package eu.europa.esig.dss.service.ocsp;

import eu.europa.esig.dss.enumerations.RevocationOrigin;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.service.NonceSource;
import eu.europa.esig.dss.service.http.commons.OCSPDataLoader;
import eu.europa.esig.dss.spi.DSSASN1Utils;
import eu.europa.esig.dss.spi.DSSRevocationUtils;
import eu.europa.esig.dss.spi.client.http.DataLoader;
import eu.europa.esig.dss.spi.x509.revocation.OnlineRevocationSource;
import eu.europa.esig.dss.spi.x509.revocation.RevocationSourceAlternateUrlsSupport;
import eu.europa.esig.dss.spi.x509.revocation.RevocationToken;
import eu.europa.esig.dss.spi.x509.revocation.ocsp.OCSPRespStatus;
import eu.europa.esig.dss.spi.x509.revocation.ocsp.OCSPSource;
import eu.europa.esig.dss.spi.x509.revocation.ocsp.OCSPToken;
import eu.europa.esig.dss.spi.x509.revocation.ocsp.OCSPTokenBuilder;
import eu.europa.esig.dss.spi.x509.revocation.ocsp.OCSPTokenUtils;
import eu.europa.esig.dss.utils.Utils;
import java.io.IOException;
import java.math.BigInteger;
import java.util.Collections;
import java.util.List;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.cert.ocsp.OCSPReqBuilder;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/service/ocsp/OnlineOCSPSource.class */
public class OnlineOCSPSource implements OCSPSource, RevocationSourceAlternateUrlsSupport<OCSPToken>, OnlineRevocationSource<OCSPToken> {
    private static final Logger LOG = LoggerFactory.getLogger(OnlineOCSPSource.class);
    private NonceSource nonceSource;
    private DataLoader dataLoader = new OCSPDataLoader();

    public void setDataLoader(DataLoader dataLoader) {
        this.dataLoader = dataLoader;
    }

    public void setNonceSource(NonceSource nonceSource) {
        this.nonceSource = nonceSource;
    }

    /* renamed from: getRevocationToken, reason: merged with bridge method [inline-methods] */
    public OCSPToken m11getRevocationToken(CertificateToken certificateToken, CertificateToken certificateToken2) {
        return getRevocationToken(certificateToken, certificateToken2, Collections.emptyList());
    }

    public OCSPToken getRevocationToken(CertificateToken certificateToken, CertificateToken certificateToken2, List<String> list) {
        if (this.dataLoader == null) {
            throw new NullPointerException("DataLoader is not provided !");
        }
        String dSSIdAsString = certificateToken.getDSSIdAsString();
        LOG.trace("--> OnlineOCSPSource queried for {}", dSSIdAsString);
        if (Utils.isCollectionNotEmpty(list)) {
            LOG.info("OCSP alternative urls : {}", list);
        }
        List<String> oCSPAccessLocations = DSSASN1Utils.getOCSPAccessLocations(certificateToken);
        if (Utils.isCollectionEmpty(oCSPAccessLocations) && Utils.isCollectionEmpty(list)) {
            LOG.debug("No OCSP location found for {}", dSSIdAsString);
            return null;
        }
        oCSPAccessLocations.addAll(list);
        CertificateID oCSPCertificateID = DSSRevocationUtils.getOCSPCertificateID(certificateToken, certificateToken2);
        BigInteger nonce = this.nonceSource != null ? this.nonceSource.getNonce() : null;
        byte[] buildOCSPRequest = buildOCSPRequest(oCSPCertificateID, nonce);
        int size = oCSPAccessLocations.size();
        for (String str : oCSPAccessLocations) {
            size--;
            try {
                byte[] post = this.dataLoader.post(str, buildOCSPRequest);
                if (!Utils.isArrayEmpty(post)) {
                    OCSPResp oCSPResp = new OCSPResp(post);
                    OCSPRespStatus fromInt = OCSPRespStatus.fromInt(oCSPResp.getStatus());
                    if (OCSPRespStatus.SUCCESSFUL.equals(fromInt)) {
                        OCSPTokenBuilder oCSPTokenBuilder = new OCSPTokenBuilder(oCSPResp, certificateToken, certificateToken2);
                        oCSPTokenBuilder.setNonce(nonce);
                        oCSPTokenBuilder.setSourceURL(str);
                        OCSPToken build = oCSPTokenBuilder.build();
                        OCSPTokenUtils.checkTokenValidity(build, certificateToken, certificateToken2);
                        build.setOrigins(Collections.singleton(RevocationOrigin.EXTERNAL));
                        return build;
                    }
                    LOG.warn("OCSP Response status with URL '{}' : {}", str, fromInt);
                }
            } catch (Exception e) {
                if (size == 0) {
                    throw new DSSException("Unable to retrieve OCSP response", e);
                }
                LOG.warn("Unable to retrieve OCSP response with URL '{}' : {}", str, e.getMessage());
            }
        }
        return null;
    }

    private byte[] buildOCSPRequest(CertificateID certificateID, BigInteger bigInteger) throws DSSException {
        try {
            OCSPReqBuilder oCSPReqBuilder = new OCSPReqBuilder();
            oCSPReqBuilder.addRequest(certificateID);
            if (bigInteger != null) {
                oCSPReqBuilder.setRequestExtensions(new Extensions(new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(new DEROctetString(bigInteger.toByteArray()).getEncoded()))));
            }
            return oCSPReqBuilder.build().getEncoded();
        } catch (OCSPException | IOException e) {
            throw new DSSException("Cannot build OCSP Request", e);
        }
    }

    /* renamed from: getRevocationToken, reason: collision with other method in class */
    public /* bridge */ /* synthetic */ RevocationToken m12getRevocationToken(CertificateToken certificateToken, CertificateToken certificateToken2, List list) {
        return getRevocationToken(certificateToken, certificateToken2, (List<String>) list);
    }
}
