package net.klakegg.pkix.ocsp;

import java.math.BigInteger;
import java.net.URI;
import java.security.cert.X509Certificate;
import net.klakegg.pkix.ocsp.builder.BuildHandler;
import net.klakegg.pkix.ocsp.builder.Builder;
import net.klakegg.pkix.ocsp.builder.Properties;
import net.klakegg.pkix.ocsp.builder.Property;

/* loaded from: input_file:net/klakegg/pkix/ocsp/OcspClient.class */
public class OcspClient extends AbstractOcspClient {
    public static final Property<Boolean> EXCEPTION_ON_REVOKED = Property.create(true);
    public static final Property<Boolean> EXCEPTION_ON_UNKNOWN = Property.create(true);

    public static Builder<OcspClient> builder() {
        return new Builder<>(new BuildHandler<OcspClient>() { // from class: net.klakegg.pkix.ocsp.OcspClient.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // net.klakegg.pkix.ocsp.builder.BuildHandler
            public OcspClient build(Properties properties) {
                return new OcspClient(properties);
            }
        });
    }

    private OcspClient(Properties properties) {
        super(properties);
    }

    public CertificateResult verify(X509Certificate x509Certificate) throws OcspException {
        return verify(x509Certificate, findIntermediate(x509Certificate));
    }

    public CertificateResult verify(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws OcspException {
        return verify(CertificateIssuer.generate(x509Certificate2), x509Certificate);
    }

    public CertificateResult verify(CertificateIssuer certificateIssuer, X509Certificate x509Certificate) throws OcspException {
        URI uri = (URI) this.properties.get(OVERRIDE_URL);
        if (uri == null) {
            uri = detectOcspUri(x509Certificate);
            if (uri == null) {
                return new CertificateResult(CertificateStatus.UNKNOWN);
            }
        }
        return verify(uri, certificateIssuer, x509Certificate.getSerialNumber());
    }

    public CertificateResult verify(URI uri, CertificateIssuer certificateIssuer, BigInteger bigInteger) throws OcspException {
        OcspRequest ocspRequest = new OcspRequest();
        ocspRequest.setIssuer(certificateIssuer);
        ocspRequest.addCertificates(bigInteger);
        if (((Boolean) this.properties.get(NONCE)).booleanValue()) {
            ocspRequest.addNonce();
        }
        OcspResponse fetch = fetch(ocspRequest, uri);
        fetch.verifyResponse();
        CertificateResult certificateResult = fetch.getResult().get(bigInteger);
        switch (certificateResult.getStatus()) {
            case REVOKED:
                OcspException.trigger((Boolean) this.properties.get(EXCEPTION_ON_REVOKED), "Certificate is revoked.", new Object[0]);
                break;
            case UNKNOWN:
                OcspException.trigger((Boolean) this.properties.get(EXCEPTION_ON_UNKNOWN), "Status of certificate is unknown.", new Object[0]);
                break;
        }
        return certificateResult;
    }
}
