package dev.fitko.fitconnect.jwkvalidator.x5c.ocsp;

import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import java.util.Optional;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.SingleResp;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:dev/fitko/fitconnect/jwkvalidator/x5c/ocsp/OCSPTimestampValidator.class */
public class OCSPTimestampValidator {
    private static final Logger log = LoggerFactory.getLogger(OCSPTimestampValidator.class);
    private static final Integer TIMESTAMP_TOLERANCE_IN_SECONDS = 1;

    /* JADX INFO: Access modifiers changed from: package-private */
    public Optional<BasicOCSPResp> validate(BasicOCSPResp basicOCSPResp, String str, X509Certificate x509Certificate) {
        SingleResp singleResp = basicOCSPResp.getResponses()[0];
        Calendar calendar = Calendar.getInstance();
        calendar.add(13, TIMESTAMP_TOLERANCE_IN_SECONDS.intValue());
        Date time = calendar.getTime();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(13, (-1) * TIMESTAMP_TOLERANCE_IN_SECONDS.intValue());
        Date time2 = calendar2.getTime();
        Date thisUpdate = singleResp.getThisUpdate();
        if (thisUpdate == null) {
            log.error("Response contains no 'thisUpdate' field for leaf cert {} and url {}", x509Certificate.getSerialNumber(), str);
            return Optional.empty();
        }
        Date nextUpdate = singleResp.getNextUpdate();
        if (nextUpdate == null) {
            log.error("Response contains no 'nextUpdate' field for leaf cert {} and url {}", x509Certificate.getSerialNumber(), str);
            return Optional.empty();
        }
        if (time.before(thisUpdate)) {
            log.error("thisUpdate {} is after current date {} field for cert {} and url {}", new Object[]{thisUpdate, time, x509Certificate.getSerialNumber(), str});
            return Optional.empty();
        }
        if (!time2.after(nextUpdate)) {
            return Optional.of(basicOCSPResp);
        }
        log.error("nextUpdate {} is before current date {} field for cert {} and url {}", new Object[]{thisUpdate, time2, x509Certificate.getSerialNumber(), str});
        return Optional.empty();
    }
}
