package org.keycloak.crypto.elytron;

import java.io.IOException;
import java.net.URI;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CRLReason;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.LinkedList;
import java.util.List;
import javax.net.ssl.TrustManagerFactory;
import org.jboss.logging.Logger;
import org.keycloak.models.KeycloakSession;
import org.keycloak.utils.OCSPProvider;
import org.wildfly.security.asn1.DERDecoder;
import org.wildfly.security.ssl.X509RevocationTrustManager;

/* loaded from: input_file:org/keycloak/crypto/elytron/ElytronOCSPProvider.class */
public class ElytronOCSPProvider extends OCSPProvider {
    private static final Logger logger = Logger.getLogger(ElytronOCSPProvider.class.getName());

    protected OCSPProvider.OCSPRevocationStatus check(KeycloakSession keycloakSession, X509Certificate x509Certificate, X509Certificate x509Certificate2, List<URI> list, X509Certificate x509Certificate3, Date date) throws CertPathValidatorException {
        if (list == null || list.size() == 0) {
            throw new IllegalArgumentException("Need at least one responder");
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, "pass".toCharArray());
            keyStore.setCertificateEntry("trust", x509Certificate);
            X509RevocationTrustManager.builder().setOcspResponderCert(x509Certificate3).setTrustStore(keyStore).setTrustManagerFactory(TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())).build().checkClientTrusted(new X509Certificate[]{x509Certificate}, x509Certificate.getType());
            return new OCSPProvider.OCSPRevocationStatus() { // from class: org.keycloak.crypto.elytron.ElytronOCSPProvider.1
                public OCSPProvider.RevocationStatus getRevocationStatus() {
                    return OCSPProvider.RevocationStatus.GOOD;
                }

                public Date getRevocationTime() {
                    return null;
                }

                public CRLReason getRevocationReason() {
                    return null;
                }
            };
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            logger.warn("OSCP Response check failed.", e);
            return unknownStatus();
        }
    }

    protected List<String> getResponderURIs(X509Certificate x509Certificate) throws CertificateEncodingException {
        LinkedList linkedList = new LinkedList();
        DERDecoder dERDecoder = new DERDecoder(new DERDecoder(x509Certificate.getExtensionValue("1.3.6.1.5.5.7.1.1")).decodeOctetString());
        while (dERDecoder.hasNextElement()) {
            switch (dERDecoder.peekType()) {
                case 6:
                    if (!"1.3.6.1.5.5.7.48.1".equals(dERDecoder.decodeObjectIdentifier())) {
                        break;
                    } else {
                        linkedList.add(new String(dERDecoder.drainElementValue()));
                        break;
                    }
                case 12:
                    linkedList.add(dERDecoder.decodeUtf8String());
                    break;
                case 22:
                    break;
                case 48:
                    dERDecoder.startSequence();
                    break;
                case 160:
                    dERDecoder.decodeImplicit(160);
                    byte[] decodeOctetString = dERDecoder.decodeOctetString();
                    while (true) {
                        byte[] bArr = decodeOctetString;
                        if (Character.isLetterOrDigit(bArr[0])) {
                            linkedList.add(new String(bArr));
                            break;
                        } else {
                            decodeOctetString = Arrays.copyOfRange(bArr, 1, bArr.length);
                        }
                    }
                default:
                    dERDecoder.skipElement();
                    break;
            }
        }
        return linkedList;
    }
}
