package eu.europa.ec.markt.dss.validation102853;

import eu.europa.ec.markt.dss.validation.ocsp.OCSPSource;
import eu.europa.ec.markt.dss.validation.ocsp.OnlineOCSPSource;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.bouncycastle.asn1.x509.CRLReason;
import org.bouncycastle.ocsp.BasicOCSPResp;
import org.bouncycastle.ocsp.CertificateID;
import org.bouncycastle.ocsp.OCSPException;
import org.bouncycastle.ocsp.RevokedStatus;
import org.bouncycastle.ocsp.SingleResp;
import org.bouncycastle.ocsp.UnknownStatus;

/* loaded from: input_file:applet/signature-client.jar:eu/europa/ec/markt/dss/validation102853/OCSPCertificateVerifier.class */
public class OCSPCertificateVerifier implements CertificateStatusVerifier {
    private static final Logger LOG = Logger.getLogger(OCSPCertificateVerifier.class.getName());
    private final OCSPSource ocspSource;
    private final CertificatePool validationCertPool;

    public OCSPCertificateVerifier(OCSPSource oCSPSource, CertificatePool certificatePool) {
        this.ocspSource = oCSPSource;
        this.validationCertPool = certificatePool;
    }

    @Override // eu.europa.ec.markt.dss.validation102853.CertificateStatusVerifier
    public RevocationToken check(CertificateToken certificateToken) {
        if (this.ocspSource == null) {
            LOG.warning("OCSPSource null");
            certificateToken.extraInfo().infoOCSPSourceIsNull();
            return null;
        }
        try {
            X509Certificate certificate = certificateToken.getIssuerToken().getCertificate();
            X509Certificate certificate2 = certificateToken.getCertificate();
            BasicOCSPResp oCSPResponse = this.ocspSource.getOCSPResponse(certificate2, certificate);
            if (oCSPResponse == null) {
                if (LOG.isLoggable(Level.INFO)) {
                    LOG.info("OCSP response not found for " + certificateToken.getDSSIdAsString());
                }
                if (!(this.ocspSource instanceof OnlineOCSPSource)) {
                    return null;
                }
                certificateToken.extraInfo().infoNoOCSPResponse(((OnlineOCSPSource) this.ocspSource).getOCSPUri(certificate2));
                return null;
            }
            CertificateID certificateID = new CertificateID(CertificateID.HASH_SHA1, certificate, certificate2.getSerialNumber());
            for (SingleResp singleResp : oCSPResponse.getResponses()) {
                if (certificateID.equals(singleResp.getCertID())) {
                    if (LOG.isLoggable(Level.FINE)) {
                        LOG.fine("OCSP thisUpdate: " + singleResp.getThisUpdate());
                        LOG.fine("OCSP nextUpdate: " + singleResp.getNextUpdate());
                    }
                    OCSPToken oCSPToken = new OCSPToken(oCSPResponse, this.validationCertPool);
                    if (this.ocspSource instanceof OnlineOCSPSource) {
                        oCSPToken.setSourceURI(((OnlineOCSPSource) this.ocspSource).getOCSPUri(certificate2));
                    }
                    oCSPToken.setIssuingTime(oCSPResponse.getProducedAt());
                    certificateToken.setRevocationToken(oCSPToken);
                    Object certStatus = singleResp.getCertStatus();
                    if (certStatus == null) {
                        if (LOG.isLoggable(Level.INFO)) {
                            LOG.info("OCSP OK for: " + certificateToken.getDSSIdAsString());
                        }
                        oCSPToken.setStatus(true);
                    } else {
                        if (LOG.isLoggable(Level.INFO)) {
                            LOG.info("OCSP certificate status: " + certStatus.getClass().getName());
                        }
                        if (certStatus instanceof RevokedStatus) {
                            if (LOG.isLoggable(Level.INFO)) {
                                LOG.info("OCSP status revoked");
                            }
                            RevokedStatus revokedStatus = (RevokedStatus) certStatus;
                            oCSPToken.setStatus(false);
                            oCSPToken.setRevocationDate(revokedStatus.getRevocationTime());
                            oCSPToken.setReason(new CRLReason(revokedStatus.getRevocationReason()).toString());
                        } else if (certStatus instanceof UnknownStatus) {
                            if (LOG.isLoggable(Level.INFO)) {
                                LOG.info("OCSP status unknown");
                            }
                            oCSPToken.setReason("OCSP status: unknown");
                        }
                    }
                    return oCSPToken;
                }
            }
            if (LOG.isLoggable(Level.INFO)) {
                LOG.fine("No matching OCSP response entry");
            }
            certificateToken.extraInfo().infoNoOCSPResponse(null);
            return null;
        } catch (IOException e) {
            LOG.log(Level.SEVERE, "OCSP exception: " + e.getMessage(), (Throwable) e);
            certificateToken.extraInfo().infoOCSPException(e);
            return null;
        } catch (OCSPException e2) {
            LOG.severe("OCSP exception: " + e2.getMessage());
            certificateToken.extraInfo().infoOCSPException(e2);
            throw new RuntimeException(e2);
        }
    }
}
