package eu.europa.esig.dss.cookbook.sources;

import eu.europa.esig.dss.DSSException;
import eu.europa.esig.dss.DSSRevocationUtils;
import eu.europa.esig.dss.DSSUtils;
import eu.europa.esig.dss.x509.CertificateToken;
import eu.europa.esig.dss.x509.CommonCertificateSource;
import eu.europa.esig.dss.x509.ocsp.OCSPSource;
import eu.europa.esig.dss.x509.ocsp.OCSPToken;
import java.io.FileInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cert.ocsp.CertificateStatus;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.cert.ocsp.OCSPReq;
import org.bouncycastle.cert.ocsp.OCSPReqBuilder;
import org.bouncycastle.cert.ocsp.Req;
import org.bouncycastle.cert.ocsp.RevokedStatus;
import org.bouncycastle.cert.ocsp.UnknownStatus;
import org.bouncycastle.cert.ocsp.jcajce.JcaBasicOCSPRespBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/cookbook/sources/AlwaysValidOCSPSource.class */
public class AlwaysValidOCSPSource implements OCSPSource {
    private static final Logger LOG = LoggerFactory.getLogger(AlwaysValidOCSPSource.class);
    private final PrivateKey privateKey;
    private final X509Certificate signingCert;
    private Date ocspDate;
    private CertificateStatus expectedResponse;

    public AlwaysValidOCSPSource() {
        this("src/main/resources/ocsp.p12", "password");
    }

    public AlwaysValidOCSPSource(String str, String str2) {
        this.ocspDate = new Date();
        this.expectedResponse = CertificateStatus.GOOD;
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(new FileInputStream(str), str2.toCharArray());
            String nextElement = keyStore.aliases().nextElement();
            this.signingCert = (X509Certificate) keyStore.getCertificate(nextElement);
            this.privateKey = (PrivateKey) keyStore.getKey(nextElement, str2.toCharArray());
            if (LOG.isTraceEnabled()) {
                LOG.trace("OCSP mockup with signing certificate:\n" + new CommonCertificateSource().addCertificate(new CertificateToken(this.signingCert)));
            }
        } catch (Exception e) {
            throw new DSSException(e);
        }
    }

    public CertificateStatus getExpectedResponse() {
        return this.expectedResponse;
    }

    public void setGoodStatus() {
        this.expectedResponse = CertificateStatus.GOOD;
    }

    public void setUnknownStatus() {
        this.expectedResponse = new UnknownStatus();
    }

    public void setRevokedStatus(Date date, int i) {
        this.expectedResponse = new RevokedStatus(date, i);
    }

    public OCSPToken getOCSPToken(CertificateToken certificateToken, CertificateToken certificateToken2) {
        try {
            BigInteger serialNumber = certificateToken.getCertificate().getSerialNumber();
            X509Certificate certificate = certificateToken2.getCertificate();
            OCSPReq generateOCSPRequest = generateOCSPRequest(certificate, serialNumber);
            JcaBasicOCSPRespBuilder jcaBasicOCSPRespBuilder = new JcaBasicOCSPRespBuilder(certificate.getPublicKey(), DSSRevocationUtils.getSHA1DigestCalculator());
            Extension extension = generateOCSPRequest.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
            if (extension != null) {
                jcaBasicOCSPRespBuilder.setResponseExtensions(new Extensions(new Extension[]{extension}));
            }
            Req[] requestList = generateOCSPRequest.getRequestList();
            for (int i = 0; i != requestList.length; i++) {
                CertificateID certID = requestList[i].getCertID();
                if (1 != 0) {
                    jcaBasicOCSPRespBuilder.addResponse(certID, CertificateStatus.GOOD, this.ocspDate, (Date) null, (Extensions) null);
                } else {
                    jcaBasicOCSPRespBuilder.addResponse(certID, new RevokedStatus(DSSUtils.getDate(this.ocspDate, -1), 9));
                }
            }
            BasicOCSPResp build = jcaBasicOCSPRespBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(this.privateKey), new X509CertificateHolder[]{new X509CertificateHolder(certificate.getEncoded())}, this.ocspDate);
            OCSPToken oCSPToken = new OCSPToken();
            oCSPToken.setCertId(DSSRevocationUtils.getOCSPCertificateID(certificateToken, certificateToken2));
            oCSPToken.setBasicOCSPResp(build);
            return oCSPToken;
        } catch (OperatorCreationException e) {
            throw new DSSException(e);
        } catch (IOException e2) {
            throw new DSSException(e2);
        } catch (CertificateEncodingException e3) {
            throw new DSSException(e3);
        } catch (OCSPException e4) {
            throw new DSSException(e4);
        }
    }

    public OCSPReq generateOCSPRequest(X509Certificate x509Certificate, BigInteger bigInteger) throws DSSException {
        try {
            CertificateID certificateID = new CertificateID(DSSRevocationUtils.getSHA1DigestCalculator(), new X509CertificateHolder(x509Certificate.getEncoded()), bigInteger);
            OCSPReqBuilder oCSPReqBuilder = new OCSPReqBuilder();
            oCSPReqBuilder.addRequest(certificateID);
            oCSPReqBuilder.setRequestExtensions(new Extensions(new Extension[]{new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, new DEROctetString(BigInteger.valueOf(this.ocspDate.getTime()).toByteArray()))}));
            return oCSPReqBuilder.build();
        } catch (IOException e) {
            throw new DSSException(e);
        } catch (CertificateEncodingException e2) {
            throw new DSSException(e2);
        } catch (OCSPException e3) {
            throw new DSSException(e3);
        }
    }

    public void setOcspDate(Date date) {
        this.ocspDate = date;
    }

    static {
        try {
            Security.addProvider(new BouncyCastleProvider());
        } catch (Throwable th) {
            LOG.error(th.getMessage(), th);
        }
    }
}
