package network.oxalis.pkix.ocsp;

import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.util.HashMap;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.bouncycastle.cert.ocsp.RevokedStatus;
import org.bouncycastle.cert.ocsp.SingleResp;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/pkix-ocsp-2.0.0.jar:network/oxalis/pkix/ocsp/OcspResponse.class */
public class OcspResponse {
    private final URI uri;
    private final OCSPResp ocspResp;

    public static OcspResponse parse(URI uri, InputStream inputStream) throws IOException {
        return new OcspResponse(uri, new OCSPResp(IOHelper.toByteArray(inputStream)));
    }

    private OcspResponse(URI uri, OCSPResp oCSPResp) {
        this.uri = uri;
        this.ocspResp = oCSPResp;
    }

    public void verifyResponse() throws OcspException {
        switch (this.ocspResp.getStatus()) {
            case 0:
                return;
            case 1:
                throw new OcspServerException("Request was malformed.", new Object[0]);
            case 2:
                throw new OcspServerException("An internal error occurred in the OCSP Server.", new Object[0]);
            case 3:
                throw new OcspServerException("OCSP server is currently too busy.", new Object[0]);
            case 4:
            default:
                throw new OcspServerException("Unknown OCSPResponse status code '%s'.", Integer.valueOf(this.ocspResp.getStatus()));
            case 5:
                throw new OcspServerException("Signed request is required for this OCSP Server.", new Object[0]);
            case 6:
                throw new OcspServerException("Your signature was not authorized by the OCSP Server.", new Object[0]);
        }
    }

    public OcspResult getResult() throws OcspException {
        try {
            Object responseObject = this.ocspResp.getResponseObject();
            if (responseObject instanceof BasicOCSPResp) {
                return parseBasicResponse((BasicOCSPResp) responseObject);
            }
            throw new OcspException("Parsing '%s' not supported.", responseObject);
        } catch (OCSPException e) {
            throw new OcspException(e.getMessage(), e, new Object[0]);
        }
    }

    protected OcspResult parseBasicResponse(BasicOCSPResp basicOCSPResp) {
        HashMap hashMap = new HashMap();
        for (SingleResp singleResp : basicOCSPResp.getResponses()) {
            hashMap.put(singleResp.getCertID().getSerialNumber(), new CertificateResult(parseCertificateStatus(singleResp.getCertStatus()), CertificateIssuer.generate(singleResp.getCertID()), this.uri, singleResp.getCertID().getSerialNumber(), singleResp.getThisUpdate(), singleResp.getNextUpdate()));
        }
        return new OcspResult(hashMap);
    }

    protected CertificateStatus parseCertificateStatus(org.bouncycastle.cert.ocsp.CertificateStatus certificateStatus) {
        return certificateStatus == null ? CertificateStatus.GOOD : certificateStatus instanceof RevokedStatus ? CertificateStatus.REVOKED : CertificateStatus.UNKNOWN;
    }
}
