package CeviToolKit;

import java.io.BufferedOutputStream;
import java.io.DataOutputStream;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.ocsp.BasicOCSPResp;
import org.bouncycastle.ocsp.CertificateID;
import org.bouncycastle.ocsp.CertificateStatus;
import org.bouncycastle.ocsp.OCSPException;
import org.bouncycastle.ocsp.OCSPReq;
import org.bouncycastle.ocsp.OCSPReqGenerator;
import org.bouncycastle.ocsp.OCSPResp;
import org.bouncycastle.ocsp.RevokedStatus;
import org.bouncycastle.ocsp.SingleResp;
import org.bouncycastle.ocsp.UnknownStatus;

/* loaded from: input_file:CeviToolKit/OcspCheck.class */
public class OcspCheck {

    /* loaded from: input_file:CeviToolKit/OcspCheck$miTM.class */
    public static class miTM implements TrustManager, X509TrustManager {
        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }

        public boolean isServerTrusted(X509Certificate[] x509CertificateArr) {
            return true;
        }

        public boolean isClientTrusted(X509Certificate[] x509CertificateArr) {
            return true;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }
    }

    private static void trustAllHttpsCertificates() throws Exception {
        TrustManager[] trustManagerArr = {new miTM()};
        SSLContext sSLContext = SSLContext.getInstance("SSL");
        sSLContext.init(null, trustManagerArr, null);
        HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
    }

    public static OCSPReq generateOCSPRequest(X509Certificate x509Certificate, BigInteger bigInteger) throws OCSPException {
        Security.addProvider(new BouncyCastleProvider());
        CertificateID certificateID = new CertificateID("1.3.14.3.2.26", x509Certificate, bigInteger);
        OCSPReqGenerator oCSPReqGenerator = new OCSPReqGenerator();
        oCSPReqGenerator.addRequest(certificateID);
        BigInteger valueOf = BigInteger.valueOf(System.currentTimeMillis());
        Vector vector = new Vector();
        Vector vector2 = new Vector();
        vector.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
        vector2.add(new X509Extension(false, new DEROctetString(valueOf.toByteArray())));
        oCSPReqGenerator.setRequestExtensions(new X509Extensions(vector, vector2));
        return oCSPReqGenerator.generate();
    }

    public String doOcspCheck(InputStream inputStream, InputStream inputStream2, String str, Boolean bool) {
        OCSPResp oCSPResp;
        String str2 = "";
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            byte[] encoded = generateOCSPRequest((X509Certificate) certificateFactory.generateCertificate(inputStream), ((X509Certificate) certificateFactory.generateCertificate(inputStream2)).getSerialNumber()).getEncoded();
            if (str.startsWith("https")) {
                HostnameVerifier hostnameVerifier = new HostnameVerifier() { // from class: CeviToolKit.OcspCheck.1
                    @Override // javax.net.ssl.HostnameVerifier
                    public boolean verify(String str3, SSLSession sSLSession) {
                        System.out.println("Warning: URL Host: " + str3 + " vs. " + sSLSession.getPeerHost());
                        return true;
                    }
                };
                trustAllHttpsCertificates();
                HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
                HttpsURLConnection httpsURLConnection = (HttpsURLConnection) new URL(str).openConnection();
                httpsURLConnection.setRequestProperty("Content-Type", "application/ocsp-request");
                httpsURLConnection.setRequestProperty("Accept", "application/ocsp-response");
                httpsURLConnection.setDoOutput(true);
                DataOutputStream dataOutputStream = new DataOutputStream(new BufferedOutputStream(httpsURLConnection.getOutputStream()));
                dataOutputStream.write(encoded);
                dataOutputStream.flush();
                dataOutputStream.close();
                if (httpsURLConnection.getResponseCode() / 100 != 2) {
                    throw new Exception("***Error***");
                }
                oCSPResp = new OCSPResp((InputStream) httpsURLConnection.getContent());
            } else {
                HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
                httpURLConnection.setRequestProperty("Content-Type", "application/ocsp-request");
                httpURLConnection.setRequestProperty("Accept", "application/ocsp-response");
                httpURLConnection.setDoOutput(true);
                DataOutputStream dataOutputStream2 = new DataOutputStream(new BufferedOutputStream(httpURLConnection.getOutputStream()));
                dataOutputStream2.write(encoded);
                dataOutputStream2.flush();
                dataOutputStream2.close();
                if (httpURLConnection.getResponseCode() / 100 != 2) {
                    throw new Exception("***Error***");
                }
                oCSPResp = new OCSPResp((InputStream) httpURLConnection.getContent());
            }
            BasicOCSPResp basicOCSPResp = (BasicOCSPResp) oCSPResp.getResponseObject();
            if (basicOCSPResp != null) {
                SingleResp[] responses = basicOCSPResp.getResponses();
                if (responses.length == 1) {
                    SingleResp singleResp = responses[0];
                    System.out.println("Ocsp check : ");
                    System.out.println("This Update: " + singleResp.getThisUpdate());
                    System.out.println("Next Update: " + singleResp.getNextUpdate());
                    Object certStatus = singleResp.getCertStatus();
                    if (certStatus == CertificateStatus.GOOD) {
                        str2 = "OCSP Status is good!";
                        System.out.println(str2);
                    } else if (certStatus instanceof RevokedStatus) {
                        str2 = "OCSP Status is revoked!";
                        System.out.println(str2);
                    } else if (certStatus instanceof UnknownStatus) {
                        str2 = "OCSP Status is unknown!";
                        System.out.println(str2);
                    }
                }
            }
        } catch (Exception e) {
            Logger.getLogger(OcspCheck.class.getName()).log(Level.SEVERE, (String) null, (Throwable) e);
        }
        return str2;
    }
}
