package org.digidoc4j.ddoc.utils;

import java.util.Set;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.digidoc4j.ddoc.Base64Util;
import org.digidoc4j.ddoc.DigiDocException;
import org.digidoc4j.ddoc.SignedDoc;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/digidoc4j/ddoc/utils/BouncyCastleNotaryUtil.class */
public final class BouncyCastleNotaryUtil {
    private static final Logger m_logger = LoggerFactory.getLogger(BouncyCastleNotaryUtil.class);

    private BouncyCastleNotaryUtil() {
    }

    public static byte[] getNonce(BasicOCSPResp basicOCSPResp, SignedDoc signedDoc) {
        Extension extension;
        if (basicOCSPResp == null) {
            return null;
        }
        try {
            byte[] bArr = null;
            Set nonCriticalExtensionOIDs = basicOCSPResp.getNonCriticalExtensionOIDs();
            boolean z = false;
            String str = null;
            if (m_logger.isDebugEnabled()) {
                m_logger.debug("Nonce exts: " + nonCriticalExtensionOIDs.size());
            }
            if (nonCriticalExtensionOIDs.size() >= 1 && (extension = basicOCSPResp.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce)) != null) {
                if (m_logger.isDebugEnabled()) {
                    m_logger.debug("Ext: " + extension.getExtnId() + " val-len: " + (extension.getExtnValue() != null ? extension.getExtnValue().getOctets().length : 0));
                }
                if (extension.getExtnValue() == null || extension.getExtnValue().getOctets() == null || extension.getExtnValue().getOctets().length != 20) {
                    bArr = extension.getParsedValue().toASN1Primitive().getEncoded();
                } else {
                    bArr = extension.getExtnValue().getOctets();
                    m_logger.debug("Raw nonce len: " + (bArr != null ? bArr.length : 0));
                }
            }
            boolean booleanProperty = ConfigManager.instance().getBooleanProperty("CHECK_OCSP_NONCE", false);
            if (signedDoc != null && signedDoc.getFormat() != null && signedDoc.getFormat().equals(SignedDoc.FORMAT_SK_XML)) {
                booleanProperty = false;
            }
            if (m_logger.isDebugEnabled() && bArr != null) {
                m_logger.debug("Nonce hex: " + ConvertUtils.bin2hex(bArr) + " b64: " + Base64Util.encode(bArr) + " len: " + bArr.length + " asn1: false");
            }
            if ((signedDoc == null || (signedDoc.getFormat() != null && signedDoc.getFormat().equals(SignedDoc.FORMAT_DIGIDOC_XML))) && bArr != null && bArr.length == 22) {
                byte[] bArr2 = new byte[20];
                System.arraycopy(bArr, bArr.length - 20, bArr2, 0, 20);
                bArr = bArr2;
                z = true;
                str = "ASN1-NONCE";
            }
            if (!m_logger.isDebugEnabled() || bArr == null) {
                m_logger.debug("No nonce");
            } else {
                m_logger.debug("Nonce hex: " + ConvertUtils.bin2hex(bArr) + " b64: " + Base64Util.encode(bArr) + " len: " + bArr.length + " type: " + str);
            }
            if (z || !booleanProperty) {
                return bArr;
            }
            throw new DigiDocException(71, "Invalid nonce: " + (bArr != null ? ConvertUtils.bin2hex(bArr) + " length: " + bArr.length : "NO-NONCE") + "!", null);
        } catch (Exception e) {
            m_logger.error("Error reading ocsp nonce: " + e);
            e.printStackTrace();
            return null;
        }
    }

    public static boolean isApplicableFormatForOcspNonce(SignedDoc signedDoc) {
        if (signedDoc != null) {
            return SignedDoc.FORMAT_SK_XML.equals(signedDoc.getFormat()) || SignedDoc.FORMAT_DIGIDOC_XML.equals(signedDoc.getFormat());
        }
        m_logger.warn("Signed Doc is null, unable to determine if applicable for OCSP nonce");
        return false;
    }
}
