package org.cesecore.certificates.ocsp.cache;

import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import org.apache.log4j.Logger;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.cert.ocsp.RespID;
import org.bouncycastle.cert.ocsp.jcajce.JcaRespID;
import org.cesecore.certificates.certificate.CertificateStatus;
import org.cesecore.certificates.ocsp.SHA1DigestCalculator;
import org.cesecore.config.OcspConfiguration;
import org.cesecore.keybind.impl.OcspKeyBinding;
import org.cesecore.util.CertTools;

/* loaded from: input_file:org/cesecore/certificates/ocsp/cache/OcspSigningCacheEntry.class */
public class OcspSigningCacheEntry {
    private static final Logger log = Logger.getLogger(OcspSigningCacheEntry.class);
    private final List<CertificateID> certificateID;
    private final List<X509Certificate> caCertificateChain;
    private final X509Certificate ocspSigningCertificate;
    private final List<X509Certificate> fullCertificateChain;
    private final X509Certificate signingCertificate;
    private final String signingCertificateIssuerDn;
    private final String signingCertificateIssuerDnRaw;
    private final transient PrivateKey privateKey;
    private final String signatureProviderName;
    private final OcspKeyBinding ocspKeyBinding;
    private final X509Certificate issuerCaCertificate;
    private final CertificateStatus issuerCaCertificateStatus;
    private boolean responseSignatureVerified = false;
    private final OcspKeyBinding.ResponderIdType responderIdType;
    private RespID respId;
    private final X509Certificate[] responseCertChain;
    private final boolean signingCertificateForOcspSigning;

    public OcspSigningCacheEntry(X509Certificate x509Certificate, CertificateStatus certificateStatus, List<X509Certificate> list, X509Certificate x509Certificate2, PrivateKey privateKey, String str, OcspKeyBinding ocspKeyBinding, OcspKeyBinding.ResponderIdType responderIdType) {
        this.caCertificateChain = list;
        this.ocspSigningCertificate = x509Certificate2;
        if (x509Certificate2 == null) {
            this.fullCertificateChain = list;
        } else {
            this.fullCertificateChain = new ArrayList();
            this.fullCertificateChain.add(x509Certificate2);
            this.fullCertificateChain.addAll(list);
        }
        if (this.fullCertificateChain == null) {
            this.signingCertificate = null;
        } else {
            this.signingCertificate = this.fullCertificateChain.get(0);
        }
        this.privateKey = privateKey;
        this.signatureProviderName = str;
        this.ocspKeyBinding = ocspKeyBinding;
        this.issuerCaCertificate = x509Certificate;
        this.certificateID = OcspSigningCache.getCertificateIDFromCertificate(x509Certificate);
        this.issuerCaCertificateStatus = certificateStatus;
        this.responderIdType = responderIdType;
        if (this.signingCertificate == null) {
            this.respId = null;
            this.signingCertificateForOcspSigning = true;
            this.signingCertificateIssuerDn = null;
            this.signingCertificateIssuerDnRaw = null;
        } else {
            if (OcspKeyBinding.ResponderIdType.NAME.equals(responderIdType)) {
                this.respId = new JcaRespID(this.signingCertificate.getSubjectX500Principal());
            } else {
                try {
                    this.respId = new JcaRespID(this.signingCertificate.getPublicKey(), SHA1DigestCalculator.buildSha1Instance());
                } catch (OCSPException e) {
                    log.warn("Unable to contruct responder Id of type 'hash', falling back to using 'name' as responder Id.", e);
                    this.respId = new JcaRespID(this.signingCertificate.getSubjectX500Principal());
                }
            }
            if (x509Certificate2 == null) {
                this.signingCertificateForOcspSigning = true;
            } else {
                this.signingCertificateForOcspSigning = CertTools.isOCSPCert(this.signingCertificate);
            }
            this.signingCertificateIssuerDn = CertTools.getIssuerDN(this.signingCertificate);
            this.signingCertificateIssuerDnRaw = this.signingCertificate.getIssuerDN().getName();
        }
        if (this.fullCertificateChain == null) {
            this.responseCertChain = null;
        } else {
            this.responseCertChain = getResponseCertChain((X509Certificate[]) this.fullCertificateChain.toArray(new X509Certificate[0]));
        }
    }

    public X509Certificate getIssuerCaCertificate() {
        return this.issuerCaCertificate;
    }

    public List<CertificateID> getCertificateID() {
        return this.certificateID;
    }

    public CertificateStatus getIssuerCaCertificateStatus() {
        return this.issuerCaCertificateStatus;
    }

    public List<X509Certificate> getCaCertificateChain() {
        return this.caCertificateChain;
    }

    public X509Certificate getOcspSigningCertificate() {
        return this.ocspSigningCertificate;
    }

    public List<X509Certificate> getFullCertificateChain() {
        return this.fullCertificateChain;
    }

    public X509Certificate getSigningCertificate() {
        return this.signingCertificate;
    }

    public String getSigningCertificateIssuerDn() {
        return this.signingCertificateIssuerDn;
    }

    public String getSigningCertificateIssuerDnRaw() {
        return this.signingCertificateIssuerDnRaw;
    }

    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public String getSignatureProviderName() {
        return this.signatureProviderName;
    }

    public OcspKeyBinding getOcspKeyBinding() {
        return this.ocspKeyBinding;
    }

    public OcspKeyBinding.ResponderIdType getResponderIdType() {
        return this.responderIdType;
    }

    public RespID getRespId() {
        return this.respId;
    }

    public X509Certificate[] getResponseCertChain() {
        return this.responseCertChain;
    }

    public boolean isUsingSeparateOcspSigningCertificate() {
        return this.ocspSigningCertificate != null;
    }

    public boolean isSigningCertificateForOcspSigning() {
        return this.signingCertificateForOcspSigning;
    }

    public boolean isPlaceholder() {
        return this.privateKey == null;
    }

    public boolean checkResponseSignatureVerified() {
        if (this.responseSignatureVerified) {
            return true;
        }
        this.responseSignatureVerified = true;
        return false;
    }

    private X509Certificate[] getResponseCertChain(X509Certificate[] x509CertificateArr) {
        X509Certificate[] x509CertificateArr2;
        boolean includeSignCert = OcspConfiguration.getIncludeSignCert();
        boolean includeCertChain = OcspConfiguration.getIncludeCertChain();
        if (isUsingSeparateOcspSigningCertificate()) {
            includeSignCert = getOcspKeyBinding().getIncludeSignCert();
            includeCertChain = getOcspKeyBinding().getIncludeCertChain();
        }
        if (log.isDebugEnabled()) {
            log.debug("Include signing cert: " + includeSignCert);
            log.debug("Include chain: " + includeCertChain);
        }
        if (!includeSignCert) {
            if (log.isDebugEnabled()) {
                log.debug("OCSP signing certificate is not included in the response");
            }
            x509CertificateArr2 = new X509Certificate[0];
        } else if (!includeCertChain) {
            x509CertificateArr2 = new X509Certificate[]{x509CertificateArr[0]};
        } else if (x509CertificateArr.length > 1) {
            x509CertificateArr2 = new X509Certificate[x509CertificateArr.length - 1];
            for (int i = 0; i < x509CertificateArr2.length; i++) {
                x509CertificateArr2[i] = x509CertificateArr[i];
            }
        } else {
            x509CertificateArr2 = x509CertificateArr;
        }
        return x509CertificateArr2;
    }
}
