package iaik.pki.store.revocation.j15;

import at.gv.egiz.bku.binding.HttpUtil;
import at.gv.egiz.bku.utils.urldereferencer.HTTPURLProtocolHandlerImpl;
import iaik.asn1.CodingException;
import iaik.logging.Log;
import iaik.logging.LogFactory;
import iaik.logging.TransactionId;
import iaik.pki.revocation.RevocationSourceTypes;
import iaik.pki.store.revocation.OCSPRevocationSource;
import iaik.pki.store.revocation.RevocationFactory;
import iaik.pki.store.revocation.RevocationInfoRetriever;
import iaik.pki.store.revocation.RevocationSource;
import iaik.pki.store.revocation.RevocationStoreException;
import iaik.pki.utils.Constants;
import iaik.pki.utils.URLDecoder;
import iaik.pki.utils.URLEncoder;
import iaik.utils.ASN1InputStream;
import iaik.x509.ocsp.OCSPRequest;
import iaik.x509.ocsp.OCSPResponse;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.SocketTimeoutException;
import java.net.URL;
import java.net.URLConnection;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.apache.xerces.xinclude.XIncludeHandler;

/* loaded from: input_file:BKULocal.war:WEB-INF/lib/iaik_pki-2.00-MOA-MOCCA.jar:iaik/pki/store/revocation/j15/OCSPRetriever.class */
public class OCSPRetriever implements RevocationInfoRetriever {
    protected static Log log_ = LogFactory.getLog(Constants.MODULE_NAME);
    protected int connectTimeout_ = 60000;
    protected int readTimeout_ = 60000;

    @Override // iaik.pki.store.revocation.RevocationInfoRetriever
    public void update(RevocationSource revocationSource, Collection<Object> collection, TransactionId transactionId) throws RevocationStoreException {
        if (revocationSource == null) {
            throw new NullPointerException("RevocationSource parameter must not be null.");
        }
        if (collection == null) {
            throw new NullPointerException("Supplemental request data must not be null.");
        }
        if (!revocationSource.getType().equals(RevocationSourceTypes.OCSP)) {
            throw new RevocationStoreException("RevocationSource of type \"" + revocationSource.getType() + "\" is not supported by this OCSP retriever.", null, getClass().getName() + ":1");
        }
        OCSPRequest oCSPRequest = null;
        Iterator<Object> it = collection.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Object next = it.next();
            if (next instanceof OCSPRequest) {
                oCSPRequest = (OCSPRequest) next;
                break;
            }
        }
        if (oCSPRequest == null) {
            throw new RevocationStoreException("SupplementalRequestData must contain an OCSP Request.", null, getClass().getName() + ":2");
        }
        ((OCSPRevocationSource) revocationSource).setReqCert(oCSPRequest.getRequestList()[0].getReqCert());
        InputStream inputStream = null;
        String uri = revocationSource.getUri();
        try {
            try {
                try {
                    log_.info(transactionId, "Sending ocsp request to: " + uri, null);
                    log_.debug(transactionId, "(ocsp request: " + oCSPRequest.toString(true) + DefaultExpressionEngine.DEFAULT_INDEX_END, null);
                    URL url = new URL(uri);
                    if (url.getProtocol().equalsIgnoreCase(HTTPURLProtocolHandlerImpl.HTTP)) {
                        OCSPResponse oCSPResponse = null;
                        try {
                            byte[] encoded = oCSPRequest.getEncoded();
                            HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
                            httpURLConnection.setRequestProperty(HttpUtil.HTTP_HEADER_CONTENT_TYPE, "application/ocsp-request");
                            httpURLConnection.setRequestProperty(XIncludeHandler.HTTP_ACCEPT, "application/ocsp-response");
                            httpURLConnection.setRequestProperty("Content-Length", String.valueOf(encoded.length));
                            httpURLConnection.setDoOutput(true);
                            httpURLConnection.setConnectTimeout(this.connectTimeout_);
                            httpURLConnection.setReadTimeout(this.readTimeout_);
                            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(httpURLConnection.getOutputStream());
                            bufferedOutputStream.write(encoded);
                            bufferedOutputStream.flush();
                            bufferedOutputStream.close();
                            int responseCode = httpURLConnection.getResponseCode();
                            String responseMessage = httpURLConnection.getResponseMessage();
                            if (responseCode / 200 != 1) {
                                log_.error(transactionId, "Error connecting to \"" + url + "\".", null);
                                log_.error(transactionId, "ResponseMessage: " + responseMessage + ".", null);
                                throw new RevocationStoreException("Error while downloading ocsp data from \"" + uri + "\".", null, getClass().getName() + ":3");
                            }
                            if (responseCode / 100 == 2) {
                                String contentType = httpURLConnection.getContentType();
                                if (!"application/ocsp-response".equalsIgnoreCase(contentType)) {
                                    throw new IOException("Got response with invalid content type: " + contentType + ".");
                                }
                                oCSPResponse = new OCSPResponse(new ASN1InputStream(new BufferedInputStream(httpURLConnection.getInputStream())));
                            }
                            ((OCSPRevocationSource) revocationSource).setOCSPResponse(oCSPResponse, transactionId);
                            revocationSource.setDownloadTime(new Date(System.currentTimeMillis()));
                        } catch (CodingException e) {
                            throw new IOException("Request encoding error: " + e.getMessage());
                        }
                    } else {
                        log_.warn(transactionId, "Unsupported ocsp protocol (trying anyway) " + url.getProtocol(), null);
                        URLConnection openConnection = url.openConnection();
                        openConnection.setConnectTimeout(this.connectTimeout_);
                        openConnection.setReadTimeout(this.readTimeout_);
                        inputStream = openConnection.getInputStream();
                        revocationSource.readFrom(inputStream, transactionId);
                        revocationSource.setDownloadTime(new Date(System.currentTimeMillis()));
                    }
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (IOException e2) {
                        }
                    }
                } catch (Throwable th) {
                    if (0 != 0) {
                        try {
                            inputStream.close();
                        } catch (IOException e3) {
                            throw th;
                        }
                    }
                    throw th;
                }
            } catch (SocketTimeoutException e4) {
                log_.info(transactionId, "Connection timeout when trying to download ocsp data from \"" + revocationSource.getUri() + "\".", null);
                throw new RevocationStoreException("Connection timeout when trying to download ocsp data from \"" + revocationSource.getUri() + "\".", null, getClass().getName() + ":4");
            }
        } catch (Exception e5) {
            log_.error(transactionId, "Error accessing OCSP responder: " + e5.getMessage(), null);
            String str = null;
            boolean z = false;
            try {
                str = URLDecoder.decodeUTF8(uri);
                z = true;
            } catch (IOException e6) {
                try {
                    log_.info(transactionId, "Invalid UTF-8 encoding of responder url. Trying to decode ISO-8859-1 ...", null);
                    String decodeISO8859_1 = URLDecoder.decodeISO8859_1(uri);
                    log_.info(transactionId, "URL successfully decoded, now encoding UTF-8 ...", null);
                    str = URLEncoder.encode(decodeISO8859_1, "utf-8");
                } catch (Exception e7) {
                    z = true;
                }
            }
            if (z) {
                log_.info(transactionId, "Cannot access ocsp responder", null);
                throw new RevocationStoreException("Cannot access ocsp responder.", null, getClass().getName() + ":5");
            }
            log_.info(transactionId, "Trying to access responder again ...", null);
            update(RevocationFactory.getInstance(transactionId).createRevocationSource(str, RevocationSourceTypes.OCSP), collection, transactionId);
            if (0 != 0) {
                try {
                    inputStream.close();
                } catch (IOException e8) {
                }
            }
        }
    }

    @Override // iaik.pki.store.revocation.RevocationInfoRetriever
    public synchronized void setConnectTimeout(int i) {
        if (i < 0) {
            throw new IllegalArgumentException("Connect timeout for downloading revocation data must not be negative.");
        }
        this.connectTimeout_ = i;
    }

    @Override // iaik.pki.store.revocation.RevocationInfoRetriever
    public synchronized void setReadTimeout(int i) {
        if (i < 0) {
            throw new IllegalArgumentException("Connect timeout for downloading revocation data must not be negative.");
        }
        this.readTimeout_ = i;
    }
}
