package org.xipki.qa.ocsp;

import io.netty.buffer.ByteBuf;
import io.netty.buffer.Unpooled;
import io.netty.handler.codec.http.DefaultFullHttpRequest;
import io.netty.handler.codec.http.FullHttpRequest;
import io.netty.handler.codec.http.HttpMethod;
import io.netty.handler.codec.http.HttpVersion;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLEncoder;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.ConcurrentHashMap;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.ocsp.CertID;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.cert.ocsp.OCSPReqBuilder;
import org.xipki.ocsp.client.OcspRequestorException;
import org.xipki.ocsp.client.RequestOptions;
import org.xipki.qa.BenchmarkHttpClient;
import org.xipki.security.HashAlgo;
import org.xipki.security.ObjectIdentifiers;
import org.xipki.util.Args;
import org.xipki.util.Base64;
import org.xipki.util.StringUtil;

/* loaded from: input_file:org/xipki/qa/ocsp/OcspBenchRequestor.class */
class OcspBenchRequestor {
    public static final int MAX_LEN_GET = 190;
    private final Extension[] extnType = new Extension[0];
    private final SecureRandom random = new SecureRandom();
    private final ConcurrentHashMap<BigInteger, byte[]> requests = new ConcurrentHashMap<>();
    private AlgorithmIdentifier issuerhashAlg;
    private ASN1OctetString issuerNameHash;
    private ASN1OctetString issuerKeyHash;
    private Extension[] extensions;
    private RequestOptions requestOptions;
    private String responderRawPathPost;
    private String responderRawPathGet;
    private BenchmarkHttpClient httpClient;

    /* JADX WARN: Type inference failed for: r4v1, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r4v3, types: [byte[], byte[][]] */
    public void init(BenchmarkHttpClient.ResponseHandler responseHandler, String str, Certificate certificate, RequestOptions requestOptions, int i) throws OcspRequestorException, IOException, URISyntaxException {
        Args.notNull(certificate, "issuerCert");
        Args.notNull(responseHandler, "responseHandler");
        this.requestOptions = (RequestOptions) Args.notNull(requestOptions, "requestOptions");
        HashAlgo hashAlgo = HashAlgo.getInstance(requestOptions.getHashAlgorithmId());
        if (hashAlgo == null) {
            throw new OcspRequestorException("unknown HashAlgo " + requestOptions.getHashAlgorithmId().getId());
        }
        this.issuerhashAlg = hashAlgo.getAlgorithmIdentifier();
        this.issuerNameHash = new DEROctetString(hashAlgo.hash((byte[][]) new byte[]{certificate.getSubject().getEncoded()}));
        this.issuerKeyHash = new DEROctetString(hashAlgo.hash((byte[][]) new byte[]{certificate.getSubjectPublicKeyInfo().getPublicKeyData().getOctets()}));
        List preferredSignatureAlgorithms = requestOptions.getPreferredSignatureAlgorithms();
        if (preferredSignatureAlgorithms == null || preferredSignatureAlgorithms.size() == 0) {
            this.extensions = null;
        } else {
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            Iterator it = preferredSignatureAlgorithms.iterator();
            while (it.hasNext()) {
                aSN1EncodableVector.add(new DERSequence((AlgorithmIdentifier) it.next()));
            }
            try {
                this.extensions = new Extension[]{new Extension(ObjectIdentifiers.Extn.id_pkix_ocsp_prefSigAlgs, false, new DEROctetString(new DERSequence(aSN1EncodableVector)))};
            } catch (IOException e) {
                throw new OcspRequestorException(e.getMessage(), e);
            }
        }
        URI uri = new URI(str);
        this.responderRawPathPost = uri.getRawPath();
        if (this.responderRawPathPost.endsWith("/")) {
            this.responderRawPathGet = this.responderRawPathPost;
        } else {
            this.responderRawPathGet = this.responderRawPathPost + "/";
        }
        if (uri.getPort() == -1) {
            String scheme = uri.getScheme();
            if (!"http".equalsIgnoreCase(scheme) && !"https".equalsIgnoreCase(scheme)) {
                throw new OcspRequestorException("unknown scheme " + scheme);
            }
        }
        this.httpClient = new BenchmarkHttpClient(uri.getHost(), uri.getPort(), null, responseHandler, i);
        this.httpClient.start();
    }

    public void shutdown() throws Exception {
        this.httpClient.shutdown();
    }

    public void ask(BigInteger[] bigIntegerArr) throws OcspRequestorException, BenchmarkHttpClient.HttpClientException {
        FullHttpRequest defaultFullHttpRequest;
        byte[] buildRequest = buildRequest(bigIntegerArr);
        if (buildRequest.length > 190 || !this.requestOptions.isUseHttpGetForRequest()) {
            ByteBuf wrappedBuffer = Unpooled.wrappedBuffer(buildRequest);
            defaultFullHttpRequest = new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.POST, this.responderRawPathPost, wrappedBuffer);
            defaultFullHttpRequest.headers().addInt("Content-Length", wrappedBuffer.readableBytes());
        } else {
            try {
                defaultFullHttpRequest = new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.GET, StringUtil.concat(this.responderRawPathGet, new String[]{URLEncoder.encode(Base64.encodeToString(buildRequest), "UTF-8")}));
            } catch (UnsupportedEncodingException e) {
                throw new OcspRequestorException(e.getMessage());
            }
        }
        defaultFullHttpRequest.headers().add("Content-Type", "application/ocsp-request");
        this.httpClient.send(defaultFullHttpRequest);
    }

    private byte[] buildRequest(BigInteger[] bigIntegerArr) throws OcspRequestorException {
        byte[] bArr;
        boolean z = bigIntegerArr.length == 1 && !this.requestOptions.isUseNonce();
        if (z && (bArr = this.requests.get(bigIntegerArr[0])) != null) {
            return bArr;
        }
        OCSPReqBuilder oCSPReqBuilder = new OCSPReqBuilder();
        if (this.requestOptions.isUseNonce() || this.extensions != null) {
            ArrayList arrayList = new ArrayList(2);
            if (this.requestOptions.isUseNonce()) {
                arrayList.add(new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(nextNonce(this.requestOptions.getNonceLen()))));
            }
            if (this.extensions != null) {
                for (Extension extension : this.extensions) {
                    arrayList.add(extension);
                }
            }
            oCSPReqBuilder.setRequestExtensions(new Extensions((Extension[]) arrayList.toArray(this.extnType)));
        }
        try {
            for (BigInteger bigInteger : bigIntegerArr) {
                oCSPReqBuilder.addRequest(new CertificateID(new CertID(this.issuerhashAlg, this.issuerNameHash, this.issuerKeyHash, new ASN1Integer(bigInteger))));
            }
            byte[] encoded = oCSPReqBuilder.build().getEncoded();
            if (z) {
                this.requests.put(bigIntegerArr[0], encoded);
            }
            return encoded;
        } catch (OCSPException | IOException e) {
            throw new OcspRequestorException(e.getMessage(), e);
        }
    }

    private byte[] nextNonce(int i) {
        byte[] bArr = new byte[i];
        this.random.nextBytes(bArr);
        return bArr;
    }
}
