package eu.europa.esig.dss.spi;

import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.Digest;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.spi.x509.ResponderId;
import eu.europa.esig.dss.spi.x509.revocation.RevocationToken;
import eu.europa.esig.dss.utils.Utils;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.esf.OtherHash;
import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.ocsp.OCSPResponse;
import org.bouncycastle.asn1.ocsp.OCSPResponseStatus;
import org.bouncycastle.asn1.ocsp.ResponderID;
import org.bouncycastle.asn1.ocsp.ResponseBytes;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.bouncycastle.cert.ocsp.RespID;
import org.bouncycastle.cert.ocsp.SingleResp;
import org.bouncycastle.operator.DigestCalculator;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/spi/DSSRevocationUtils.class */
public final class DSSRevocationUtils {
    private static final Logger LOG = LoggerFactory.getLogger(DSSRevocationUtils.class);
    private static JcaDigestCalculatorProviderBuilder jcaDigestCalculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder();

    private DSSRevocationUtils() {
    }

    public static BasicOCSPResp getBasicOcspResp(ASN1Sequence aSN1Sequence) {
        BasicOCSPResp basicOCSPResp = null;
        try {
            basicOCSPResp = new BasicOCSPResp(BasicOCSPResponse.getInstance(aSN1Sequence));
        } catch (Exception e) {
            LOG.error("Impossible to create BasicOCSPResp from ASN1Sequence!", e);
        }
        return basicOCSPResp;
    }

    public static OCSPResp getOcspResp(ASN1Sequence aSN1Sequence) {
        OCSPResp oCSPResp = null;
        try {
            oCSPResp = new OCSPResp(OCSPResponse.getInstance(aSN1Sequence));
        } catch (Exception e) {
            LOG.error("Impossible to create OCSPResp from ASN1Sequence!", e);
        }
        return oCSPResp;
    }

    public static BasicOCSPResp fromRespToBasic(OCSPResp oCSPResp) {
        BasicOCSPResp basicOCSPResp = null;
        try {
            Object responseObject = oCSPResp.getResponseObject();
            if (responseObject instanceof BasicOCSPResp) {
                basicOCSPResp = (BasicOCSPResp) responseObject;
            } else {
                LOG.warn("Unknown OCSP response type: {}", responseObject.getClass());
            }
        } catch (OCSPException e) {
            LOG.error("Impossible to process OCSPResp!", e);
        }
        return basicOCSPResp;
    }

    public static OCSPResp fromBasicToResp(BasicOCSPResp basicOCSPResp) {
        try {
            return fromBasicToResp(basicOCSPResp.getEncoded());
        } catch (IOException e) {
            throw new DSSException(String.format("Unable to convert BasicOCSPResp to OCSPResp : %s", e.getMessage()), e);
        }
    }

    public static byte[] getEncodedFromBasicResp(BasicOCSPResp basicOCSPResp) {
        try {
            if (basicOCSPResp != null) {
                return fromBasicToResp(basicOCSPResp).getEncoded();
            }
            throw new DSSException("Empty OCSP response");
        } catch (IOException e) {
            throw new DSSException(String.format("OCSP encoding error : %s", e.getMessage()), e);
        }
    }

    public static OCSPResp fromBasicToResp(byte[] bArr) {
        return new OCSPResp(new OCSPResponse(new OCSPResponseStatus(0), new ResponseBytes(OCSPObjectIdentifiers.id_pkix_ocsp_basic, new DEROctetString(bArr))));
    }

    public static DigestAlgorithm getUsedDigestAlgorithm(SingleResp singleResp) {
        return DigestAlgorithm.forOID(singleResp.getCertID().getHashAlgOID().getId());
    }

    public static boolean matches(CertificateID certificateID, SingleResp singleResp) {
        CertificateID certID = singleResp.getCertID();
        return certID.getHashAlgOID().equals(certificateID.getHashAlgOID()) && Arrays.equals(certID.getIssuerKeyHash(), certificateID.getIssuerKeyHash()) && Arrays.equals(certID.getIssuerNameHash(), certificateID.getIssuerNameHash()) && certID.getSerialNumber().equals(certificateID.getSerialNumber());
    }

    public static CertificateID getOCSPCertificateID(CertificateToken certificateToken, CertificateToken certificateToken2, DigestAlgorithm digestAlgorithm) {
        try {
            return new CertificateID(getDigestCalculator(digestAlgorithm), DSSASN1Utils.getX509CertificateHolder(certificateToken2), certificateToken.getSerialNumber());
        } catch (OCSPException e) {
            throw new DSSException("Unable to create CertificateID", e);
        }
    }

    public static DigestCalculator getDigestCalculator(DigestAlgorithm digestAlgorithm) {
        try {
            return jcaDigestCalculatorProviderBuilder.build().get(new AlgorithmIdentifier(new ASN1ObjectIdentifier(digestAlgorithm.getOid()), DERNull.INSTANCE));
        } catch (OperatorCreationException e) {
            throw new DSSException(String.format("Unable to create a DigestCalculator instance. DigestAlgorithm %s is not supported", digestAlgorithm.name()), e);
        }
    }

    public static BasicOCSPResp loadOCSPBase64Encoded(String str) throws IOException {
        return loadOCSPFromBinaries(Utils.fromBase64(str));
    }

    public static BasicOCSPResp loadOCSPFromBinaries(byte[] bArr) throws IOException {
        return fromRespToBasic(new OCSPResp(bArr));
    }

    public static byte[] getEncoded(OCSPResp oCSPResp) {
        try {
            return oCSPResp.getEncoded();
        } catch (IOException e) {
            throw new DSSException(String.format("Unable to get binaries of OCSPResp : %s", e.getMessage()), e);
        }
    }

    public static ResponderId getDSSResponderId(RespID respID) {
        return getDSSResponderId(respID.toASN1Primitive());
    }

    public static ResponderId getDSSResponderId(ResponderID responderID) {
        return new ResponderId(DSSASN1Utils.toX500Principal(responderID.getName()), responderID.getKeyHash());
    }

    public static List<String> getCRLRevocationTokenKeys(CertificateToken certificateToken) {
        List<String> crlUrls = DSSASN1Utils.getCrlUrls(certificateToken);
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = crlUrls.iterator();
        while (it.hasNext()) {
            arrayList.add(getCRLRevocationTokenKey(it.next()));
        }
        return arrayList;
    }

    public static String getCRLRevocationTokenKey(String str) {
        return DSSUtils.getSHA1Digest(str);
    }

    public static List<String> getOcspRevocationTokenKeys(CertificateToken certificateToken) {
        List<String> oCSPAccessLocations = DSSASN1Utils.getOCSPAccessLocations(certificateToken);
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = oCSPAccessLocations.iterator();
        while (it.hasNext()) {
            arrayList.add(getOcspRevocationKey(certificateToken, it.next()));
        }
        return arrayList;
    }

    public static String getOcspRevocationKey(CertificateToken certificateToken, String str) {
        return DSSUtils.getSHA1Digest(certificateToken.getEntityKey() + ":" + str);
    }

    public static SingleResp getLatestSingleResponse(BasicOCSPResp basicOCSPResp, CertificateToken certificateToken, CertificateToken certificateToken2) {
        List<SingleResp> singleResponses = getSingleResponses(basicOCSPResp, certificateToken, certificateToken2);
        if (Utils.isCollectionEmpty(singleResponses)) {
            return null;
        }
        return singleResponses.size() == 1 ? singleResponses.get(0) : getLatestSingleRespInList(singleResponses);
    }

    private static SingleResp getLatestSingleRespInList(List<SingleResp> list) {
        Date date = null;
        SingleResp singleResp = null;
        for (SingleResp singleResp2 : list) {
            Date thisUpdate = singleResp2.getThisUpdate();
            if (date == null || thisUpdate.after(date)) {
                singleResp = singleResp2;
                date = thisUpdate;
            }
        }
        return singleResp;
    }

    public static List<SingleResp> getSingleResponses(BasicOCSPResp basicOCSPResp, CertificateToken certificateToken, CertificateToken certificateToken2) {
        ArrayList arrayList = new ArrayList();
        for (SingleResp singleResp : getSingleResps(basicOCSPResp)) {
            if (matches(getOCSPCertificateID(certificateToken, certificateToken2, getUsedDigestAlgorithm(singleResp)), singleResp)) {
                arrayList.add(singleResp);
            }
        }
        return arrayList;
    }

    private static SingleResp[] getSingleResps(BasicOCSPResp basicOCSPResp) {
        try {
            return basicOCSPResp.getResponses();
        } catch (Exception e) {
            LOG.warn("Unable to extract SingleResp(s) : {}", e.getMessage());
            return new SingleResp[0];
        }
    }

    public static Digest getDigest(OtherHash otherHash) {
        if (otherHash != null) {
            return new Digest(DigestAlgorithm.forOID(otherHash.getHashAlgorithm().getAlgorithm().getId()), otherHash.getHashValue());
        }
        return null;
    }

    public static boolean checkIssuerValidAtRevocationProductionTime(RevocationToken<?> revocationToken) {
        CertificateToken issuerCertificateToken = revocationToken.getIssuerCertificateToken();
        return issuerCertificateToken != null && issuerCertificateToken.isValidOn(revocationToken.getProductionDate());
    }
}
