package eu.europa.esig.dss.client.ocsp;

import eu.europa.esig.dss.DSSException;
import eu.europa.esig.dss.DSSRevocationUtils;
import eu.europa.esig.dss.client.NonceSource;
import eu.europa.esig.dss.client.http.DataLoader;
import eu.europa.esig.dss.client.http.commons.OCSPDataLoader;
import eu.europa.esig.dss.x509.CertificateToken;
import eu.europa.esig.dss.x509.ocsp.OCSPRespStatus;
import eu.europa.esig.dss.x509.ocsp.OCSPSource;
import eu.europa.esig.dss.x509.ocsp.OCSPToken;
import java.io.IOException;
import java.math.BigInteger;
import java.security.Security;
import java.util.Date;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.x509.AccessDescription;
import org.bouncycastle.asn1.x509.AuthorityInformationAccess;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.cert.ocsp.OCSPReqBuilder;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.bouncycastle.cert.ocsp.SingleResp;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/client/ocsp/OnlineOCSPSource.class */
public class OnlineOCSPSource implements OCSPSource {
    private static final Logger logger = LoggerFactory.getLogger(OnlineOCSPSource.class);
    private NonceSource nonceSource;
    private DataLoader dataLoader = new OCSPDataLoader();

    public void setDataLoader(DataLoader dataLoader) {
        this.dataLoader = dataLoader;
    }

    public void setNonceSource(NonceSource nonceSource) {
        this.nonceSource = nonceSource;
    }

    public OCSPToken getOCSPToken(CertificateToken certificateToken, CertificateToken certificateToken2) {
        if (this.dataLoader == null) {
            throw new NullPointerException("DataLoad is not provided !");
        }
        try {
            String dSSIdAsString = certificateToken.getDSSIdAsString();
            logger.trace("--> OnlineOCSPSource queried for " + dSSIdAsString);
            String accessLocation = getAccessLocation(certificateToken);
            if (StringUtils.isEmpty(accessLocation)) {
                logger.debug("No OCSP location found for " + dSSIdAsString);
                certificateToken.extraInfo().infoNoOcspUriFoundInCertificate();
                return null;
            }
            OCSPToken oCSPToken = new OCSPToken();
            oCSPToken.setSourceURL(accessLocation);
            CertificateID oCSPCertificateID = DSSRevocationUtils.getOCSPCertificateID(certificateToken, certificateToken2);
            byte[] post = this.dataLoader.post(accessLocation, buildOCSPRequest(oCSPCertificateID));
            if (ArrayUtils.isEmpty(post)) {
                return oCSPToken;
            }
            oCSPToken.setAvailable(true);
            OCSPResp oCSPResp = new OCSPResp(post);
            OCSPRespStatus fromInt = OCSPRespStatus.fromInt(oCSPResp.getStatus());
            oCSPToken.setResponseStatus(fromInt);
            if (OCSPRespStatus.SUCCESSFUL.equals(fromInt)) {
                BasicOCSPResp basicOCSPResp = (BasicOCSPResp) oCSPResp.getResponseObject();
                oCSPToken.setBasicOCSPResp(basicOCSPResp);
                if (this.nonceSource != null) {
                    oCSPToken.setUseNonce(true);
                    oCSPToken.setNonceMatch(isNonceMatch(basicOCSPResp));
                }
                oCSPToken.setBestSingleResp(getBestSingleResp(basicOCSPResp, oCSPCertificateID));
            }
            return oCSPToken;
        } catch (IOException e) {
            throw new DSSException(e);
        } catch (OCSPException e2) {
            throw new DSSException(e2);
        }
    }

    private byte[] buildOCSPRequest(CertificateID certificateID) throws DSSException {
        try {
            OCSPReqBuilder oCSPReqBuilder = new OCSPReqBuilder();
            oCSPReqBuilder.addRequest(certificateID);
            if (this.nonceSource != null) {
                oCSPReqBuilder.setRequestExtensions(new Extensions(new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(this.nonceSource.getNonce().toByteArray()))));
            }
            return oCSPReqBuilder.build().getEncoded();
        } catch (IOException e) {
            throw new DSSException("Cannot build OCSP Request", e);
        } catch (OCSPException e2) {
            throw new DSSException("Cannot build OCSP Request", e2);
        }
    }

    private boolean isNonceMatch(BasicOCSPResp basicOCSPResp) {
        return new BigInteger(basicOCSPResp.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce).getExtnValue().getOctets()).equals(this.nonceSource.getNonce());
    }

    private SingleResp getBestSingleResp(BasicOCSPResp basicOCSPResp, CertificateID certificateID) {
        Date date = null;
        SingleResp singleResp = null;
        for (SingleResp singleResp2 : basicOCSPResp.getResponses()) {
            if (DSSRevocationUtils.matches(certificateID, singleResp2)) {
                Date thisUpdate = singleResp2.getThisUpdate();
                if (date == null || thisUpdate.after(date)) {
                    singleResp = singleResp2;
                    date = thisUpdate;
                }
            }
        }
        return singleResp;
    }

    public String getAccessLocation(CertificateToken certificateToken) throws DSSException {
        byte[] extensionValue = certificateToken.getCertificate().getExtensionValue(Extension.authorityInfoAccess.getId());
        if (ArrayUtils.isEmpty(extensionValue)) {
            return null;
        }
        ASN1InputStream aSN1InputStream = null;
        ASN1InputStream aSN1InputStream2 = null;
        try {
            try {
                aSN1InputStream = new ASN1InputStream(extensionValue);
                aSN1InputStream2 = new ASN1InputStream(aSN1InputStream.readObject().getOctets());
                for (AccessDescription accessDescription : AuthorityInformationAccess.getInstance(aSN1InputStream2.readObject()).getAccessDescriptions()) {
                    if (logger.isDebugEnabled()) {
                        logger.debug("Access method OID : " + accessDescription.getAccessMethod());
                    }
                    if (X509ObjectIdentifiers.ocspAccessMethod.equals(accessDescription.getAccessMethod())) {
                        GeneralName accessLocation = accessDescription.getAccessLocation();
                        if (accessLocation.getTagNo() == 6) {
                            String string = accessLocation.toASN1Primitive().getObject().getString();
                            if (logger.isDebugEnabled()) {
                                logger.debug("Access location: " + string);
                            }
                            IOUtils.closeQuietly(aSN1InputStream);
                            IOUtils.closeQuietly(aSN1InputStream2);
                            return string;
                        }
                        if (logger.isDebugEnabled()) {
                            logger.debug("Not a uniform resource identifier");
                        }
                    }
                }
                IOUtils.closeQuietly(aSN1InputStream);
                IOUtils.closeQuietly(aSN1InputStream2);
                return null;
            } catch (IOException e) {
                throw new DSSException(e);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(aSN1InputStream);
            IOUtils.closeQuietly(aSN1InputStream2);
            throw th;
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
