package org.wso2.transport.http.netty.contractimpl.listener;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.CertificateStatus;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.cert.ocsp.OCSPReq;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.bouncycastle.cert.ocsp.SingleResp;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.transport.http.netty.contractimpl.common.certificatevalidation.CertificateVerificationException;
import org.wso2.transport.http.netty.contractimpl.common.certificatevalidation.ocsp.OCSPCache;
import org.wso2.transport.http.netty.contractimpl.common.certificatevalidation.ocsp.OCSPVerifier;
import org.wso2.transport.http.netty.contractimpl.common.ssl.SSLConfig;

/* loaded from: input_file:WEB-INF/lib/org.wso2.transport.http.netty-6.3.35.jar:org/wso2/transport/http/netty/contractimpl/listener/OCSPResponseBuilder.class */
public class OCSPResponseBuilder {
    private static final Logger LOG = LoggerFactory.getLogger(OCSPResponseBuilder.class);
    private static List<X509Certificate> certList = new ArrayList();
    private static X509Certificate userCertificate = null;
    private static X509Certificate issuer = null;

    private OCSPResponseBuilder() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static OCSPResp generateOcspResponse(SSLConfig sSLConfig, int i, int i2) throws IOException, KeyStoreException, CertificateVerificationException, CertificateException {
        int i3 = 50;
        int i4 = 15;
        if (i != 0 && i > 50 && i < 10000) {
            i3 = i;
        }
        if (i2 != 0 && i2 > 1 && i2 < 1440) {
            i4 = i2;
        }
        OCSPCache cache = OCSPCache.getCache();
        cache.init(i3, i4);
        if (sSLConfig.getKeyStore() != null) {
            KeyStore keyStore = getKeyStore(sSLConfig.getKeyStore(), sSLConfig.getKeyStorePass(), sSLConfig.getKeyStoreType());
            if (keyStore != null) {
                getUserCerAndIssuer(keyStore);
            }
        } else {
            certList = getCertInfo(sSLConfig);
            userCertificate = certList.get(0);
            issuer = certList.get(1);
        }
        if (userCertificate == null) {
            throw new CertificateVerificationException("Could not get revocation status from OCSP.");
        }
        if (cache.getOCSPCacheValue(userCertificate.getSerialNumber()) != null) {
            return cache.getOCSPCacheValue(userCertificate.getSerialNumber());
        }
        return getOCSPResponse(getAIALocations(userCertificate), OCSPVerifier.generateOCSPRequest(issuer, userCertificate.getSerialNumber()), userCertificate, cache);
    }

    private static void getUserCerAndIssuer(KeyStore keyStore) throws KeyStoreException {
        Enumeration<String> aliases = keyStore.aliases();
        String str = "";
        boolean z = false;
        while (aliases.hasMoreElements()) {
            str = aliases.nextElement();
            z = keyStore.isKeyEntry(str);
            if (z) {
                break;
            }
        }
        if (z) {
            Certificate[] certificateChain = keyStore.getCertificateChain(str);
            userCertificate = (X509Certificate) certificateChain[0];
            issuer = (X509Certificate) certificateChain[certificateChain.length - 1];
        }
    }

    public static KeyStore getKeyStore(File file, String str, String str2) throws IOException {
        KeyStore keyStore = null;
        if (file != null && str != null) {
            try {
                FileInputStream fileInputStream = new FileInputStream(file);
                Throwable th = null;
                try {
                    try {
                        keyStore = KeyStore.getInstance(str2);
                        keyStore.load(fileInputStream, str.toCharArray());
                        if (fileInputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                throw new IOException(e);
            }
        }
        return keyStore;
    }

    public static List<String> getAIALocations(X509Certificate x509Certificate) throws CertificateVerificationException {
        try {
            return OCSPVerifier.getAIALocations(x509Certificate);
        } catch (CertificateVerificationException e) {
            throw new CertificateVerificationException("Failed to find AIA locations in the cetificate", e);
        }
    }

    public static OCSPResp getOCSPResponse(List<String> list, OCSPReq oCSPReq, X509Certificate x509Certificate, OCSPCache oCSPCache) throws CertificateVerificationException {
        for (String str : list) {
            try {
                OCSPResp oCSPResponce = OCSPVerifier.getOCSPResponce(str, oCSPReq);
                if (0 == oCSPResponce.getStatus()) {
                    BasicOCSPResp basicOCSPResp = (BasicOCSPResp) oCSPResponce.getResponseObject();
                    SingleResp[] responses = basicOCSPResp == null ? null : basicOCSPResp.getResponses();
                    if (responses != null && responses.length == 1) {
                        SingleResp singleResp = responses[0];
                        CertificateStatus certStatus = singleResp.getCertStatus();
                        if (certStatus != null) {
                            throw new IllegalStateException("certificate-status=" + certStatus);
                        }
                        if (!x509Certificate.getSerialNumber().equals(singleResp.getCertID().getSerialNumber())) {
                            throw new IllegalStateException("Bad Serials=" + x509Certificate.getSerialNumber() + " vs. " + singleResp.getCertID().getSerialNumber());
                        }
                        oCSPCache.setCacheValue(oCSPResponce, x509Certificate.getSerialNumber(), singleResp, oCSPReq, str);
                        return oCSPResponce;
                    }
                }
            } catch (OCSPException | CertificateVerificationException e) {
                LOG.debug("OCSP response failed for url{}. Hence trying the next url", str);
            }
        }
        throw new CertificateVerificationException("Could not get revocation status from OCSP.");
    }

    public static List<X509Certificate> getCertInfo(SSLConfig sSLConfig) throws CertificateException, IOException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
        FileInputStream fileInputStream = new FileInputStream(sSLConfig.getServerCertificates());
        Throwable th = null;
        while (fileInputStream.available() > 1) {
            try {
                try {
                    certList.add((X509Certificate) certificateFactory.generateCertificate(fileInputStream));
                } finally {
                }
            } catch (Throwable th2) {
                if (fileInputStream != null) {
                    if (th != null) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                throw th2;
            }
        }
        List<X509Certificate> list = certList;
        if (fileInputStream != null) {
            if (0 != 0) {
                try {
                    fileInputStream.close();
                } catch (Throwable th4) {
                    th.addSuppressed(th4);
                }
            } else {
                fileInputStream.close();
            }
        }
        return list;
    }
}
