package com.itextpdf.signatures;

import com.itextpdf.bouncycastleconnector.BouncyCastleFactoryCreator;
import com.itextpdf.commons.bouncycastle.IBouncyCastleFactory;
import com.itextpdf.commons.bouncycastle.cert.ocsp.AbstractOCSPException;
import com.itextpdf.commons.bouncycastle.cert.ocsp.IBasicOCSPResp;
import com.itextpdf.commons.bouncycastle.cert.ocsp.ICertificateStatus;
import com.itextpdf.commons.bouncycastle.cert.ocsp.IOCSPReq;
import com.itextpdf.commons.bouncycastle.cert.ocsp.IOCSPResp;
import com.itextpdf.commons.bouncycastle.cert.ocsp.ISingleResp;
import com.itextpdf.commons.bouncycastle.operator.AbstractOperatorCreationException;
import com.itextpdf.io.util.StreamUtil;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/itextpdf/signatures/OcspClientBouncyCastle.class */
public class OcspClientBouncyCastle implements IOcspClientBouncyCastle {
    private static final IBouncyCastleFactory BOUNCY_CASTLE_FACTORY = BouncyCastleFactoryCreator.getFactory();
    private static final Logger LOGGER = LoggerFactory.getLogger(OcspClientBouncyCastle.class);

    @Override // com.itextpdf.signatures.IOcspClientBouncyCastle
    public IBasicOCSPResp getBasicOCSPResp(X509Certificate x509Certificate, X509Certificate x509Certificate2, String str) {
        try {
            IOCSPResp ocspResponse = getOcspResponse(x509Certificate, x509Certificate2, str);
            if (ocspResponse != null && ocspResponse.getStatus() == BOUNCY_CASTLE_FACTORY.createOCSPResponseStatus().getSuccessful()) {
                return BOUNCY_CASTLE_FACTORY.createBasicOCSPResp(ocspResponse.getResponseObject());
            }
            return null;
        } catch (Exception e) {
            LOGGER.error(e.getMessage());
            return null;
        }
    }

    @Override // com.itextpdf.signatures.IOcspClient
    public byte[] getEncoded(X509Certificate x509Certificate, X509Certificate x509Certificate2, String str) {
        try {
            IBasicOCSPResp basicOCSPResp = getBasicOCSPResp(x509Certificate, x509Certificate2, str);
            if (basicOCSPResp == null) {
                return null;
            }
            ISingleResp[] responses = basicOCSPResp.getResponses();
            if (responses.length != 1) {
                return null;
            }
            ICertificateStatus certStatus = responses[0].getCertStatus();
            if (!BOUNCY_CASTLE_FACTORY.createCertificateStatus().getGood().equals(certStatus)) {
                if (BOUNCY_CASTLE_FACTORY.createRevokedStatus(certStatus) == null) {
                    LOGGER.info("OCSP status is unknown.");
                } else {
                    LOGGER.info("OCSP status is revoked.");
                }
            }
            return basicOCSPResp.getEncoded();
        } catch (Exception e) {
            LOGGER.error(e.getMessage());
            return null;
        }
    }

    protected static IOCSPReq generateOCSPRequest(X509Certificate x509Certificate, BigInteger bigInteger) throws AbstractOCSPException, IOException, CertificateEncodingException, AbstractOperatorCreationException {
        return SignUtils.generateOcspRequestWithNonce(SignUtils.generateCertificateId(x509Certificate, bigInteger, BOUNCY_CASTLE_FACTORY.createCertificateID().getHashSha1()));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static ICertificateStatus getCertificateStatus(byte[] bArr) {
        try {
            IBasicOCSPResp createBasicOCSPResp = BOUNCY_CASTLE_FACTORY.createBasicOCSPResp(BOUNCY_CASTLE_FACTORY.createBasicOCSPResponse(BOUNCY_CASTLE_FACTORY.createASN1Primitive(bArr)));
            if (createBasicOCSPResp == null) {
                return null;
            }
            ISingleResp[] responses = createBasicOCSPResp.getResponses();
            if (responses.length >= 1) {
                return responses[0].getCertStatus();
            }
            return null;
        } catch (Exception e) {
            return null;
        }
    }

    IOCSPResp getOcspResponse(X509Certificate x509Certificate, X509Certificate x509Certificate2, String str) throws GeneralSecurityException, AbstractOCSPException, IOException, AbstractOperatorCreationException {
        InputStream createRequestAndResponse;
        if (x509Certificate == null || x509Certificate2 == null) {
            return null;
        }
        if (str == null) {
            str = CertificateUtil.getOCSPURL(x509Certificate);
        }
        if (str == null || (createRequestAndResponse = createRequestAndResponse(x509Certificate, x509Certificate2, str)) == null) {
            return null;
        }
        return BOUNCY_CASTLE_FACTORY.createOCSPResp(StreamUtil.inputStreamToArray(createRequestAndResponse));
    }

    protected InputStream createRequestAndResponse(X509Certificate x509Certificate, X509Certificate x509Certificate2, String str) throws IOException, AbstractOperatorCreationException, AbstractOCSPException, CertificateEncodingException {
        LOGGER.info("Getting OCSP from " + str);
        return SignUtils.getHttpResponseForOcspRequest(generateOCSPRequest(x509Certificate2, x509Certificate.getSerialNumber()).getEncoded(), new URL(str));
    }
}
