package eu.europa.esig.dss.client.ocsp;

import eu.europa.esig.dss.DSSASN1Utils;
import eu.europa.esig.dss.DSSException;
import eu.europa.esig.dss.DSSRevocationUtils;
import eu.europa.esig.dss.client.NonceSource;
import eu.europa.esig.dss.client.http.DataLoader;
import eu.europa.esig.dss.client.http.commons.OCSPDataLoader;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.x509.CertificateToken;
import eu.europa.esig.dss.x509.ocsp.OCSPRespStatus;
import eu.europa.esig.dss.x509.ocsp.OCSPSource;
import eu.europa.esig.dss.x509.ocsp.OCSPToken;
import java.io.IOException;
import java.math.BigInteger;
import java.security.Security;
import java.util.List;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.cert.ocsp.OCSPReqBuilder;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/client/ocsp/OnlineOCSPSource.class */
public class OnlineOCSPSource implements OCSPSource {
    private static final Logger LOG = LoggerFactory.getLogger(OnlineOCSPSource.class);
    private NonceSource nonceSource;
    private DataLoader dataLoader = new OCSPDataLoader();

    public void setDataLoader(DataLoader dataLoader) {
        this.dataLoader = dataLoader;
    }

    public void setNonceSource(NonceSource nonceSource) {
        this.nonceSource = nonceSource;
    }

    public OCSPToken getOCSPToken(CertificateToken certificateToken, CertificateToken certificateToken2) {
        if (this.dataLoader == null) {
            throw new NullPointerException("DataLoader is not provided !");
        }
        try {
            String dSSIdAsString = certificateToken.getDSSIdAsString();
            LOG.trace("--> OnlineOCSPSource queried for " + dSSIdAsString);
            List oCSPAccessLocations = DSSASN1Utils.getOCSPAccessLocations(certificateToken);
            if (Utils.isCollectionEmpty(oCSPAccessLocations)) {
                LOG.debug("No OCSP location found for " + dSSIdAsString);
                certificateToken.extraInfo().infoNoOcspUriFoundInCertificate();
                return null;
            }
            String str = (String) oCSPAccessLocations.get(0);
            CertificateID oCSPCertificateID = DSSRevocationUtils.getOCSPCertificateID(certificateToken, certificateToken2);
            BigInteger bigInteger = null;
            if (this.nonceSource != null) {
                bigInteger = this.nonceSource.getNonce();
            }
            byte[] post = this.dataLoader.post(str, buildOCSPRequest(oCSPCertificateID, bigInteger));
            if (Utils.isArrayEmpty(post)) {
                return null;
            }
            OCSPResp oCSPResp = new OCSPResp(post);
            OCSPRespStatus fromInt = OCSPRespStatus.fromInt(oCSPResp.getStatus());
            if (!OCSPRespStatus.SUCCESSFUL.equals(fromInt)) {
                certificateToken.extraInfo().infoOCSPException("OCSP Response status : " + fromInt);
                return null;
            }
            OCSPToken oCSPToken = new OCSPToken();
            oCSPToken.setResponseStatus(fromInt);
            oCSPToken.setSourceURL(str);
            oCSPToken.setCertId(oCSPCertificateID);
            oCSPToken.setAvailable(true);
            BasicOCSPResp basicOCSPResp = (BasicOCSPResp) oCSPResp.getResponseObject();
            oCSPToken.setBasicOCSPResp(basicOCSPResp);
            if (this.nonceSource != null) {
                oCSPToken.setUseNonce(true);
                oCSPToken.setNonceMatch(isNonceMatch(basicOCSPResp, bigInteger));
            }
            return oCSPToken;
        } catch (IOException e) {
            throw new DSSException(e);
        } catch (OCSPException e2) {
            throw new DSSException(e2);
        }
    }

    private byte[] buildOCSPRequest(CertificateID certificateID, BigInteger bigInteger) throws DSSException {
        try {
            OCSPReqBuilder oCSPReqBuilder = new OCSPReqBuilder();
            oCSPReqBuilder.addRequest(certificateID);
            if (bigInteger != null) {
                oCSPReqBuilder.setRequestExtensions(new Extensions(new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(new DEROctetString(bigInteger.toByteArray()).getEncoded()))));
            }
            return oCSPReqBuilder.build().getEncoded();
        } catch (IOException e) {
            throw new DSSException("Cannot build OCSP Request", e);
        } catch (OCSPException e2) {
            throw new DSSException("Cannot build OCSP Request", e2);
        }
    }

    private boolean isNonceMatch(BasicOCSPResp basicOCSPResp, BigInteger bigInteger) {
        try {
            DEROctetString fromByteArray = ASN1Primitive.fromByteArray(basicOCSPResp.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce).getExtnValue().getOctets());
            if (fromByteArray instanceof DEROctetString) {
                return bigInteger.equals(new BigInteger(fromByteArray.getOctets()));
            }
            LOG.warn("Nonce extension value in OCSP response is not an OCTET STRING");
            return false;
        } catch (IOException e) {
            LOG.warn("Invalid encoding of nonce extension value in OCSP response", e);
            return false;
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
