package de.gematik.pki.gemlibpki.validators;

import de.gematik.pki.gemlibpki.error.ErrorCode;
import de.gematik.pki.gemlibpki.exception.GemPkiException;
import de.gematik.pki.gemlibpki.ocsp.OcspRespCache;
import de.gematik.pki.gemlibpki.ocsp.OcspTransceiver;
import de.gematik.pki.gemlibpki.tsl.TspInformationProvider;
import de.gematik.pki.gemlibpki.tsl.TspService;
import de.gematik.pki.gemlibpki.tsl.TspServiceSubset;
import java.security.cert.X509Certificate;
import java.time.ZonedDateTime;
import java.util.List;
import lombok.Generated;
import lombok.NonNull;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/gematik/pki/gemlibpki/validators/OcspValidator.class */
public final class OcspValidator implements CertificateValidator {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(OcspValidator.class);

    @NonNull
    private final String productType;

    @NonNull
    private final List<TspService> tspServiceList;
    private final boolean withOcspCheck;
    private final OCSPResp ocspResponse;
    private final OcspRespCache ocspRespCache;
    private final int ocspTimeoutSeconds;
    private final boolean tolerateOcspFailure;

    @Generated
    /* loaded from: input_file:de/gematik/pki/gemlibpki/validators/OcspValidator$OcspValidatorBuilder.class */
    public static class OcspValidatorBuilder {

        @Generated
        private String productType;

        @Generated
        private List<TspService> tspServiceList;

        @Generated
        private boolean withOcspCheck;

        @Generated
        private OCSPResp ocspResponse;

        @Generated
        private OcspRespCache ocspRespCache;

        @Generated
        private int ocspTimeoutSeconds;

        @Generated
        private boolean tolerateOcspFailure;

        @Generated
        OcspValidatorBuilder() {
        }

        @Generated
        public OcspValidatorBuilder productType(@NonNull String str) {
            if (str == null) {
                throw new NullPointerException("productType is marked non-null but is null");
            }
            this.productType = str;
            return this;
        }

        @Generated
        public OcspValidatorBuilder tspServiceList(@NonNull List<TspService> list) {
            if (list == null) {
                throw new NullPointerException("tspServiceList is marked non-null but is null");
            }
            this.tspServiceList = list;
            return this;
        }

        @Generated
        public OcspValidatorBuilder withOcspCheck(boolean z) {
            this.withOcspCheck = z;
            return this;
        }

        @Generated
        public OcspValidatorBuilder ocspResponse(OCSPResp oCSPResp) {
            this.ocspResponse = oCSPResp;
            return this;
        }

        @Generated
        public OcspValidatorBuilder ocspRespCache(OcspRespCache ocspRespCache) {
            this.ocspRespCache = ocspRespCache;
            return this;
        }

        @Generated
        public OcspValidatorBuilder ocspTimeoutSeconds(int i) {
            this.ocspTimeoutSeconds = i;
            return this;
        }

        @Generated
        public OcspValidatorBuilder tolerateOcspFailure(boolean z) {
            this.tolerateOcspFailure = z;
            return this;
        }

        @Generated
        public OcspValidator build() {
            return new OcspValidator(this.productType, this.tspServiceList, this.withOcspCheck, this.ocspResponse, this.ocspRespCache, this.ocspTimeoutSeconds, this.tolerateOcspFailure);
        }

        @Generated
        public String toString() {
            return "OcspValidator.OcspValidatorBuilder(productType=" + this.productType + ", tspServiceList=" + this.tspServiceList + ", withOcspCheck=" + this.withOcspCheck + ", ocspResponse=" + this.ocspResponse + ", ocspRespCache=" + this.ocspRespCache + ", ocspTimeoutSeconds=" + this.ocspTimeoutSeconds + ", tolerateOcspFailure=" + this.tolerateOcspFailure + ")";
        }
    }

    @Override // de.gematik.pki.gemlibpki.validators.CertificateValidator
    public void validateCertificate(@NonNull X509Certificate x509Certificate, @NonNull ZonedDateTime zonedDateTime) throws GemPkiException {
        if (x509Certificate == null) {
            throw new NullPointerException("x509EeCert is marked non-null but is null");
        }
        if (zonedDateTime == null) {
            throw new NullPointerException("referenceDate is marked non-null but is null");
        }
        if (!this.withOcspCheck) {
            log.warn(ErrorCode.SW_1039_NO_OCSP_CHECK.getErrorMessage(this.productType));
            return;
        }
        TspServiceSubset issuerTspServiceSubset = new TspInformationProvider(this.tspServiceList, this.productType).getIssuerTspServiceSubset(x509Certificate);
        OcspTransceiver build = OcspTransceiver.builder().productType(this.productType).tspServiceList(this.tspServiceList).x509EeCert(x509Certificate).x509IssuerCert(issuerTspServiceSubset.getX509IssuerCert()).ssp(issuerTspServiceSubset.getServiceSupplyPoint()).ocspTimeoutSeconds(this.ocspTimeoutSeconds).tolerateOcspFailure(this.tolerateOcspFailure).build();
        if (this.ocspResponse != null) {
            try {
                build.getTucPki006Verifier(this.ocspResponse).performTucPki006Checks(zonedDateTime);
                return;
            } catch (GemPkiException e) {
                log.warn(ErrorCode.TW_1050_PROVIDED_OCSP_RESPONSE_NOT_VALID.getErrorMessage(this.productType));
            }
        }
        build.verifyOcspResponse(this.ocspRespCache, zonedDateTime);
    }

    @Generated
    public static OcspValidatorBuilder builder() {
        return new OcspValidatorBuilder();
    }

    @Generated
    private OcspValidator(@NonNull String str, @NonNull List<TspService> list, boolean z, OCSPResp oCSPResp, OcspRespCache ocspRespCache, int i, boolean z2) {
        if (str == null) {
            throw new NullPointerException("productType is marked non-null but is null");
        }
        if (list == null) {
            throw new NullPointerException("tspServiceList is marked non-null but is null");
        }
        this.productType = str;
        this.tspServiceList = list;
        this.withOcspCheck = z;
        this.ocspResponse = oCSPResp;
        this.ocspRespCache = ocspRespCache;
        this.ocspTimeoutSeconds = i;
        this.tolerateOcspFailure = z2;
    }
}
