package eu.europa.esig.dss.spi.x509.revocation.ocsp;

import eu.europa.esig.dss.enumerations.CertificateSourceType;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.spi.DSSASN1Utils;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.x509.CertificatePool;
import java.util.Collection;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;

/* loaded from: input_file:eu/europa/esig/dss/spi/x509/revocation/ocsp/OCSPTokenUtils.class */
public class OCSPTokenUtils {
    private OCSPTokenUtils() {
    }

    public static void checkTokenValidity(OCSPToken oCSPToken, CertificateToken certificateToken, CertificateToken certificateToken2) {
        CertificatePool certificatePool = new CertificatePool();
        certificatePool.getInstance(certificateToken, CertificateSourceType.OCSP_RESPONSE);
        certificatePool.getInstance(certificateToken2, CertificateSourceType.OCSP_RESPONSE);
        checkTokenValidity(oCSPToken, certificatePool);
    }

    public static void checkTokenValidity(OCSPToken oCSPToken, CertificatePool certificatePool) {
        if (extractSigningCertificateFromResponse(oCSPToken, certificatePool)) {
            return;
        }
        extractSigningCertificateFormResponderId(oCSPToken, certificatePool);
    }

    private static boolean extractSigningCertificateFromResponse(OCSPToken oCSPToken, CertificatePool certificatePool) {
        BasicOCSPResp basicOCSPResp = oCSPToken.getBasicOCSPResp();
        if (basicOCSPResp == null) {
            return false;
        }
        for (X509CertificateHolder x509CertificateHolder : basicOCSPResp.getCerts()) {
            CertificateToken certificatePool2 = certificatePool.getInstance(DSSASN1Utils.getCertificate(x509CertificateHolder), CertificateSourceType.OCSP_RESPONSE);
            if (oCSPToken.isSignedBy(certificatePool2)) {
                oCSPToken.setIssuerX500Principal(certificatePool2.getSubjectX500Principal());
                return true;
            }
        }
        return false;
    }

    private static void extractSigningCertificateFormResponderId(OCSPToken oCSPToken, CertificatePool certificatePool) {
        BasicOCSPResp basicOCSPResp = oCSPToken.getBasicOCSPResp();
        if (basicOCSPResp != null) {
            DERTaggedObject aSN1Primitive = basicOCSPResp.getResponderId().toASN1Primitive().toASN1Primitive();
            if (1 == aSN1Primitive.getTagNo()) {
                setIssuerToOcspToken(oCSPToken, certificatePool.get(DSSUtils.getNormalizedX500Principal(new X500Principal(DSSASN1Utils.getDEREncoded((ASN1Encodable) aSN1Primitive.getObject())))));
            } else {
                if (2 != aSN1Primitive.getTagNo()) {
                    throw new DSSException("Unsupported tag No " + aSN1Primitive.getTagNo());
                }
                setIssuerToOcspToken(oCSPToken, certificatePool.getBySki(aSN1Primitive.getObject().getOctets()));
            }
        }
    }

    private static void setIssuerToOcspToken(OCSPToken oCSPToken, Collection<CertificateToken> collection) {
        for (CertificateToken certificateToken : collection) {
            if (oCSPToken.isSignedBy(certificateToken)) {
                oCSPToken.setIssuerX500Principal(certificateToken.getSubjectX500Principal());
                return;
            }
        }
    }
}
