
        RevocationCheckResponseImpl revocationCheckResponseImpl = new RevocationCheckResponseImpl(x509CertificateArr[0].getSubjectDN().getName(), 0);
        a(x509CertificateArr, revocationCheckResponseImpl, 65);
        return revocationCheckResponseImpl;
    }

    private e g(X509Certificate[] x509CertificateArr) {
        x.d(s, "Revocation check URL not available");
        RevocationCheckResponseImpl revocationCheckResponseImpl = new RevocationCheckResponseImpl(x509CertificateArr[0].getSubjectDN().getName(), 0);
        a(x509CertificateArr, revocationCheckResponseImpl, 256);
        return revocationCheckResponseImpl;
    }

    @WorkerThread
    public int a(X509Certificate[] x509CertificateArr) {
        return b(x509CertificateArr).getRevocationStatus();
    }

    @WorkerThread
    public e a(X509Certificate x509Certificate) {
        return b(new X509Certificate[]{x509Certificate});
    }

    @VisibleForTesting
    public boolean a(e eVar) {
        return eVar != null && eVar.getNextUpdate().after(new Date());
    }

    public e b(X509Certificate x509Certificate) {
        return d(new X509Certificate[]{x509Certificate});
    }

    @WorkerThread
    public e b(X509Certificate[] x509CertificateArr) {
        e eVar;
        e a2 = this.x.a(this.w.b(x509CertificateArr[0]));
        if (a2 == null) {
            eVar = c(x509CertificateArr);
        } else if (a(a2)) {
            eVar = a(x509CertificateArr, a2);
        } else {
            x.a(s, "Cached response expired");
            e c2 = c(x509CertificateArr);
            if (this.u.h() != 1 || (c2.getCertUsagePolicy().b() & 128) == 0) {
                eVar = c2;
            } else {
                eVar = a(x509CertificateArr, a2);
                eVar.getCertUsagePolicy().a(128);
                x.a(s, "Returning expired cached response as responder not reachable.");
            }
        }
        x.a(s, eVar.toString());
        return eVar;
    }

    @WorkerThread
    public e c(X509Certificate[] x509CertificateArr) {
        int i2;
        String name = x509CertificateArr[0].getSubjectDN().getName();
        RevocationCheckResponseImpl revocationCheckResponseImpl = new RevocationCheckResponseImpl(name, this.u.f());
        if (!c()) {
            x.a(s, "Revocation check not setup/enabled, returning");
            return revocationCheckResponseImpl;
        }
        List<X509Certificate> a2 = this.t.a(this.u.g());
        List<X509Certificate> e2 = e(x509CertificateArr);
        if (e2 == null) {
            return f(x509CertificateArr);
        }
        if (this.u.c() == 0 && TextUtils.isEmpty(this.u.b())) {
            return g(x509CertificateArr);
        }
        CertificateChainAsList certificateChainAsList = new CertificateChainAsList(e2);
        CertificateChainAsList certificateChainAsList2 = new CertificateChainAsList(a2);
        String str = null;
        if (this.u.c() != 2 && !TextUtils.isEmpty(this.u.b())) {
            str = this.u.b();
        }
        int a3 = this.v.a(certificateChainAsList, a(), str, revocationCheckResponseImpl, certificateChainAsList2);
        if (a3 == 0) {
            x.a(s, "Revocation check result for " + name + ": " + a3);
            i2 = 0;
        } else {
            x.a(s, "Revocation check failed for " + name + " with reason code: " + a3);
            i2 = a3 == -16 ? 130 : a3 == -15 ? 258 : 2;
        }
        a(x509CertificateArr, revocationCheckResponseImpl, i2);
        if (revocationCheckResponseImpl.getRevocationStatus() != 2) {
            x.a(s, "Saving result to cache for: " + name);
            this.x.a(revocationCheckResponseImpl, this.w.b(x509CertificateArr[0]));
        }
        return revocationCheckResponseImpl;
    }

    public e d(X509Certificate[] x509CertificateArr) {
        String str;
        String str2;
        if (c()) {
            e a2 = this.x.a(this.w.b(x509CertificateArr[0]));
            if (a2 != null) {
                return a(x509CertificateArr, a2);
            }
            str = s;
            str2 = "Cache entry not found";
        } else {
            str = s;
            str2 = "Revocation check not setup/enabled, returning";
        }
        x.a(str, str2);
        return null;
    }

    @Nullable
    @VisibleForTesting(otherwise = 2)
    public List<X509Certificate> e(X509Certificate[] x509CertificateArr) {
        List<X509Certificate> a2 = this.t.a(this.u.g());
        if (this.u.d() == 0) {
            x.a(s, "Check type : entire chain");
            return this.w.a(x509CertificateArr, a2);
        }
        x.a(s, "Check type : leaf cert");
        return x509CertificateArr.length < 2 ? this.w.a(x509CertificateArr[0], a2) : Arrays.asList(x509CertificateArr).subList(0, 2);
    }
}
