package eu.europa.esig.dss.x509;

import eu.europa.esig.dss.DSSException;
import eu.europa.esig.dss.DSSRevocationUtils;
import eu.europa.esig.dss.DSSUtils;
import eu.europa.esig.dss.SignatureAlgorithm;
import java.io.IOException;
import java.io.StringWriter;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.asn1.x509.CRLReason;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.CertificateStatus;
import org.bouncycastle.cert.ocsp.RevokedStatus;
import org.bouncycastle.cert.ocsp.SingleResp;
import org.bouncycastle.cert.ocsp.UnknownStatus;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/x509/OCSPToken.class */
public class OCSPToken extends RevocationToken {
    private static final Logger logger = LoggerFactory.getLogger(OCSPToken.class);
    private final transient BasicOCSPResp basicOCSPResp;
    private final transient SingleResp singleResp;
    private String sourceURI;

    public OCSPToken(BasicOCSPResp basicOCSPResp, SingleResp singleResp) {
        if (basicOCSPResp == null) {
            throw new NullPointerException();
        }
        if (singleResp == null) {
            throw new NullPointerException();
        }
        this.basicOCSPResp = basicOCSPResp;
        this.singleResp = singleResp;
        this.issuingTime = basicOCSPResp.getProducedAt();
        setStatus(singleResp.getCertStatus());
        this.signatureAlgorithm = SignatureAlgorithm.forOID(basicOCSPResp.getSignatureAlgOID().getId());
        this.extraInfo = new TokenValidationExtraInfo();
        if (logger.isTraceEnabled()) {
            logger.trace("OCSP token, produced at '" + DSSUtils.formatInternal(this.issuingTime) + "' created.");
        }
    }

    private void setStatus(CertificateStatus certificateStatus) {
        if (certificateStatus == null) {
            this.status = true;
            return;
        }
        if (logger.isInfoEnabled()) {
            logger.info("OCSP certificate status: " + certificateStatus.getClass().getName());
        }
        if (!(certificateStatus instanceof RevokedStatus)) {
            if (certificateStatus instanceof UnknownStatus) {
                if (logger.isInfoEnabled()) {
                    logger.info("OCSP status unknown");
                }
                this.reason = "OCSP status: unknown";
                return;
            }
            return;
        }
        if (logger.isInfoEnabled()) {
            logger.info("OCSP status revoked");
        }
        RevokedStatus revokedStatus = (RevokedStatus) certificateStatus;
        this.status = false;
        this.revocationDate = revokedStatus.getRevocationTime();
        this.reason = getRevocationReason(revokedStatus);
    }

    private String getRevocationReason(RevokedStatus revokedStatus) {
        return CRLReason.lookup(getRevocationReasonId(revokedStatus)).toString();
    }

    private int getRevocationReasonId(RevokedStatus revokedStatus) {
        try {
            return revokedStatus.getRevocationReason();
        } catch (IllegalStateException e) {
            logger.warn("OCSP Revocation reason is not available: " + e.getMessage());
            return 0;
        }
    }

    public BasicOCSPResp getBasicOCSPResp() {
        return this.basicOCSPResp;
    }

    public boolean isSignedBy(CertificateToken certificateToken) {
        if (this.issuerToken != null) {
            return this.issuerToken.equals(certificateToken);
        }
        try {
            this.signatureInvalidityReason = "";
            JcaContentVerifierProviderBuilder jcaContentVerifierProviderBuilder = new JcaContentVerifierProviderBuilder();
            jcaContentVerifierProviderBuilder.setProvider("BC");
            this.signatureValid = this.basicOCSPResp.isSignatureValid(jcaContentVerifierProviderBuilder.build(certificateToken.getCertificate().getPublicKey()));
            if (this.signatureValid) {
                this.issuerToken = certificateToken;
            }
            this.issuerX500Principal = certificateToken.getSubjectX500Principal();
        } catch (Exception e) {
            this.signatureInvalidityReason = e.getClass().getSimpleName() + " - " + e.getMessage();
            this.signatureValid = false;
        }
        return this.signatureValid;
    }

    public String getSourceURL() {
        return this.sourceURI;
    }

    public void setSourceURI(String str) {
        this.sourceURI = str;
    }

    public boolean isValid() {
        return this.signatureValid;
    }

    public String getAbbreviation() {
        return "OCSPToken[" + DSSUtils.formatInternal(this.basicOCSPResp.getProducedAt()) + ", signedBy=" + (this.issuerToken == null ? "?" : this.issuerToken.getDSSIdAsString()) + "]";
    }

    public String toString(String str) {
        StringWriter stringWriter = new StringWriter();
        stringWriter.append((CharSequence) str).append((CharSequence) "OCSPToken[");
        stringWriter.append((CharSequence) "ProductionTime: ").append((CharSequence) DSSUtils.formatInternal(this.issuingTime)).append((CharSequence) "; ");
        stringWriter.append((CharSequence) "ThisUpdate: ").append((CharSequence) DSSUtils.formatInternal(this.singleResp.getThisUpdate())).append((CharSequence) "; ");
        stringWriter.append((CharSequence) "NextUpdate: ").append((CharSequence) DSSUtils.formatInternal(this.singleResp.getNextUpdate())).append('\n');
        stringWriter.append((CharSequence) "SignedBy: ").append((CharSequence) (this.issuerToken != null ? this.issuerToken.getDSSIdAsString() : null)).append('\n');
        String str2 = str + "\t";
        stringWriter.append((CharSequence) str2).append((CharSequence) "Signature algorithm: ").append((CharSequence) (this.signatureAlgorithm == null ? "?" : this.signatureAlgorithm.getJCEId())).append('\n');
        stringWriter.append((CharSequence) (this.issuerToken != null ? this.issuerToken.toString(str2) : null)).append('\n');
        List validationInfo = this.extraInfo.getValidationInfo();
        if (validationInfo.size() > 0) {
            Iterator it = validationInfo.iterator();
            while (it.hasNext()) {
                stringWriter.append('\n').append((CharSequence) str2).append((CharSequence) "\t- ").append((CharSequence) it.next());
            }
            stringWriter.append('\n');
        }
        stringWriter.append((CharSequence) str2.substring(1)).append((CharSequence) "]");
        return stringWriter.toString();
    }

    public byte[] getEncoded() {
        try {
            return DSSRevocationUtils.fromBasicToResp(this.basicOCSPResp).getEncoded();
        } catch (IOException e) {
            throw new DSSException("OCSP encoding error: " + e.getMessage(), e);
        }
    }
}
