package be.fedict.trust.ocsp;

import be.fedict.trust.Credentials;
import be.fedict.trust.NetworkConfig;
import java.io.IOException;
import java.net.ConnectException;
import java.net.URI;
import java.security.cert.X509Certificate;
import org.apache.commons.httpclient.Header;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.methods.ByteArrayRequestEntity;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.ocsp.CertificateID;
import org.bouncycastle.ocsp.OCSPException;
import org.bouncycastle.ocsp.OCSPReqGenerator;
import org.bouncycastle.ocsp.OCSPResp;

/* loaded from: input_file:be/fedict/trust/ocsp/OnlineOcspRepository.class */
public class OnlineOcspRepository implements OcspRepository {
    private static final Log LOG = LogFactory.getLog(OnlineOcspRepository.class);
    private final NetworkConfig networkConfig;
    private Credentials credentials;

    public OnlineOcspRepository(NetworkConfig networkConfig) {
        this.networkConfig = networkConfig;
    }

    public OnlineOcspRepository() {
        this(null);
    }

    public void setCredentials(Credentials credentials) {
        this.credentials = credentials;
    }

    @Override // be.fedict.trust.ocsp.OcspRepository
    public OCSPResp findOcspResponse(URI uri, X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        try {
            return getOcspResponse(uri, x509Certificate, x509Certificate2);
        } catch (IOException e) {
            LOG.debug("I/O error: " + e.getMessage(), e);
            return null;
        } catch (OCSPException e2) {
            LOG.debug("OCSP error: " + e2.getMessage(), e2);
            return null;
        }
    }

    private OCSPResp getOcspResponse(URI uri, X509Certificate x509Certificate, X509Certificate x509Certificate2) throws OCSPException, IOException {
        LOG.debug("OCSP URI: " + uri);
        OCSPReqGenerator oCSPReqGenerator = new OCSPReqGenerator();
        oCSPReqGenerator.addRequest(new CertificateID(CertificateID.HASH_SHA1, x509Certificate2, x509Certificate.getSerialNumber()));
        byte[] encoded = oCSPReqGenerator.generate().getEncoded();
        PostMethod postMethod = new PostMethod(uri.toString());
        ByteArrayRequestEntity byteArrayRequestEntity = new ByteArrayRequestEntity(encoded, "application/ocsp-request");
        postMethod.addRequestHeader("User-Agent", "jTrust OCSP Client");
        postMethod.setRequestEntity(byteArrayRequestEntity);
        HttpClient httpClient = new HttpClient();
        if (null != this.networkConfig) {
            httpClient.getHostConfiguration().setProxy(this.networkConfig.getProxyHost(), this.networkConfig.getProxyPort());
        }
        if (null != this.credentials) {
            this.credentials.init(httpClient.getState());
        }
        try {
            httpClient.executeMethod(postMethod);
            int statusCode = postMethod.getStatusCode();
            if (200 != statusCode) {
                LOG.error("HTTP response code: " + statusCode);
                return null;
            }
            Header responseHeader = postMethod.getResponseHeader("Content-Type");
            if (null == responseHeader) {
                LOG.debug("no Content-Type response header");
                return null;
            }
            if (!"application/ocsp-response".equals(responseHeader.getValue())) {
                LOG.debug("result content type not application/ocsp-response");
                return null;
            }
            Header responseHeader2 = postMethod.getResponseHeader("Content-Length");
            if (null != responseHeader2 && "0".equals(responseHeader2.getValue())) {
                LOG.debug("no content returned");
                return null;
            }
            OCSPResp oCSPResp = new OCSPResp(postMethod.getResponseBodyAsStream());
            LOG.debug("OCSP response size: " + oCSPResp.getEncoded().length + " bytes");
            return oCSPResp;
        } catch (ConnectException e) {
            LOG.debug("OCSP responder is down");
            return null;
        }
    }
}
