package de.gematik.pki.ocsp;

import de.gematik.pki.exception.GemPkiException;
import de.gematik.pki.exception.GemPkiRuntimeException;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.Optional;
import kong.unirest.HttpResponse;
import kong.unirest.Unirest;
import kong.unirest.UnirestException;
import lombok.Generated;
import lombok.NonNull;
import org.bouncycastle.cert.ocsp.OCSPReq;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/gematik/pki/ocsp/OcspTransceiver.class */
public class OcspTransceiver {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(OcspTransceiver.class);

    @NonNull
    private final X509Certificate x509EeCert;

    @NonNull
    private final X509Certificate x509IssuerCert;

    @NonNull
    private final String ssp;

    @NonNull
    private final String productType;

    @Generated
    /* loaded from: input_file:de/gematik/pki/ocsp/OcspTransceiver$OcspTransceiverBuilder.class */
    public static class OcspTransceiverBuilder {

        @Generated
        private X509Certificate x509EeCert;

        @Generated
        private X509Certificate x509IssuerCert;

        @Generated
        private String ssp;

        @Generated
        private String productType;

        @Generated
        OcspTransceiverBuilder() {
        }

        @Generated
        public OcspTransceiverBuilder x509EeCert(@NonNull X509Certificate x509Certificate) {
            if (x509Certificate == null) {
                throw new NullPointerException("x509EeCert is marked non-null but is null");
            }
            this.x509EeCert = x509Certificate;
            return this;
        }

        @Generated
        public OcspTransceiverBuilder x509IssuerCert(@NonNull X509Certificate x509Certificate) {
            if (x509Certificate == null) {
                throw new NullPointerException("x509IssuerCert is marked non-null but is null");
            }
            this.x509IssuerCert = x509Certificate;
            return this;
        }

        @Generated
        public OcspTransceiverBuilder ssp(@NonNull String str) {
            if (str == null) {
                throw new NullPointerException("ssp is marked non-null but is null");
            }
            this.ssp = str;
            return this;
        }

        @Generated
        public OcspTransceiverBuilder productType(@NonNull String str) {
            if (str == null) {
                throw new NullPointerException("productType is marked non-null but is null");
            }
            this.productType = str;
            return this;
        }

        @Generated
        public OcspTransceiver build() {
            return new OcspTransceiver(this.x509EeCert, this.x509IssuerCert, this.ssp, this.productType);
        }

        @Generated
        public String toString() {
            return "OcspTransceiver.OcspTransceiverBuilder(x509EeCert=" + this.x509EeCert + ", x509IssuerCert=" + this.x509IssuerCert + ", ssp=" + this.ssp + ", productType=" + this.productType + ")";
        }
    }

    public void verifyOcspResponse(OcspRespCache ocspRespCache) throws GemPkiException {
        if (ocspRespCache == null) {
            verifyOcspResponseOnline();
            return;
        }
        Optional<OCSPResp> response = ocspRespCache.getResponse(this.x509EeCert.getSerialNumber());
        if (response.isPresent()) {
            OcspVerifier.builder().productType(this.productType).eeCert(this.x509EeCert).ocspResponse(response.get()).build().verifyStatusGood();
        } else {
            verifyOcspResponseOnline();
        }
    }

    private void verifyOcspResponseOnline() throws GemPkiException {
        OcspVerifier.builder().productType(this.productType).eeCert(this.x509EeCert).ocspResponse(sendOcspRequest(OcspRequestGenerator.generateSingleOcspRequest(this.x509EeCert, this.x509IssuerCert))).build().performOcspChecks();
    }

    public OCSPResp sendOcspRequest(OCSPReq oCSPReq) {
        return sendOcspRequestToUrl(this.ssp, oCSPReq);
    }

    public static OCSPResp sendOcspRequestToUrl(String str, OCSPReq oCSPReq) {
        try {
            log.info("Send OCSP Request for certificate serial number: " + oCSPReq.getRequestList()[0].getCertID().getSerialNumber() + " to: " + str);
            HttpResponse asBytes = Unirest.post(str).header("Content-Type", "application/ocsp-request").body(oCSPReq.getEncoded()).asBytes();
            log.info("HttpStatus der OcspResponse: " + asBytes.getStatus());
            return new OCSPResp((byte[]) asBytes.getBody());
        } catch (UnirestException | IOException e) {
            throw new GemPkiRuntimeException("OCSP senden/empfangen fehlgeschlagen.", e);
        }
    }

    @Generated
    public static OcspTransceiverBuilder builder() {
        return new OcspTransceiverBuilder();
    }

    @Generated
    public OcspTransceiver(@NonNull X509Certificate x509Certificate, @NonNull X509Certificate x509Certificate2, @NonNull String str, @NonNull String str2) {
        if (x509Certificate == null) {
            throw new NullPointerException("x509EeCert is marked non-null but is null");
        }
        if (x509Certificate2 == null) {
            throw new NullPointerException("x509IssuerCert is marked non-null but is null");
        }
        if (str == null) {
            throw new NullPointerException("ssp is marked non-null but is null");
        }
        if (str2 == null) {
            throw new NullPointerException("productType is marked non-null but is null");
        }
        this.x509EeCert = x509Certificate;
        this.x509IssuerCert = x509Certificate2;
        this.ssp = str;
        this.productType = str2;
    }
}
