package de.cardcontact.scdp.ocsp;

import java.io.InputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cert.ocsp.OCSPReqBuilder;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.bouncycastle.cert.ocsp.RevokedStatus;
import org.bouncycastle.cert.ocsp.SingleResp;
import org.bouncycastle.cert.ocsp.UnknownStatus;
import org.bouncycastle.operator.DigestCalculatorProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.x509.extension.X509ExtensionUtil;

/* loaded from: input_file:de/cardcontact/scdp/ocsp/OCSPQuery.class */
public class OCSPQuery {
    public static final int GOOD = 0;
    public static final int UNKNOWN = 1;
    public static final int REVOKED = 100;
    public static final int KEYCOMPROMISE = 101;
    public static final int CACOMPROMISE = 102;
    public static final int AFFILIATIONCHANGED = 103;
    public static final int SUPERSEDED = 104;
    public static final int CESSATIONOFOPERATION = 105;
    public static final int CERTIFICATEHOLD = 106;
    public static final int REMOVEFROMCRL = 108;
    public static final int PRIVILEGEWITHDRAWN = 109;
    public static final int AACOMPROMISE = 110;
    X509Certificate issuercert;
    X509Certificate rootcert;
    HashMap map = new HashMap();
    HashMap cs = null;
    DigestCalculatorProvider digCalcProv;
    byte[] ocspResponse;

    public OCSPQuery(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        this.issuercert = x509Certificate2;
        this.rootcert = x509Certificate;
        try {
            this.digCalcProv = new JcaDigestCalculatorProviderBuilder().setProvider("BC").build();
        } catch (OperatorCreationException e) {
            e.printStackTrace();
        }
    }

    public static String reasonText(int i) {
        String str = "Invalid reason code";
        switch (i) {
            case 0:
                str = "Good";
                break;
            case 1:
                str = "Unknown";
                break;
            case REVOKED /* 100 */:
                str = "Revoked(0)";
                break;
            case KEYCOMPROMISE /* 101 */:
                str = "Key compromise(1)";
                break;
            case CACOMPROMISE /* 102 */:
                str = "CA compromise(2)";
                break;
            case AFFILIATIONCHANGED /* 103 */:
                str = "Affilitation changed(3)";
                break;
            case SUPERSEDED /* 104 */:
                str = "Superseded(4)";
                break;
            case CESSATIONOFOPERATION /* 105 */:
                str = "Cessation of operation(5)";
                break;
            case CERTIFICATEHOLD /* 106 */:
                str = "Certificate hold(6)";
                break;
            case REMOVEFROMCRL /* 108 */:
                str = "Remove from CRL(8)";
                break;
            case PRIVILEGEWITHDRAWN /* 109 */:
                str = "Privilege withdrawn(9)";
                break;
            case AACOMPROMISE /* 110 */:
                str = "AA compromise(10)";
                break;
        }
        return str;
    }

    public void addCertificate(X509Certificate x509Certificate) throws OCSPQueryException {
        try {
            x509Certificate.verify(this.issuercert.getPublicKey());
            this.map.put(new CertificateID(this.digCalcProv.get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(x509Certificate), x509Certificate.getSerialNumber()), x509Certificate);
        } catch (Exception e) {
            throw new OCSPQueryException(e.toString());
        }
    }

    public byte[] getRequest() throws OCSPQueryException {
        try {
            OCSPReqBuilder oCSPReqBuilder = new OCSPReqBuilder();
            Iterator it = this.map.keySet().iterator();
            while (it.hasNext()) {
                oCSPReqBuilder.addRequest((CertificateID) it.next());
            }
            return oCSPReqBuilder.build().getEncoded();
        } catch (Exception e) {
            throw new OCSPQueryException(e.toString());
        }
    }

    public byte[] getResponse() throws OCSPQueryException {
        return this.ocspResponse;
    }

    public byte[] post(String str, byte[] bArr, String[] strArr) throws OCSPQueryException {
        try {
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
            httpURLConnection.setAllowUserInteraction(false);
            httpURLConnection.setDoInput(true);
            httpURLConnection.setDoOutput(true);
            httpURLConnection.setUseCaches(false);
            httpURLConnection.setInstanceFollowRedirects(false);
            httpURLConnection.setRequestMethod("POST");
            if (strArr == null) {
                httpURLConnection.setRequestProperty("Content-Length", Integer.toString(bArr.length));
                httpURLConnection.setRequestProperty("Content-Type", "application/ocsp-request");
            } else {
                for (String str2 : strArr) {
                    int indexOf = str2.indexOf(58);
                    if (indexOf == -1) {
                        throw new OCSPQueryException("HTTP header must be in format '<key>: <value>'");
                    }
                    httpURLConnection.setRequestProperty(str2.substring(0, indexOf), str2.substring(indexOf + 2));
                }
            }
            httpURLConnection.connect();
            OutputStream outputStream = httpURLConnection.getOutputStream();
            outputStream.write(bArr);
            outputStream.close();
            if (httpURLConnection.getResponseCode() != 200) {
                throw new OCSPQueryException("Server did not respond with HTTP_OK(200) but with " + httpURLConnection.getResponseCode());
            }
            if (httpURLConnection.getContentType() == null || !httpURLConnection.getContentType().equals("application/ocsp-response")) {
                throw new OCSPQueryException("Response MIME type is not application/ocsp-response");
            }
            InputStream inputStream = httpURLConnection.getInputStream();
            int contentLength = httpURLConnection.getContentLength();
            if (contentLength < 0) {
                contentLength = 32768;
            }
            this.ocspResponse = new byte[contentLength];
            int i = 0;
            int i2 = 0;
            while (contentLength > 0) {
                int read = inputStream.read(this.ocspResponse, i, contentLength);
                i2 = read;
                if (read == -1) {
                    break;
                }
                i += i2;
                contentLength -= i2;
            }
            inputStream.close();
            httpURLConnection.disconnect();
            if (i2 == -1) {
                byte[] bArr2 = new byte[i];
                System.arraycopy(this.ocspResponse, 0, bArr2, 0, i);
                this.ocspResponse = bArr2;
            } else if (contentLength > 0) {
                throw new OCSPQueryException("Could not read full response");
            }
            this.cs = null;
            return this.ocspResponse;
        } catch (OCSPQueryException e) {
            throw e;
        } catch (Exception e2) {
            throw new OCSPQueryException("Error talking to OCSP responder: " + e2.getMessage());
        }
    }

    public byte[] post(String str, byte[] bArr) throws OCSPQueryException {
        return post(str, bArr, null);
    }

    public void decodeResponse(byte[] bArr) throws OCSPQueryException {
        try {
            this.ocspResponse = bArr;
            OCSPResp oCSPResp = new OCSPResp(bArr);
            switch (oCSPResp.getStatus()) {
                case 0:
                    BasicOCSPResp basicOCSPResp = (BasicOCSPResp) oCSPResp.getResponseObject();
                    if (basicOCSPResp == null) {
                        throw new OCSPQueryException("No BasicOCSPResponse found in response");
                    }
                    if (!basicOCSPResp.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(basicOCSPResp.getCerts()[0]))) {
                        throw new OCSPQueryException("OCSP Signature verification failed");
                    }
                    SingleResp[] responses = basicOCSPResp.getResponses();
                    this.cs = new HashMap(responses.length);
                    for (int i = 0; i < responses.length; i++) {
                        this.cs.put(responses[i].getCertID(), responses[i]);
                    }
                    return;
                case 1:
                    throw new OCSPQueryException("Malformed request");
                case 2:
                    throw new OCSPQueryException("Internal OCSP server error");
                case 3:
                    throw new OCSPQueryException("The server was too busy to answer");
                case 4:
                default:
                    throw new OCSPQueryException("Unknown OCSPResponse status code");
                case 5:
                    throw new OCSPQueryException("Signature required for request");
                case 6:
                    throw new OCSPQueryException("Not authorised to access server");
            }
        } catch (OCSPQueryException e) {
            throw e;
        } catch (Exception e2) {
            throw new OCSPQueryException("OCSP decode error: " + String.valueOf(e2));
        }
    }

    public void execute(String str) throws OCSPQueryException {
        try {
            this.ocspResponse = post(str, getRequest());
            decodeResponse(this.ocspResponse);
        } catch (OCSPQueryException e) {
            throw e;
        } catch (Exception e2) {
            throw new OCSPQueryException("OCSP.execute() error: " + String.valueOf(e2));
        }
    }

    public void execute() throws OCSPQueryException {
        try {
            execute(new String(X509ExtensionUtil.fromExtensionValue(this.issuercert.getExtensionValue("1.3.6.1.5.5.7.1.1")).getObjectAt(0).getObjectAt(1).getObject().getOctets()));
        } catch (Exception e) {
            throw new OCSPQueryException("OCSP.execute() error: " + String.valueOf(e));
        }
    }

    public int certStatus(X509Certificate x509Certificate) throws OCSPQueryException {
        if (this.cs == null) {
            decodeResponse(this.ocspResponse);
        }
        int i = 0;
        try {
            SingleResp singleResp = (SingleResp) this.cs.get(new CertificateID(this.digCalcProv.get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(this.issuercert), x509Certificate.getSerialNumber()));
            if (singleResp == null) {
                throw new OCSPQueryException("Certificate not contained in query");
            }
            RevokedStatus certStatus = singleResp.getCertStatus();
            if (certStatus != null) {
                if (certStatus instanceof RevokedStatus) {
                    RevokedStatus revokedStatus = certStatus;
                    i = 100;
                    if (revokedStatus.hasRevocationReason()) {
                        i = revokedStatus.getRevocationReason() + 100;
                    }
                } else if (certStatus instanceof UnknownStatus) {
                    i = 1;
                }
            }
            return i;
        } catch (Exception e) {
            throw new OCSPQueryException("OCSP.certStatus() error: " + String.valueOf(e));
        }
    }

    public Date getRevocationTime(X509Certificate x509Certificate) throws OCSPQueryException {
        if (this.cs == null) {
            decodeResponse(this.ocspResponse);
        }
        Date date = null;
        try {
            RevokedStatus certStatus = ((SingleResp) this.cs.get(new CertificateID(this.digCalcProv.get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(this.issuercert), x509Certificate.getSerialNumber()))).getCertStatus();
            if (certStatus != null && (certStatus instanceof RevokedStatus)) {
                date = certStatus.getRevocationTime();
            }
            return date;
        } catch (Exception e) {
            throw new OCSPQueryException("OCSP.certStatus() error: " + String.valueOf(e));
        }
    }
}
