package org.linagora.jaxbxades.client;

import java.io.BufferedOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.Vector;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.ocsp.BasicOCSPResp;
import org.bouncycastle.ocsp.CertificateID;
import org.bouncycastle.ocsp.CertificateStatus;
import org.bouncycastle.ocsp.OCSPException;
import org.bouncycastle.ocsp.OCSPReq;
import org.bouncycastle.ocsp.OCSPReqGenerator;
import org.bouncycastle.ocsp.OCSPResp;
import org.bouncycastle.ocsp.SingleResp;
import org.linagora.jaxbxades.utils.XadesSetup;
import org.linagora.jaxbxades.utils.encode.HexaEncoding;

/* loaded from: input_file:WEB-INF/lib/xades-1.0.jar:org/linagora/jaxbxades/client/OcspClient.class */
public class OcspClient {
    private OcspClient() {
    }

    public static OCSPReq generateOCSPRequest(X509Certificate x509Certificate, BigInteger bigInteger) throws OCSPException {
        Security.addProvider(new BouncyCastleProvider());
        CertificateID certificateID = new CertificateID(CertificateID.HASH_SHA1, x509Certificate, bigInteger);
        OCSPReqGenerator oCSPReqGenerator = new OCSPReqGenerator();
        oCSPReqGenerator.addRequest(certificateID);
        BigInteger valueOf = BigInteger.valueOf(System.currentTimeMillis());
        Vector vector = new Vector();
        Vector vector2 = new Vector();
        vector.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
        vector2.add(new X509Extension(false, (ASN1OctetString) new DEROctetString(valueOf.toByteArray())));
        oCSPReqGenerator.setRequestExtensions(new X509Extensions(vector, vector2));
        return oCSPReqGenerator.generate();
    }

    public static OCSPReq generateOCSPRequest(List<X509Certificate> list) throws OCSPException {
        Security.addProvider(new BouncyCastleProvider());
        OCSPReqGenerator oCSPReqGenerator = new OCSPReqGenerator();
        int i = 0;
        while (i < list.size()) {
            oCSPReqGenerator.addRequest(i == list.size() - 1 ? new CertificateID(CertificateID.HASH_SHA1, list.get(i), list.get(i).getSerialNumber()) : new CertificateID(CertificateID.HASH_SHA1, list.get(i + 1), list.get(i).getSerialNumber()));
            i++;
        }
        BigInteger valueOf = BigInteger.valueOf(System.currentTimeMillis());
        Vector vector = new Vector();
        Vector vector2 = new Vector();
        vector.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
        vector2.add(new X509Extension(false, (ASN1OctetString) new DEROctetString(valueOf.toByteArray())));
        oCSPReqGenerator.setRequestExtensions(new X509Extensions(vector, vector2));
        return oCSPReqGenerator.generate();
    }

    public static OCSPResp send(OCSPReq oCSPReq) throws OCSPException {
        try {
            byte[] encoded = oCSPReq.getEncoded();
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(XadesSetup.getDefaultInstance().getOcspUrl()).openConnection();
            httpURLConnection.setRequestProperty("Content-Type", "application/ocsp-request");
            httpURLConnection.setRequestProperty("Accept", "application/ocsp-response");
            httpURLConnection.setDoOutput(true);
            DataOutputStream dataOutputStream = new DataOutputStream(new BufferedOutputStream(httpURLConnection.getOutputStream()));
            dataOutputStream.write(encoded);
            dataOutputStream.flush();
            dataOutputStream.close();
            if (httpURLConnection.getResponseCode() / 100 != 2) {
                throw new OCSPException("http erreur:" + httpURLConnection.getResponseCode());
            }
            return new OCSPResp((InputStream) httpURLConnection.getContent());
        } catch (MalformedURLException e) {
            throw new OCSPException(e.getMessage(), e);
        } catch (IOException e2) {
            throw new OCSPException(e2.getMessage(), e2);
        }
    }

    public static OCSPResp sendRequest(List<X509Certificate> list) throws OCSPException {
        return send(generateOCSPRequest(list));
    }

    public static OCSPResp sendRequest(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws OCSPException {
        return send(generateOCSPRequest(x509Certificate2, x509Certificate.getSerialNumber()));
    }

    public static void display(OCSPResp oCSPResp, OCSPReq oCSPReq) throws OCSPException {
        System.out.println("ocsp Status:" + oCSPResp.getStatus());
        BasicOCSPResp basicOCSPResp = (BasicOCSPResp) oCSPResp.getResponseObject();
        System.out.println("ocsp ProducedAt:" + basicOCSPResp.getProducedAt());
        System.out.println("ocsp Signature:" + basicOCSPResp.getSignature());
        System.out.print("ocsp ResponderId:");
        DERTaggedObject dERTaggedObject = (DERTaggedObject) basicOCSPResp.getResponderId().toASN1Object().getDERObject();
        if (dERTaggedObject.getTagNo() == 1) {
            System.out.println(dERTaggedObject.getObjectParser(1, true).toString());
        } else {
            System.out.println(HexaEncoding.data2hex(((DEROctetString) dERTaggedObject.getObjectParser(2, true)).getOctets()));
        }
        SingleResp[] responses = basicOCSPResp.getResponses();
        byte[] extensionValue = oCSPReq.getExtensionValue(OCSPObjectIdentifiers.id_pkix_ocsp_nonce.getId());
        byte[] extensionValue2 = basicOCSPResp.getExtensionValue(OCSPObjectIdentifiers.id_pkix_ocsp_nonce.getId());
        if (extensionValue != null && !Arrays.equals(extensionValue, extensionValue2)) {
            System.out.println("response nonce failed to validate");
            return;
        }
        for (int i = 0; i != responses.length; i++) {
            System.out.print(responses[i].getCertID().getSerialNumber());
            if (responses[i].getCertStatus() == CertificateStatus.GOOD) {
                System.out.println(" status: good");
            } else {
                System.out.println(" status: revoked");
            }
        }
    }
}
