package bluecrystal.service.validator;

import bluecrystal.bcdeps.helper.DerEncoder;
import bluecrystal.domain.OperationStatus;
import bluecrystal.service.exception.OCSPQueryException;
import bluecrystal.service.exception.RevokedException;
import bluecrystal.service.exception.UndefStateException;
import bluecrystal.service.loader.CacheManager;
import bluecrystal.service.service.ServiceFacade;
import bluecrystal.service.util.PrefsFactory;
import java.io.IOException;
import java.net.MalformedURLException;
import java.security.cert.CRLException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.List;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.cert.ocsp.OCSPReq;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.bouncycastle.cert.ocsp.RevokedStatus;
import org.bouncycastle.cert.ocsp.SingleResp;
import org.bouncycastle.operator.OperatorCreationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:bluecrystal/service/validator/OcspValidatorImpl.class */
public class OcspValidatorImpl implements OcspValidator {
    static final Logger LOG = LoggerFactory.getLogger(OcspValidatorImpl.class);
    static final long ONE_MINUTE_IN_MILLIS = 60000;
    static final long MIN_VALID = 3600000;

    @Override // bluecrystal.service.validator.OcspValidator
    public OperationStatus verifyOCSP(X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) throws IOException, CertificateException, CRLException, UndefStateException, RevokedException, OperatorCreationException {
        try {
            OCSPReq GenOcspReq = GenOcspReq(x509Certificate, x509Certificate2);
            OCSPResp oCSPResp = null;
            for (String str : extractOCSPUrl(x509Certificate)) {
                try {
                    String str2 = String.valueOf(str) + "?reqHash=" + x509Certificate.hashCode();
                    CacheManager cacheManager = PrefsFactory.getCacheManager();
                    oCSPResp = (OCSPResp) cacheManager.getInCache(str2, date);
                    if (oCSPResp != null) {
                        break;
                    }
                    oCSPResp = xchangeOcsp(str, GenOcspReq);
                    cacheManager.addToCache(str2, oCSPResp);
                    break;
                } catch (Exception e) {
                    LOG.error("Error exchanging OCSP", e);
                }
            }
            if (oCSPResp != null) {
                Date xtractNextUpdate = xtractNextUpdate(oCSPResp);
                return xtractNextUpdate != null ? new OperationStatus(0, xtractNextUpdate) : new OperationStatus(0, new Date(new Date().getTime() + MIN_VALID));
            }
        } catch (OCSPQueryException e2) {
            LOG.error("Error executing OCSP Operation", e2);
        } catch (OCSPException e3) {
            LOG.error("Error executing OCSP Operation", e3);
        }
        return new OperationStatus(1, (Date) null);
    }

    public static Date xtractNextUpdate(OCSPResp oCSPResp) throws OCSPQueryException {
        int status = oCSPResp.getStatus();
        switch (status) {
            case ServiceFacade.NDX_SHA1 /* 0 */:
                try {
                    BasicOCSPResp basicOCSPResp = (BasicOCSPResp) oCSPResp.getResponseObject();
                    if (basicOCSPResp == null) {
                        throw new OCSPQueryException("***");
                    }
                    SingleResp[] responses = basicOCSPResp.getResponses();
                    if (responses.length == 0) {
                        return null;
                    }
                    SingleResp singleResp = responses[0];
                    if (singleResp.getCertStatus() instanceof RevokedStatus) {
                        throw new RevokedException();
                    }
                    LOG.debug("this-update=" + singleResp.getThisUpdate().getTime());
                    LOG.debug("next-update=" + singleResp.getNextUpdate().getTime());
                    return singleResp.getNextUpdate();
                } catch (Exception e) {
                    throw new OCSPQueryException(e);
                }
            case ServiceFacade.NDX_SHA224 /* 1 */:
            case ServiceFacade.NDX_SHA256 /* 2 */:
            case ServiceFacade.NDX_SHA384 /* 3 */:
            case 5:
            case 6:
                throw new OCSPQueryException("OCSP Error: " + Integer.toString(status));
            case ServiceFacade.NDX_SHA512 /* 4 */:
            default:
                throw new OCSPQueryException("***");
        }
    }

    private OCSPResp xchangeOcsp(String str, OCSPReq oCSPReq) throws MalformedURLException, IOException, OCSPQueryException {
        return new OCSPResp(PrefsFactory.getHttpLoader().post(str, "application/ocsp-request", oCSPReq.getEncoded()));
    }

    private OCSPReq GenOcspReq(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws OCSPException, CertificateEncodingException, OperatorCreationException, IOException {
        return DerEncoder.GenOcspReq(x509Certificate, x509Certificate2);
    }

    private List<String> extractOCSPUrl(X509Certificate x509Certificate) throws CRLException {
        return DerEncoder.extractOCSPUrl(x509Certificate);
    }
}
