package eu.europa.ec.markt.dss.validation.ocsp;

import eu.europa.ec.markt.dss.DSSUtils;
import eu.europa.ec.markt.dss.exception.CannotFetchDataException;
import eu.europa.ec.markt.dss.exception.DSSException;
import eu.europa.ec.markt.dss.validation.https.HTTPDataLoader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.x509.AccessDescription;
import org.bouncycastle.asn1.x509.AuthorityInformationAccess;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.ocsp.BasicOCSPResp;
import org.bouncycastle.ocsp.CertificateID;
import org.bouncycastle.ocsp.OCSPException;
import org.bouncycastle.ocsp.OCSPReqGenerator;
import org.bouncycastle.ocsp.OCSPResp;

/* loaded from: input_file:applet/signature-client.jar:eu/europa/ec/markt/dss/validation/ocsp/OnlineOCSPSource.class */
public class OnlineOCSPSource implements OCSPSource {
    private static final Logger LOG = Logger.getLogger(OnlineOCSPSource.class.getName());
    private HTTPDataLoader httpDataLoader;

    public void setHttpDataLoader(HTTPDataLoader hTTPDataLoader) {
        this.httpDataLoader = hTTPDataLoader;
    }

    @Override // eu.europa.ec.markt.dss.validation.ocsp.OCSPSource
    public BasicOCSPResp getOCSPResponse(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws IOException {
        if (this.httpDataLoader == null) {
            throw new DSSException("The HTTPDataLoader must be set. Use setHttpDataLoader method first.");
        }
        try {
            String accessLocation = getAccessLocation(x509Certificate, X509ObjectIdentifiers.ocspAccessMethod);
            if (LOG.isLoggable(Level.INFO)) {
                LOG.info("OCSP URI: " + accessLocation);
            }
            if (accessLocation == null) {
                return null;
            }
            CertificateID certificateID = new CertificateID(CertificateID.HASH_SHA1, x509Certificate2, x509Certificate.getSerialNumber());
            OCSPReqGenerator oCSPReqGenerator = new OCSPReqGenerator();
            oCSPReqGenerator.addRequest(certificateID);
            try {
                return (BasicOCSPResp) new OCSPResp(this.httpDataLoader.post(accessLocation, new ByteArrayInputStream(oCSPReqGenerator.generate().getEncoded()))).getResponseObject();
            } catch (NullPointerException e) {
                return null;
            }
        } catch (CannotFetchDataException e2) {
            LOG.severe("OCSP error: CannotFetchDataException: " + e2.getMessage());
            return null;
        } catch (OCSPException e3) {
            LOG.severe("OCSP error: " + e3.getMessage());
            return null;
        }
    }

    private String getAccessLocation(X509Certificate x509Certificate, DERObjectIdentifier dERObjectIdentifier) throws IOException {
        byte[] extensionValue = x509Certificate.getExtensionValue(X509Extension.authorityInfoAccess.getId());
        if (null == extensionValue) {
            return null;
        }
        ASN1InputStream aSN1InputStream = null;
        ASN1InputStream aSN1InputStream2 = null;
        try {
            aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(extensionValue));
            aSN1InputStream2 = new ASN1InputStream(((DEROctetString) aSN1InputStream.readObject()).getOctets());
            for (AccessDescription accessDescription : new AuthorityInformationAccess((ASN1Sequence) aSN1InputStream2.readObject()).getAccessDescriptions()) {
                if (LOG.isLoggable(Level.FINE)) {
                    LOG.fine("Access method: " + accessDescription.getAccessMethod());
                }
                if (accessDescription.getAccessMethod().equals(dERObjectIdentifier)) {
                    GeneralName accessLocation = accessDescription.getAccessLocation();
                    if (accessLocation.getTagNo() == 6) {
                        String string = ((DERIA5String) ((DERTaggedObject) accessLocation.getDERObject()).getObject()).getString();
                        if (LOG.isLoggable(Level.FINE)) {
                            LOG.fine("Access location: " + string);
                        }
                        DSSUtils.closeQuietly(aSN1InputStream);
                        DSSUtils.closeQuietly(aSN1InputStream2);
                        return string;
                    }
                    if (LOG.isLoggable(Level.FINE)) {
                        LOG.fine("Not a uniform resource identifier");
                    }
                }
            }
            DSSUtils.closeQuietly(aSN1InputStream);
            DSSUtils.closeQuietly(aSN1InputStream2);
            return null;
        } catch (Throwable th) {
            DSSUtils.closeQuietly(aSN1InputStream);
            DSSUtils.closeQuietly(aSN1InputStream2);
            throw th;
        }
    }

    public String getOCSPUri(X509Certificate x509Certificate) {
        try {
            return getAccessLocation(x509Certificate, X509ObjectIdentifiers.ocspAccessMethod);
        } catch (IOException e) {
            LOG.fine("OCSP location cannot be foud: " + e.getMessage());
            return null;
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
