package es.gob.afirma.cert.certvalidation;

import es.gob.afirma.core.misc.AOUtil;
import java.io.BufferedOutputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import org.spongycastle.asn1.ASN1InputStream;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.asn1.DERIA5String;
import org.spongycastle.asn1.DEROctetString;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.AccessDescription;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.asn1.x509.AuthorityInformationAccess;
import org.spongycastle.asn1.x509.Extension;
import org.spongycastle.asn1.x509.GeneralName;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cert.jcajce.JcaX509CertificateHolder;
import org.spongycastle.cert.ocsp.BasicOCSPResp;
import org.spongycastle.cert.ocsp.CertificateID;
import org.spongycastle.cert.ocsp.CertificateStatus;
import org.spongycastle.cert.ocsp.OCSPException;
import org.spongycastle.cert.ocsp.OCSPReqBuilder;
import org.spongycastle.cert.ocsp.OCSPResp;
import org.spongycastle.cert.ocsp.RespID;
import org.spongycastle.cert.ocsp.RevokedStatus;
import org.spongycastle.cert.ocsp.UnknownStatus;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.operator.DigestCalculator;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:es/gob/afirma/cert/certvalidation/OcspHelper.class */
final class OcspHelper {

    /* loaded from: input_file:es/gob/afirma/cert/certvalidation/OcspHelper$Sha1DigestCalculator.class */
    private static class Sha1DigestCalculator implements DigestCalculator {
        private final ByteArrayOutputStream baos = new ByteArrayOutputStream();
        private final MessageDigest digest = MessageDigest.getInstance("SHA-1");

        Sha1DigestCalculator() throws NoSuchAlgorithmException {
        }

        @Override // org.spongycastle.operator.DigestCalculator
        public OutputStream getOutputStream() {
            return this.baos;
        }

        @Override // org.spongycastle.operator.DigestCalculator
        public byte[] getDigest() {
            byte[] digest = this.digest.digest(this.baos.toByteArray());
            this.baos.reset();
            return digest;
        }

        @Override // org.spongycastle.operator.DigestCalculator
        public AlgorithmIdentifier getAlgorithmIdentifier() {
            return RespID.HASH_SHA1;
        }
    }

    private OcspHelper() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyStore.PrivateKeyEntry getSignData(String str, String str2, String str3) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableEntryException {
        if (str == null) {
            throw new IllegalArgumentException("Debe indicarse un nombre de almacen PKCS#12");
        }
        if (str2 == null) {
            throw new IllegalArgumentException("Debe indicarse una contrasena para el almacen PKCS#12");
        }
        if (str3 == null) {
            throw new IllegalArgumentException("Debe indicarse un alias de certificado contenido en el almacen PKCS#12");
        }
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(OcspHelper.class.getResourceAsStream(str), str2.toCharArray());
        if (keyStore.containsAlias(str3)) {
            return (KeyStore.PrivateKeyEntry) keyStore.getEntry(str3, new KeyStore.PasswordProtection(str2.toCharArray()));
        }
        throw new IllegalArgumentException("El almacen proporcionado no contiene ninguna entrada con el alias: " + str3);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] sendOcspRequest(URL url, byte[] bArr) throws IOException {
        if (url == null) {
            throw new IllegalArgumentException("La URL del servicio OCSP no puede ser nula");
        }
        if (bArr == null) {
            throw new IllegalArgumentException("La peticion OCSP no puede ser nula");
        }
        HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
        httpURLConnection.setDoOutput(true);
        httpURLConnection.setRequestMethod("POST");
        httpURLConnection.setRequestProperty("Content-Type", "application/ocsp-request");
        httpURLConnection.setRequestProperty("Accept", "application/ocsp-response");
        OutputStream outputStream = httpURLConnection.getOutputStream();
        Throwable th = null;
        try {
            DataOutputStream dataOutputStream = new DataOutputStream(new BufferedOutputStream(outputStream));
            Throwable th2 = null;
            try {
                dataOutputStream.write(bArr);
                if (dataOutputStream != null) {
                    if (0 != 0) {
                        try {
                            dataOutputStream.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    } else {
                        dataOutputStream.close();
                    }
                }
                if (httpURLConnection.getResponseCode() / 100 != 2) {
                    throw new IOException("El servidor OCSP ha devuelto un codigo de error " + httpURLConnection.getResponseCode());
                }
                InputStream inputStream = (InputStream) httpURLConnection.getContent();
                Throwable th4 = null;
                try {
                    try {
                        byte[] dataFromInputStream = AOUtil.getDataFromInputStream(inputStream);
                        if (inputStream != null) {
                            if (0 != 0) {
                                try {
                                    inputStream.close();
                                } catch (Throwable th5) {
                                    th4.addSuppressed(th5);
                                }
                            } else {
                                inputStream.close();
                            }
                        }
                        return dataFromInputStream;
                    } finally {
                    }
                } catch (Throwable th6) {
                    if (inputStream != null) {
                        if (th4 != null) {
                            try {
                                inputStream.close();
                            } catch (Throwable th7) {
                                th4.addSuppressed(th7);
                            }
                        } else {
                            inputStream.close();
                        }
                    }
                    throw th6;
                }
            } catch (Throwable th8) {
                if (dataOutputStream != null) {
                    if (0 != 0) {
                        try {
                            dataOutputStream.close();
                        } catch (Throwable th9) {
                            th2.addSuppressed(th9);
                        }
                    } else {
                        dataOutputStream.close();
                    }
                }
                throw th8;
            }
        } finally {
            if (outputStream != null) {
                if (0 != 0) {
                    try {
                        outputStream.close();
                    } catch (Throwable th10) {
                        th.addSuppressed(th10);
                    }
                } else {
                    outputStream.close();
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] createOcspRequest(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws CertificateEncodingException, NoSuchAlgorithmException, OCSPException, IOException {
        CertificateID certificateID = new CertificateID(new Sha1DigestCalculator(), new JcaX509CertificateHolder(x509Certificate2 != null ? x509Certificate2 : x509Certificate), x509Certificate.getSerialNumber());
        OCSPReqBuilder oCSPReqBuilder = new OCSPReqBuilder();
        oCSPReqBuilder.addRequest(certificateID);
        return oCSPReqBuilder.build().getEncoded();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] createSignedOcspRequest(X509Certificate x509Certificate, X509Certificate x509Certificate2, KeyStore.PrivateKeyEntry privateKeyEntry) throws CertificateEncodingException, NoSuchAlgorithmException, OCSPException, OperatorCreationException, IOException {
        CertificateID certificateID = new CertificateID(new Sha1DigestCalculator(), new JcaX509CertificateHolder(x509Certificate2), x509Certificate.getSerialNumber());
        OCSPReqBuilder oCSPReqBuilder = new OCSPReqBuilder();
        oCSPReqBuilder.addRequest(certificateID);
        oCSPReqBuilder.setRequestorName(new X500Name(((X509Certificate) privateKeyEntry.getCertificate()).getSubjectX500Principal().toString()));
        return oCSPReqBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").build(privateKeyEntry.getPrivateKey()), new X509CertificateHolder[]{new JcaX509CertificateHolder((X509Certificate) privateKeyEntry.getCertificate())}).getEncoded();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ValidationResult analyzeOcspResponse(byte[] bArr) throws OCSPException, IOException {
        if (bArr == null) {
            throw new IOException("La respuesta OCSP es nula");
        }
        OCSPResp oCSPResp = new OCSPResp(bArr);
        if (oCSPResp.getStatus() == 0) {
            CertificateStatus certStatus = ((BasicOCSPResp) oCSPResp.getResponseObject()).getResponses()[0].getCertStatus();
            if (certStatus == CertificateStatus.GOOD) {
                return ValidationResult.VALID;
            }
            if (certStatus instanceof RevokedStatus) {
                return ValidationResult.REVOKED;
            }
            if (certStatus instanceof UnknownStatus) {
                return ValidationResult.UNKNOWN;
            }
            throw new IllegalArgumentException("La validacion ha devuelto una respuesta desconocida: " + certStatus.getClass().getName());
        }
        if (oCSPResp.getStatus() == 6) {
            return ValidationResult.UNAUTHORIZED;
        }
        if (oCSPResp.getStatus() == 2 || oCSPResp.getStatus() == 3) {
            return ValidationResult.SERVER_ERROR;
        }
        if (oCSPResp.getStatus() == 1) {
            return ValidationResult.MALFORMED_REQUEST;
        }
        if (oCSPResp.getStatus() == 5) {
            return ValidationResult.SIG_REQUIRED;
        }
        throw new IllegalArgumentException("La validacion ha devuelto un estado desconocido: " + oCSPResp.getStatus());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<String> getAIALocations(X509Certificate x509Certificate) throws IOException {
        byte[] extensionValue = x509Certificate.getExtensionValue(Extension.authorityInfoAccess.getId());
        if (extensionValue == null) {
            return new ArrayList(0);
        }
        ASN1InputStream aSN1InputStream = new ASN1InputStream(extensionValue);
        Throwable th = null;
        try {
            ASN1InputStream aSN1InputStream2 = new ASN1InputStream(((DEROctetString) aSN1InputStream.readObject()).getOctets());
            Throwable th2 = null;
            try {
                try {
                    AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance((ASN1Sequence) aSN1InputStream2.readObject());
                    ArrayList arrayList = new ArrayList();
                    for (AccessDescription accessDescription : authorityInformationAccess.getAccessDescriptions()) {
                        GeneralName accessLocation = accessDescription.getAccessLocation();
                        if (accessLocation.getTagNo() == 6) {
                            arrayList.add(DERIA5String.getInstance(accessLocation.getName()).getString());
                        }
                    }
                    if (arrayList.isEmpty()) {
                        ArrayList arrayList2 = new ArrayList(0);
                        if (aSN1InputStream2 != null) {
                            if (0 != 0) {
                                try {
                                    aSN1InputStream2.close();
                                } catch (Throwable th3) {
                                    th2.addSuppressed(th3);
                                }
                            } else {
                                aSN1InputStream2.close();
                            }
                        }
                        return arrayList2;
                    }
                    if (aSN1InputStream2 != null) {
                        if (0 != 0) {
                            try {
                                aSN1InputStream2.close();
                            } catch (Throwable th4) {
                                th2.addSuppressed(th4);
                            }
                        } else {
                            aSN1InputStream2.close();
                        }
                    }
                    if (aSN1InputStream != null) {
                        if (0 != 0) {
                            try {
                                aSN1InputStream.close();
                            } catch (Throwable th5) {
                                th.addSuppressed(th5);
                            }
                        } else {
                            aSN1InputStream.close();
                        }
                    }
                    return arrayList;
                } finally {
                }
            } catch (Throwable th6) {
                if (aSN1InputStream2 != null) {
                    if (th2 != null) {
                        try {
                            aSN1InputStream2.close();
                        } catch (Throwable th7) {
                            th2.addSuppressed(th7);
                        }
                    } else {
                        aSN1InputStream2.close();
                    }
                }
                throw th6;
            }
        } finally {
            if (aSN1InputStream != null) {
                if (0 != 0) {
                    try {
                        aSN1InputStream.close();
                    } catch (Throwable th8) {
                        th.addSuppressed(th8);
                    }
                } else {
                    aSN1InputStream.close();
                }
            }
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
