package be.belgium.eid.security;

import java.io.BufferedOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Vector;
import org.apache.xerces.xinclude.XIncludeHandler;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.ocsp.BasicOCSPResp;
import org.bouncycastle.ocsp.CertificateID;
import org.bouncycastle.ocsp.OCSPException;
import org.bouncycastle.ocsp.OCSPReq;
import org.bouncycastle.ocsp.OCSPReqGenerator;
import org.bouncycastle.ocsp.OCSPResp;
import org.bouncycastle.ocsp.RevokedStatus;
import org.bouncycastle.ocsp.UnknownStatus;

/* loaded from: input_file:be/belgium/eid/security/OCSPClient.class */
public class OCSPClient {
    public static OCSPReq generateOCSPRequest(X509Certificate x509Certificate, BigInteger bigInteger) throws OCSPException {
        Security.addProvider(new BouncyCastleProvider());
        OCSPReqGenerator oCSPReqGenerator = new OCSPReqGenerator();
        oCSPReqGenerator.addRequest(new CertificateID(CertificateID.HASH_SHA1, x509Certificate, bigInteger));
        BigInteger valueOf = BigInteger.valueOf(System.currentTimeMillis());
        Vector vector = new Vector();
        Vector vector2 = new Vector();
        vector.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
        vector2.add(new X509Extension(false, (ASN1OctetString) new DEROctetString(valueOf.toByteArray())));
        oCSPReqGenerator.setRequestExtensions(new X509Extensions(vector, vector2));
        return oCSPReqGenerator.generate();
    }

    public static boolean processOCSPRequest(Certificate certificate, Certificate certificate2, String str) throws OCSPException, IOException, CertificateException {
        BasicOCSPResp basicOCSPResp;
        byte[] encoded = generateOCSPRequest(certificate.getX509Certificate(), certificate2.getX509Certificate().getSerialNumber()).getEncoded();
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
        httpURLConnection.setRequestProperty("Content-Type", "application/ocsp-request");
        httpURLConnection.setRequestProperty(XIncludeHandler.HTTP_ACCEPT, "application/ocsp-response");
        httpURLConnection.setDoOutput(true);
        DataOutputStream dataOutputStream = new DataOutputStream(new BufferedOutputStream(httpURLConnection.getOutputStream()));
        dataOutputStream.write(encoded);
        dataOutputStream.flush();
        dataOutputStream.close();
        InputStream inputStream = (InputStream) httpURLConnection.getContent();
        if (httpURLConnection.getResponseCode() / 100 != 2 || (basicOCSPResp = (BasicOCSPResp) new OCSPResp(inputStream).getResponseObject()) == null) {
            return false;
        }
        Object certStatus = basicOCSPResp.getResponses()[0].getCertStatus();
        if (certStatus instanceof RevokedStatus) {
            certificate2.setStatus(CertificateStatus.BEID_CERTSTATUS_CERT_REVOKED);
            return false;
        }
        if (certStatus instanceof UnknownStatus) {
            certificate2.setStatus(CertificateStatus.BEID_CERTSTATUS_CERT_UNKNOWN);
            return false;
        }
        if (!certificate2.getStatus().equals(CertificateStatus.BEID_CERTSTATUS_CERT_NOT_VALIDATED)) {
            return true;
        }
        certificate2.setStatus(CertificateStatus.BEID_CERTSTATUS_CERT_VALIDATED_OK);
        return true;
    }
}
