package dev.fitko.fitconnect.jwkvalidator.x5c.ocsp;

import dev.fitko.fitconnect.jwkvalidator.x5c.net.RevocationDownloadRequest;
import dev.fitko.fitconnect.jwkvalidator.x5c.net.ValidResponseCodes;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.ConnectException;
import java.net.HttpURLConnection;
import java.net.ProtocolException;
import java.net.Proxy;
import java.net.SocketTimeoutException;
import java.security.cert.X509Certificate;
import java.util.Optional;
import org.bouncycastle.cert.ocsp.OCSPReq;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:dev/fitko/fitconnect/jwkvalidator/x5c/ocsp/OCSPDownloadRequest.class */
public class OCSPDownloadRequest extends RevocationDownloadRequest<OCSPResp> {
    private static final Logger log = LoggerFactory.getLogger(OCSPDownloadRequest.class);

    public OCSPDownloadRequest(Proxy proxy) {
        super(proxy);
    }

    public Optional<OCSPResp> downloadResponse(String str, OCSPReq oCSPReq, X509Certificate x509Certificate) {
        if (isHttpURL(str)) {
            Optional flatMap = createHttpConnection(x509Certificate, str).flatMap(httpURLConnection -> {
                return setHttpConnectionRequestProperties(httpURLConnection, str, x509Certificate);
            }).flatMap(httpURLConnection2 -> {
                return writeRequestToHttpConnection(httpURLConnection2, oCSPReq, x509Certificate, str);
            }).flatMap(httpURLConnection3 -> {
                return validateHttpConnectionResponseCode(ValidResponseCodes.HTTP, httpURLConnection3, x509Certificate, str);
            });
            return flatMap.isEmpty() ? Optional.empty() : readResponseFromHttpConnection((HttpURLConnection) flatMap.get(), x509Certificate, str);
        }
        log.error("Failed obtaining OCSP response for {}. Only http is supported", str);
        return Optional.empty();
    }

    private Optional<HttpURLConnection> setHttpConnectionRequestProperties(HttpURLConnection httpURLConnection, String str, X509Certificate x509Certificate) {
        try {
            httpURLConnection.setRequestProperty("Content-Type", "application/ocsp-request");
            httpURLConnection.setRequestProperty("Accept", "application/ocsp-response");
            httpURLConnection.setRequestMethod("POST");
            httpURLConnection.setDoOutput(true);
            httpURLConnection.setConnectTimeout(10000);
            return Optional.of(httpURLConnection);
        } catch (ProtocolException e) {
            log.error("Failed setting request method for http connection with service url {} for leaf cert {}", new Object[]{str, x509Certificate.getSerialNumber(), e});
            closeHttpConnection(httpURLConnection);
            return Optional.empty();
        }
    }

    private Optional<HttpURLConnection> writeRequestToHttpConnection(HttpURLConnection httpURLConnection, OCSPReq oCSPReq, X509Certificate x509Certificate, String str) {
        try {
            OutputStream outputStream = httpURLConnection.getOutputStream();
            try {
                outputStream.write(oCSPReq.getEncoded());
                Optional<HttpURLConnection> of = Optional.of(httpURLConnection);
                if (outputStream != null) {
                    outputStream.close();
                }
                return of;
            } catch (Throwable th) {
                if (outputStream != null) {
                    try {
                        outputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (ConnectException e) {
            log.error("Failed connecting to service url {} for OCSP request of leaf cert {}", new Object[]{str, x509Certificate.getSerialNumber(), e});
            closeHttpConnection(httpURLConnection);
            return Optional.empty();
        } catch (SocketTimeoutException e2) {
            log.error("Failed writing OCSP request for service url {} in leaf cert {} - connection timeout", new Object[]{str, x509Certificate.getSerialNumber(), e2});
            closeHttpConnection(httpURLConnection);
            return Optional.empty();
        } catch (IOException e3) {
            log.error("Failed writing OCSP request for service url {} in leaf cert {}", new Object[]{str, x509Certificate.getSerialNumber(), e3});
            closeHttpConnection(httpURLConnection);
            return Optional.empty();
        }
    }

    @Override // dev.fitko.fitconnect.jwkvalidator.x5c.net.RevocationDownloadRequest
    protected Optional<OCSPResp> buildResponseObject(InputStream inputStream, X509Certificate x509Certificate, String str) {
        try {
            return Optional.of(new OCSPResp(inputStream));
        } catch (IOException e) {
            log.error("Failed reading OCSP response for service url {} in leaf cert {}", new Object[]{str, x509Certificate, e});
            return Optional.empty();
        }
    }
}
