package dev.fitko.fitconnect.jwkvalidator.x5c.ocsp;

import dev.fitko.fitconnect.jwkvalidator.x5c.CertStatus;
import dev.fitko.fitconnect.jwkvalidator.x5c.crl.CRLVerifier;
import java.net.Proxy;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Optional;
import org.bouncycastle.cert.ocsp.OCSPReq;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:dev/fitko/fitconnect/jwkvalidator/x5c/ocsp/OCSPVerifier.class */
public class OCSPVerifier {
    private static final Logger log = LoggerFactory.getLogger(OCSPVerifier.class);
    private final OCSPCacheManager cache = new OCSPCacheManager();
    private final OCSPRequestGenerator ocspRequestGenerator = new OCSPRequestGenerator();
    private final OCSPLocationGenerator ocspLocationGenerator = new OCSPLocationGenerator();
    private final OCSPLocationEvaluator ocspLocationEvaluator;

    public OCSPVerifier(Proxy proxy, CRLVerifier cRLVerifier, List<String> list) {
        this.ocspLocationEvaluator = new OCSPLocationEvaluator(this.cache, cRLVerifier, list, proxy);
    }

    public CertStatus checkCertStatus(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        Optional<CertStatus> checkForEntryInCache = this.cache.checkForEntryInCache(x509Certificate, x509Certificate2);
        if (checkForEntryInCache.isPresent()) {
            return checkForEntryInCache.get();
        }
        try {
            Optional<OCSPReq> generateOCSPRequest = this.ocspRequestGenerator.generateOCSPRequest(x509Certificate, x509Certificate2);
            List<String> aIALocations = this.ocspLocationGenerator.getAIALocations(x509Certificate);
            if (generateOCSPRequest.isEmpty() || aIALocations.isEmpty()) {
                log.error("Could not create ocspReq and/or locations for leaf {} and intermediate {}", x509Certificate.getSerialNumber(), x509Certificate2.getSerialNumber());
                return CertStatus.UNKNOWN;
            }
            CertStatus checkCertStatusForLocations = this.ocspLocationEvaluator.checkCertStatusForLocations(generateOCSPRequest.get(), aIALocations, x509Certificate, x509Certificate2);
            if (checkCertStatusForLocations != null) {
                return checkCertStatusForLocations;
            }
            log.error("Cannot determine revocation status via OCSP for leafCert {} and intermediateCert {}", x509Certificate.getSerialNumber(), x509Certificate2.getSerialNumber());
            return CertStatus.UNKNOWN;
        } catch (Exception e) {
            log.error("OCSP validation for leaf {} and intermediate {} caused a problem", new Object[]{x509Certificate.getSerialNumber(), x509Certificate2.getSerialNumber(), e});
            return CertStatus.UNKNOWN;
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
