package ru.CryptoPro.AdES.service;

import com.google.common.net.HttpHeaders;
import java.io.IOException;
import java.io.InputStream;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Properties;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.ocsp.RevokedInfo;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cert.ocsp.CertificateStatus;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.cert.ocsp.OCSPReq;
import org.bouncycastle.cert.ocsp.OCSPReqBuilder;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.bouncycastle.cert.ocsp.SingleResp;
import ru.CryptoPro.AdES.evidence.CertificateIdentifierCalculator;
import ru.CryptoPro.AdES.exception.AdESException;
import ru.CryptoPro.AdES.tools.AdESUtility;
import ru.CryptoPro.JCP.tools.JCPLogger;
import ru.CryptoPro.JCP.tools.logger.LoggingUtils;

/* loaded from: classes4.dex */
public class OCSPServiceConnectorImpl extends ServiceConnectorImpl implements OCSPConnector {
    private static long sequence = System.currentTimeMillis();
    private X509Certificate checkableCertificate;
    private X509Certificate issuerCertificate;

    public OCSPServiceConnectorImpl(String str) {
        super(str);
    }

    private static byte[] createId(String str, String str2) throws AdESException {
        JCPLogger.fine("Creating ID...");
        long currentTimeMillis = System.currentTimeMillis();
        StringBuilder append = new StringBuilder().append(currentTimeMillis).append("+").append(Runtime.getRuntime().freeMemory()).append("+");
        long j = sequence;
        sequence = 1 + j;
        return AdESUtility.calculateDigest(str2, str, append.append(j).toString().getBytes());
    }

    private OCSPReq generateOCSPRequest() throws OCSPException, IOException, IllegalArgumentException, AdESException {
        JCPLogger.fine("Generating OCSP request...");
        String checkAndGetDigestAlgorithm = AdESUtility.checkAndGetDigestAlgorithm(null, this.provider, this.checkableCertificate.getPublicKey());
        if (checkAndGetDigestAlgorithm == null) {
            throw new AdESException("Digest algorithm has not been found or is not supported by provider " + this.provider, AdESException.ecInternal);
        }
        JCPLogger.fine("Digest algorithm: " + checkAndGetDigestAlgorithm);
        CertificateIdentifierCalculator certificateIdentifierCalculator = new CertificateIdentifierCalculator(this.checkableCertificate, this.issuerCertificate);
        certificateIdentifierCalculator.setDigestAlgorithm(checkAndGetDigestAlgorithm);
        certificateIdentifierCalculator.setProvider(this.provider);
        CertificateID fixCertificateID = AdESUtility.fixCertificateID(certificateIdentifierCalculator.make((Void) null), checkAndGetDigestAlgorithm);
        OCSPReqBuilder oCSPReqBuilder = new OCSPReqBuilder();
        oCSPReqBuilder.addRequest(fixCertificateID, new Extensions(new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, (ASN1OctetString) new DEROctetString(new DEROctetString(Arrays.copyOfRange(createId(checkAndGetDigestAlgorithm, this.provider), 0, 8)).getEncoded()))));
        return oCSPReqBuilder.build();
    }

    @Override // ru.CryptoPro.AdES.service.ServiceConnector
    public byte[] getEncoded() throws AdESException {
        InputStream inputStream = null;
        try {
            try {
                byte[] encoded = generateOCSPRequest().getEncoded();
                LoggingUtils.logBase64EncodedValue("OCSP request [BASE64]:", encoded);
                InputStream callService = callService(encoded);
                OCSPResp oCSPResp = new OCSPResp(callService);
                LoggingUtils.logBase64EncodedValue("OCSP response [BASE64]:", oCSPResp.getEncoded());
                if (oCSPResp.getStatus() != 0) {
                    AdESException adESException = new AdESException("Invalid OCSP status: " + oCSPResp.getStatus(), AdESException.ecOnlineCallFailed);
                    JCPLogger.thrown(adESException);
                    throw adESException;
                }
                BasicOCSPResp basicOCSPResp = (BasicOCSPResp) oCSPResp.getResponseObject();
                byte[] encoded2 = basicOCSPResp.getEncoded();
                LoggingUtils.logBase64EncodedValue("OCSP basic response [BASE64]:", encoded2);
                SingleResp[] responses = basicOCSPResp.getResponses();
                if (responses.length != 1) {
                    AdESException adESException2 = new AdESException("Invalid single response count", AdESException.ecOnlineCallFailed);
                    JCPLogger.thrown(adESException2);
                    throw adESException2;
                }
                CertificateStatus certStatus = responses[0].getCertStatus();
                if (certStatus == CertificateStatus.GOOD) {
                    if (callService != null) {
                        try {
                            callService.close();
                        } catch (IOException unused) {
                        }
                    }
                    return encoded2;
                }
                if (certStatus instanceof RevokedInfo) {
                    AdESException adESException3 = new AdESException("OCSP status of certificate: sn " + this.checkableCertificate.getSerialNumber().toString(16) + ", subject " + this.checkableCertificate.getSubjectDN() + ", issuer " + this.checkableCertificate.getIssuerDN() + " is REVOKED", AdESException.ecRevocationCertificateStatusIsRevoked);
                    JCPLogger.thrown(adESException3);
                    throw adESException3;
                }
                AdESException adESException4 = new AdESException("OCSP status of certificate: sn " + this.checkableCertificate.getSerialNumber().toString(16) + ", subject " + this.checkableCertificate.getSubjectDN() + ", issuer " + this.checkableCertificate.getIssuerDN() + " is UNKNOWN", AdESException.ecRevocationCertificateStatusIsUnknown);
                JCPLogger.thrown(adESException4);
                throw adESException4;
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        inputStream.close();
                    } catch (IOException unused2) {
                    }
                }
                throw th;
            }
        } catch (IOException e) {
            AdESException adESException5 = new AdESException(e, AdESException.ecOnlineCallFailed);
            JCPLogger.thrown(adESException5);
            throw adESException5;
        } catch (OCSPException e2) {
            AdESException adESException6 = new AdESException(e2, AdESException.ecOnlineCallFailed);
            JCPLogger.thrown(adESException6);
            throw adESException6;
        }
    }

    @Override // ru.CryptoPro.AdES.service.ServiceConnectorImpl
    protected Properties getRequestProperties() {
        Properties properties = new Properties();
        properties.setProperty(HttpHeaders.CONTENT_TYPE, "application/ocsp-request");
        properties.setProperty(HttpHeaders.ACCEPT, "application/ocsp-response");
        return properties;
    }

    @Override // ru.CryptoPro.AdES.service.OCSPConnector
    public void setCheckableCertificate(X509Certificate x509Certificate) {
        this.checkableCertificate = x509Certificate;
    }

    @Override // ru.CryptoPro.AdES.service.OCSPConnector
    public void setIssuerCertificate(X509Certificate x509Certificate) {
        this.issuerCertificate = x509Certificate;
    }
}
