package es.gob.afirma.cert.certvalidation;

import java.net.URL;
import java.security.cert.X509Certificate;
import java.util.List;

/* loaded from: input_file:es/gob/afirma/cert/certvalidation/OcspCertificateVerifier.class */
public final class OcspCertificateVerifier extends CertificateVerifier {
    @Override // es.gob.afirma.cert.certvalidation.CertificateVerifier, es.gob.afirma.cert.certvalidation.CertificateVerificable
    public void setSubjectCert(X509Certificate x509Certificate) {
        super.setSubjectCert(x509Certificate);
        if (getValidationProperties() != null) {
            try {
                getValidationProperties().setProperty("responderUrl", getBestResponder(OcspHelper.getAIALocations(x509Certificate)));
                getValidationProperties().setProperty("signOcspRequest", "false");
            } catch (Exception e) {
                throw new IllegalArgumentException(e);
            }
        }
    }

    @Override // es.gob.afirma.cert.certvalidation.CertificateVerifier, es.gob.afirma.cert.certvalidation.CertificateVerificable
    public ValidationResult verifyRevocation(X509Certificate x509Certificate) {
        byte[] createSignedOcspRequest;
        if (Boolean.parseBoolean(getValidationProperties().getProperty("signOcspRequest"))) {
            try {
                try {
                    createSignedOcspRequest = OcspHelper.createSignedOcspRequest(x509Certificate, getIssuerCert(), OcspHelper.getSignData(getValidationProperties().getProperty("signStore"), getValidationProperties().getProperty("signStorePass"), getValidationProperties().getProperty("signAlias")));
                } catch (Exception e) {
                    LOGGER.severe("Error creando la peticion OCSP firmada: " + e);
                    return ValidationResult.SERVER_ERROR;
                }
            } catch (Exception e2) {
                LOGGER.severe("Error obteniendo los datos de firma de peticiones OCSP: " + e2);
                return ValidationResult.SERVER_ERROR;
            }
        } else {
            try {
                createSignedOcspRequest = OcspHelper.createOcspRequest(x509Certificate, getIssuerCert());
            } catch (Exception e3) {
                LOGGER.severe("Error creando la peticion OCSP: " + e3);
                return ValidationResult.SERVER_ERROR;
            }
        }
        try {
            URL url = new URL(getValidationProperties().getProperty("responderUrl"));
            try {
                try {
                    return OcspHelper.analyzeOcspResponse(OcspHelper.sendOcspRequest(url, createSignedOcspRequest));
                } catch (Exception e4) {
                    LOGGER.severe("Error analizando la respuesta del servidor OCSP: " + e4);
                    return ValidationResult.SERVER_ERROR;
                }
            } catch (Exception e5) {
                LOGGER.severe("Error enviado la peticion OCSP al servidor (" + url + "): " + e5);
                return ValidationResult.SERVER_ERROR;
            }
        } catch (Exception e6) {
            LOGGER.severe("No se ha configurado una URL de servicio OCSP valida: " + e6);
            return ValidationResult.SERVER_ERROR;
        }
    }

    private static String getBestResponder(List<String> list) {
        if (list == null || list.isEmpty()) {
            throw new IllegalArgumentException("No hay servidores OCSP configurados");
        }
        String str = list.get(0);
        if (list.size() > 1) {
            for (int i = 1; i < list.size(); i++) {
                if (list.get(i).toLowerCase().contains("ocsp")) {
                    str = list.get(i);
                }
            }
        }
        return str;
    }
}
