package eu.emi.security.authn.x509.helpers.ocsp;

import eu.emi.security.authn.x509.X509Credential;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.net.URL;
import java.nio.charset.Charset;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Hashtable;
import java.util.Map;
import org.bouncycastle.ocsp.OCSPException;
import org.bouncycastle.ocsp.OCSPReq;
import org.bouncycastle.ocsp.OCSPResp;
import org.bouncycastle.ocsp.SingleResp;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:eu/emi/security/authn/x509/helpers/ocsp/OCSPCachingClient.class */
public class OCSPCachingClient {
    private static final Charset ASCII = Charset.forName("US-ASCII");
    private final long maxTtl;
    private final File diskPath;
    private final String prefix;
    private Map<String, CacheEntry> cache;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:eu/emi/security/authn/x509/helpers/ocsp/OCSPCachingClient$CacheEntry.class */
    public static class CacheEntry {
        private Date cacheDate;
        private Date maxValidity;
        private SingleResp response;

        public CacheEntry(Date date, Date date2, SingleResp singleResp) {
            this.cacheDate = date;
            this.response = singleResp;
            this.maxValidity = date2;
        }
    }

    public OCSPCachingClient(long j, File file, String str) {
        this.maxTtl = j;
        this.diskPath = file;
        this.prefix = str == null ? "" : str;
        this.cache = new Hashtable(20);
    }

    public OCSPResult queryForCertificate(URL url, X509Certificate x509Certificate, X509Certificate x509Certificate2, X509Credential x509Credential, boolean z, int i) throws IOException, OCSPException {
        return queryForCertificate(url, x509Certificate, x509Certificate2, x509Credential, z, i, new OCSPClientImpl());
    }

    public OCSPResult queryForCertificate(URL url, X509Certificate x509Certificate, X509Certificate x509Certificate2, X509Credential x509Credential, boolean z, int i, OCSPClientImpl oCSPClientImpl) throws IOException, OCSPException {
        if (this.maxTtl < 0) {
            return oCSPClientImpl.queryForCertificate(url, x509Certificate, x509Certificate2, x509Credential, z, i);
        }
        String createKey = createKey(x509Certificate, x509Certificate2);
        SingleResp cachedResp = getCachedResp(createKey, oCSPClientImpl, x509Certificate, x509Certificate2);
        if (cachedResp != null) {
            return new OCSPResult(cachedResp);
        }
        OCSPReq createRequest = oCSPClientImpl.createRequest(x509Certificate, x509Certificate2, x509Credential, z);
        OCSPResponseStructure send = oCSPClientImpl.send(url, createRequest, i);
        SingleResp verifyResponse = oCSPClientImpl.verifyResponse(send.getResponse(), x509Certificate, x509Certificate2, OCSPClientImpl.extractNonce(createRequest));
        addToCache(createKey, send, verifyResponse);
        return new OCSPResult(verifyResponse);
    }

    private String createKey(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws OCSPException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            PublicKey publicKey = x509Certificate2.getPublicKey();
            messageDigest.update(x509Certificate2.getSubjectX500Principal().getEncoded());
            messageDigest.update(publicKey.getEncoded());
            messageDigest.update(x509Certificate.getSerialNumber().toByteArray());
            return new String(Base64.encode(messageDigest.digest()), ASCII).replace('/', '_');
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("JDK problem: SHA-1 hash not supported by any provider!", e);
        }
    }

    private SingleResp getCachedResp(String str, OCSPClientImpl oCSPClientImpl, X509Certificate x509Certificate, X509Certificate x509Certificate2) throws IOException, OCSPException {
        CacheEntry cacheEntry = this.cache.get(str);
        if (cacheEntry == null && this.diskPath != null) {
            File file = new File(this.diskPath, this.prefix + str);
            if (file.exists()) {
                cacheEntry = loadFromDisk(file, oCSPClientImpl, x509Certificate, x509Certificate2);
            }
        }
        if (cacheEntry == null) {
            return null;
        }
        Date nextUpdate = cacheEntry.response.getNextUpdate();
        Date date = new Date(cacheEntry.cacheDate.getTime() + this.maxTtl);
        if (nextUpdate != null && date.after(nextUpdate)) {
            date = nextUpdate;
        }
        if (date.after(cacheEntry.maxValidity)) {
            date = cacheEntry.maxValidity;
        }
        if (!new Date().after(date)) {
            return cacheEntry.response;
        }
        this.cache.remove(str);
        if (this.diskPath == null) {
            return null;
        }
        new File(this.diskPath, this.prefix + str).delete();
        return null;
    }

    private void addToCache(String str, OCSPResponseStructure oCSPResponseStructure, SingleResp singleResp) throws IOException {
        if (oCSPResponseStructure.getMaxCache() == null) {
            oCSPResponseStructure.setMaxCache(singleResp.getNextUpdate());
        }
        this.cache.put(str, new CacheEntry(new Date(), oCSPResponseStructure.getMaxCache(), singleResp));
        if (this.diskPath != null) {
            storeToDisk(new File(this.diskPath, this.prefix + str), oCSPResponseStructure);
        }
    }

    public void clearMemoryCache() {
        this.cache.clear();
    }

    private void storeToDisk(File file, OCSPResponseStructure oCSPResponseStructure) throws IOException {
        if (file.exists()) {
            file.delete();
        }
        Date maxCache = oCSPResponseStructure.getMaxCache();
        ObjectOutputStream objectOutputStream = new ObjectOutputStream(new FileOutputStream(file));
        try {
            objectOutputStream.writeObject(maxCache);
            objectOutputStream.writeObject(oCSPResponseStructure.getResponse().getEncoded());
            objectOutputStream.close();
        } catch (Throwable th) {
            objectOutputStream.close();
            throw th;
        }
    }

    private CacheEntry loadFromDisk(File file, OCSPClientImpl oCSPClientImpl, X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        ObjectInputStream objectInputStream = null;
        try {
            try {
                objectInputStream = new ObjectInputStream(new FileInputStream(file));
                CacheEntry cacheEntry = new CacheEntry(new Date(file.lastModified()), (Date) objectInputStream.readObject(), oCSPClientImpl.verifyResponse(new OCSPResp((byte[]) objectInputStream.readObject()), x509Certificate, x509Certificate2, null));
                if (objectInputStream != null) {
                    try {
                        objectInputStream.close();
                    } catch (IOException e) {
                    }
                }
                return cacheEntry;
            } catch (Exception e2) {
                file.delete();
                if (objectInputStream != null) {
                    try {
                        objectInputStream.close();
                    } catch (IOException e3) {
                    }
                }
                return null;
            }
        } catch (Throwable th) {
            if (objectInputStream != null) {
                try {
                    objectInputStream.close();
                } catch (IOException e4) {
                }
            }
            throw th;
        }
    }
}
