package sun.security.provider.certpath;

import com.github.dockerjava.zerodep.shaded.org.apache.hc.client5.http.classic.methods.HttpGet;
import com.github.dockerjava.zerodep.shaded.org.apache.hc.client5.http.classic.methods.HttpPost;
import java.io.IOException;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URL;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.AccessController;
import java.security.cert.CRLReason;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.Extension;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.Date;
import java.util.List;
import java.util.Map;
import sun.security.action.GetIntegerAction;
import sun.security.provider.certpath.OCSPResponse;
import sun.security.util.Debug;
import sun.security.util.Event;
import sun.security.util.IOUtils;
import sun.security.x509.AccessDescription;
import sun.security.x509.AuthorityInfoAccessExtension;
import sun.security.x509.GeneralName;
import sun.security.x509.PKIXExtensions;
import sun.security.x509.URIName;
import sun.security.x509.X509CertImpl;

/* loaded from: input_file:BOOT-INF/lib/java.base-2023-06-15.jar:META-INF/modules/java.base/classes/sun/security/provider/certpath/OCSP.class */
public final class OCSP {
    private static final int DEFAULT_CONNECT_TIMEOUT = 15000;
    private static final Debug debug = Debug.getInstance("certpath");
    private static final int CONNECT_TIMEOUT = initializeTimeout();

    /* loaded from: input_file:BOOT-INF/lib/java.base-2023-06-15.jar:META-INF/modules/java.base/classes/sun/security/provider/certpath/OCSP$RevocationStatus.class */
    public interface RevocationStatus {

        /* loaded from: input_file:BOOT-INF/lib/java.base-2023-06-15.jar:META-INF/modules/java.base/classes/sun/security/provider/certpath/OCSP$RevocationStatus$CertStatus.class */
        public enum CertStatus {
            GOOD,
            REVOKED,
            UNKNOWN
        }

        CertStatus getCertStatus();

        Date getRevocationTime();

        CRLReason getRevocationReason();

        Map<String, Extension> getSingleExtensions();
    }

    private static int initializeTimeout() {
        Integer num = (Integer) AccessController.doPrivileged(new GetIntegerAction("com.sun.security.ocsp.timeout"));
        return (num == null || num.intValue() < 0) ? DEFAULT_CONNECT_TIMEOUT : num.intValue() * 1000;
    }

    private OCSP() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static OCSPResponse check(List<CertId> list, URI uri, OCSPResponse.IssuerInfo issuerInfo, X509Certificate x509Certificate, Date date, List<Extension> list2, String str) throws IOException, CertPathValidatorException {
        byte[] bArr = null;
        for (Extension extension : list2) {
            if (extension.getId().equals(PKIXExtensions.OCSPNonce_Id.toString())) {
                bArr = extension.getValue();
            }
        }
        try {
            OCSPResponse oCSPResponse = new OCSPResponse(getOCSPBytes(list, uri, list2));
            oCSPResponse.verify(list, issuerInfo, x509Certificate, date, bArr, str);
            return oCSPResponse;
        } catch (IOException e) {
            throw new CertPathValidatorException("Unable to determine revocation status due to network error", e, null, -1, CertPathValidatorException.BasicReason.UNDETERMINED_REVOCATION_STATUS);
        }
    }

    public static byte[] getOCSPBytes(List<CertId> list, URI uri, List<Extension> list2) throws IOException {
        byte[] encodeBytes = new OCSPRequest(list, list2).encodeBytes();
        String uri2 = uri.toString();
        if (debug != null) {
            debug.println("connecting to OCSP service at: " + uri2);
        }
        Event.report(Event.ReporterCategory.CRLCHECK, "event.ocsp.check", uri2);
        HttpURLConnection httpURLConnection = null;
        try {
            StringBuilder sb = new StringBuilder(uri2);
            if (!uri2.endsWith("/")) {
                sb.append("/");
            }
            sb.append(URLEncoder.encode(Base64.getEncoder().encodeToString(encodeBytes), StandardCharsets.UTF_8));
            if (sb.length() <= 255) {
                httpURLConnection = (HttpURLConnection) new URL(sb.toString()).openConnection();
                httpURLConnection.setDoOutput(true);
                httpURLConnection.setDoInput(true);
                httpURLConnection.setRequestMethod(HttpGet.METHOD_NAME);
            } else {
                httpURLConnection = (HttpURLConnection) uri.toURL().openConnection();
                httpURLConnection.setConnectTimeout(CONNECT_TIMEOUT);
                httpURLConnection.setReadTimeout(CONNECT_TIMEOUT);
                httpURLConnection.setDoOutput(true);
                httpURLConnection.setDoInput(true);
                httpURLConnection.setRequestMethod(HttpPost.METHOD_NAME);
                httpURLConnection.setRequestProperty("Content-type", "application/ocsp-request");
                httpURLConnection.setRequestProperty("Content-length", String.valueOf(encodeBytes.length));
                OutputStream outputStream = httpURLConnection.getOutputStream();
                outputStream.write(encodeBytes);
                outputStream.flush();
            }
            if (debug != null && httpURLConnection.getResponseCode() != 200) {
                debug.println("Received HTTP error: " + httpURLConnection.getResponseCode() + " - " + httpURLConnection.getResponseMessage());
            }
            int contentLength = httpURLConnection.getContentLength();
            if (contentLength == -1) {
                contentLength = Integer.MAX_VALUE;
            }
            byte[] readExactlyNBytes = IOUtils.readExactlyNBytes(httpURLConnection.getInputStream(), contentLength);
            if (httpURLConnection != null) {
                httpURLConnection.disconnect();
            }
            return readExactlyNBytes;
        } catch (Throwable th) {
            if (httpURLConnection != null) {
                httpURLConnection.disconnect();
            }
            throw th;
        }
    }

    public static URI getResponderURI(X509Certificate x509Certificate) {
        try {
            return getResponderURI(X509CertImpl.toImpl(x509Certificate));
        } catch (CertificateException e) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static URI getResponderURI(X509CertImpl x509CertImpl) {
        AuthorityInfoAccessExtension authorityInfoAccessExtension = x509CertImpl.getAuthorityInfoAccessExtension();
        if (authorityInfoAccessExtension == null) {
            return null;
        }
        for (AccessDescription accessDescription : authorityInfoAccessExtension.getAccessDescriptions()) {
            if (accessDescription.getAccessMethod().equals(AccessDescription.Ad_OCSP_Id)) {
                GeneralName accessLocation = accessDescription.getAccessLocation();
                if (accessLocation.getType() == 6) {
                    return ((URIName) accessLocation.getName()).getURI();
                }
            }
        }
        return null;
    }
}
