package eu.europa.esig.dss.x509.ocsp;

import eu.europa.esig.dss.DSSException;
import eu.europa.esig.dss.DSSRevocationUtils;
import eu.europa.esig.dss.DSSUtils;
import eu.europa.esig.dss.SignatureAlgorithm;
import eu.europa.esig.dss.x509.CertificateToken;
import eu.europa.esig.dss.x509.RevocationToken;
import eu.europa.esig.dss.x509.TokenValidationExtraInfo;
import eu.europa.esig.dss.x509.crl.CRLReasonEnum;
import java.io.IOException;
import java.io.StringWriter;
import java.text.ParseException;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.CertificateStatus;
import org.bouncycastle.cert.ocsp.RevokedStatus;
import org.bouncycastle.cert.ocsp.SingleResp;
import org.bouncycastle.cert.ocsp.UnknownStatus;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/x509/ocsp/OCSPToken.class */
public class OCSPToken extends RevocationToken {
    private static final Logger logger = LoggerFactory.getLogger(OCSPToken.class);
    private OCSPRespStatus responseStatus;
    private boolean useNonce;
    private boolean nonceMatch;
    private BasicOCSPResp basicOCSPResp;
    private SingleResp bestSingleResp;

    public OCSPToken() {
        this.extraInfo = new TokenValidationExtraInfo();
    }

    public boolean extractInfo() {
        if (this.basicOCSPResp == null || this.bestSingleResp == null) {
            return false;
        }
        this.productionDate = this.basicOCSPResp.getProducedAt();
        this.signatureAlgorithm = SignatureAlgorithm.forOID(this.basicOCSPResp.getSignatureAlgOID().getId());
        this.thisUpdate = this.bestSingleResp.getThisUpdate();
        this.nextUpdate = this.bestSingleResp.getNextUpdate();
        extractStatusInfo(this.bestSingleResp.getCertStatus());
        extractArchiveCutOff();
        return true;
    }

    private void extractStatusInfo(CertificateStatus certificateStatus) {
        if (certificateStatus == null) {
            this.status = true;
            return;
        }
        if (logger.isInfoEnabled()) {
            logger.info("OCSP certificate status: " + certificateStatus.getClass().getSimpleName());
        }
        if (!(certificateStatus instanceof RevokedStatus)) {
            if (certificateStatus instanceof UnknownStatus) {
                if (logger.isInfoEnabled()) {
                    logger.info("OCSP status unknown");
                }
                this.reason = "OCSP status: unknown";
                return;
            }
            return;
        }
        if (logger.isInfoEnabled()) {
            logger.info("OCSP status revoked");
        }
        RevokedStatus revokedStatus = (RevokedStatus) certificateStatus;
        this.status = false;
        this.revocationDate = revokedStatus.getRevocationTime();
        int i = 0;
        if (revokedStatus.hasRevocationReason()) {
            i = revokedStatus.getRevocationReason();
        }
        this.reason = CRLReasonEnum.fromInt(i).name();
    }

    private void extractArchiveCutOff() {
        Extension extension = this.basicOCSPResp.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_archive_cutoff);
        if (extension != null) {
            try {
                this.archiveCutOff = extension.getParsedValue().getDate();
            } catch (ParseException e) {
                logger.warn("Unable to extract id_pkix_ocsp_archive_cutoff : " + e.getMessage());
            }
        }
    }

    public boolean isSignedBy(CertificateToken certificateToken) {
        if (this.issuerToken != null) {
            return this.issuerToken.equals(certificateToken);
        }
        try {
            this.signatureInvalidityReason = "";
            JcaContentVerifierProviderBuilder jcaContentVerifierProviderBuilder = new JcaContentVerifierProviderBuilder();
            jcaContentVerifierProviderBuilder.setProvider("BC");
            this.signatureValid = this.basicOCSPResp.isSignatureValid(jcaContentVerifierProviderBuilder.build(certificateToken.getCertificate().getPublicKey()));
            if (this.signatureValid) {
                this.issuerToken = certificateToken;
            }
            this.issuerX500Principal = certificateToken.getSubjectX500Principal();
        } catch (Exception e) {
            this.signatureInvalidityReason = e.getClass().getSimpleName() + " - " + e.getMessage();
            this.signatureValid = false;
        }
        return this.signatureValid;
    }

    public OCSPRespStatus getResponseStatus() {
        return this.responseStatus;
    }

    public void setResponseStatus(OCSPRespStatus oCSPRespStatus) {
        this.responseStatus = oCSPRespStatus;
    }

    public boolean isUseNonce() {
        return this.useNonce;
    }

    public void setUseNonce(boolean z) {
        this.useNonce = z;
    }

    public boolean isNonceMatch() {
        return this.nonceMatch;
    }

    public void setNonceMatch(boolean z) {
        this.nonceMatch = z;
    }

    public BasicOCSPResp getBasicOCSPResp() {
        return this.basicOCSPResp;
    }

    public void setBasicOCSPResp(BasicOCSPResp basicOCSPResp) {
        this.basicOCSPResp = basicOCSPResp;
    }

    public SingleResp getBestSingleResp() {
        return this.bestSingleResp;
    }

    public void setBestSingleResp(SingleResp singleResp) {
        this.bestSingleResp = singleResp;
    }

    public boolean isValid() {
        return this.signatureValid;
    }

    public String getAbbreviation() {
        return "OCSPToken[" + DSSUtils.formatInternal(this.basicOCSPResp.getProducedAt()) + ", signedBy=" + (this.issuerToken == null ? "?" : this.issuerToken.getDSSIdAsString()) + "]";
    }

    public String toString(String str) {
        StringWriter stringWriter = new StringWriter();
        stringWriter.append((CharSequence) str).append((CharSequence) "OCSPToken[");
        stringWriter.append((CharSequence) "ProductionTime: ").append((CharSequence) DSSUtils.formatInternal(this.productionDate)).append((CharSequence) "; ");
        stringWriter.append((CharSequence) "ThisUpdate: ").append((CharSequence) DSSUtils.formatInternal(this.thisUpdate)).append((CharSequence) "; ");
        stringWriter.append((CharSequence) "NextUpdate: ").append((CharSequence) DSSUtils.formatInternal(this.nextUpdate)).append('\n');
        stringWriter.append((CharSequence) "SignedBy: ").append((CharSequence) (this.issuerToken != null ? this.issuerToken.getDSSIdAsString() : null)).append('\n');
        String str2 = str + "\t";
        stringWriter.append((CharSequence) str2).append((CharSequence) "Signature algorithm: ").append((CharSequence) (this.signatureAlgorithm == null ? "?" : this.signatureAlgorithm.getJCEId())).append('\n');
        stringWriter.append((CharSequence) (this.issuerToken != null ? this.issuerToken.toString(str2) : null)).append('\n');
        List validationInfo = this.extraInfo.getValidationInfo();
        if (validationInfo.size() > 0) {
            Iterator it = validationInfo.iterator();
            while (it.hasNext()) {
                stringWriter.append('\n').append((CharSequence) str2).append((CharSequence) "\t- ").append((CharSequence) it.next());
            }
            stringWriter.append('\n');
        }
        stringWriter.append((CharSequence) str2.substring(1)).append((CharSequence) "]");
        return stringWriter.toString();
    }

    public byte[] getEncoded() {
        try {
            return DSSRevocationUtils.fromBasicToResp(this.basicOCSPResp).getEncoded();
        } catch (IOException e) {
            throw new DSSException("OCSP encoding error: " + e.getMessage(), e);
        }
    }
}
