package dev.fitko.fitconnect.jwkvalidator.x5c.ocsp;

import java.math.BigInteger;
import java.security.cert.X509Certificate;
import java.util.Optional;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cert.ocsp.OCSPReq;
import org.bouncycastle.cert.ocsp.OCSPReqBuilder;
import org.bouncycastle.operator.DigestCalculator;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:dev/fitko/fitconnect/jwkvalidator/x5c/ocsp/OCSPRequestGenerator.class */
class OCSPRequestGenerator {
    private static final Logger log = LoggerFactory.getLogger(OCSPRequestGenerator.class);
    private final DigestCalculator digestCalculator = createDigestCalculator();

    private DigestCalculator createDigestCalculator() {
        try {
            return new JcaDigestCalculatorProviderBuilder().build().get(CertificateID.HASH_SHA1);
        } catch (OperatorCreationException e) {
            log.error("Could not create DigestCalculator instance", e);
            throw new RuntimeException((Throwable) e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Optional<OCSPReq> generateOCSPRequest(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        return generateCertificateID(x509Certificate, x509Certificate2).flatMap(this::buildOCSPReq);
    }

    private Optional<CertificateID> generateCertificateID(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        try {
            return Optional.of(new CertificateID(this.digestCalculator, new X509CertificateHolder(x509Certificate2.getEncoded()), x509Certificate.getSerialNumber()));
        } catch (Exception e) {
            log.error("Failed generating CertificateID for leaf {} and intermediate {}", new Object[]{x509Certificate.getSerialNumber(), x509Certificate2.getSerialNumber(), e});
            return Optional.empty();
        }
    }

    private Optional<OCSPReq> buildOCSPReq(CertificateID certificateID) {
        try {
            OCSPReqBuilder oCSPReqBuilder = new OCSPReqBuilder();
            oCSPReqBuilder.addRequest(certificateID);
            oCSPReqBuilder.setRequestExtensions(new Extensions(new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(BigInteger.valueOf(System.currentTimeMillis()).toByteArray()).getEncoded())));
            return Optional.of(oCSPReqBuilder.build());
        } catch (Exception e) {
            log.error("Failed building OCSPReq from certificate {}", certificateID.getSerialNumber(), e);
            return Optional.empty();
        }
    }
}
