package org.keycloak.testsuite.x509;

import com.google.common.collect.ImmutableMap;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.util.Headers;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.Date;
import java.util.Map;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cert.ocsp.CertificateStatus;
import org.bouncycastle.cert.ocsp.OCSPReq;
import org.bouncycastle.cert.ocsp.OCSPRespBuilder;
import org.bouncycastle.cert.ocsp.Req;
import org.bouncycastle.cert.ocsp.RespID;
import org.bouncycastle.cert.ocsp.RevokedStatus;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;

/* loaded from: input_file:org/keycloak/testsuite/x509/OcspHandler.class */
final class OcspHandler implements HttpHandler {
    public static final String OCSP_RESPONDER_CERT_PATH = "/client-auth-test/intermediate-ca.crt";
    public static final String OCSP_RESPONDER_KEYPAIR_PATH = "/client-auth-test/intermediate-ca.key";
    public static final String OCSP_RESPONDER_CERT_PATH_SPECIFIC = "/client-auth-test/intermediate-ca-2.crt";
    public static final String OCSP_RESPONDER_KEYPAIR_PATH_SPECIFIC = "/client-auth-test/intermediate-ca-2.key";
    private static final Map<BigInteger, CertificateStatus> REVOKED_CERTIFICATES_STATUS = ImmutableMap.of(BigInteger.valueOf(4105), new RevokedStatus(new Date(1472169600000L), 0));
    private final SubjectPublicKeyInfo subjectPublicKeyInfo;
    private final X509CertificateHolder[] chain;
    private final AsymmetricKeyParameter privateKey;

    public OcspHandler(String str, String str2) throws OperatorCreationException, GeneralSecurityException, IOException {
        Certificate generateCertificate = CertificateFactory.getInstance("X509").generateCertificate(X509OCSPResponderTest.class.getResourceAsStream(str));
        this.chain = new X509CertificateHolder[]{new X509CertificateHolder(generateCertificate.getEncoded())};
        this.subjectPublicKeyInfo = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(PublicKeyFactory.createKey(generateCertificate.getPublicKey().getEncoded()));
        PEMParser pEMParser = new PEMParser(new InputStreamReader(X509OCSPResponderTest.class.getResourceAsStream(str2)));
        Throwable th = null;
        try {
            this.privateKey = PrivateKeyFactory.createKey(((PEMKeyPair) pEMParser.readObject()).getPrivateKeyInfo());
            if (pEMParser != null) {
                if (0 == 0) {
                    pEMParser.close();
                    return;
                }
                try {
                    pEMParser.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (pEMParser != null) {
                if (0 != 0) {
                    try {
                        pEMParser.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    pEMParser.close();
                }
            }
            throw th3;
        }
    }

    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        if (httpServerExchange.isInIoThread()) {
            httpServerExchange.dispatch(this);
            return;
        }
        byte[] bArr = new byte[16384];
        InputStream inputStream = httpServerExchange.getInputStream();
        Throwable th = null;
        try {
            try {
                inputStream.read(bArr);
                if (inputStream != null) {
                    if (0 != 0) {
                        try {
                            inputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        inputStream.close();
                    }
                }
                OCSPReq oCSPReq = new OCSPReq(bArr);
                Req[] requestList = oCSPReq.getRequestList();
                Extension extension = oCSPReq.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
                BasicOCSPRespBuilder basicOCSPRespBuilder = new BasicOCSPRespBuilder(this.subjectPublicKeyInfo, new JcaDigestCalculatorProviderBuilder().build().get(AlgorithmIdentifier.getInstance(RespID.HASH_SHA1)));
                if (extension != null) {
                    basicOCSPRespBuilder.setResponseExtensions(new Extensions(extension));
                }
                for (Req req : requestList) {
                    CertificateID certID = req.getCertID();
                    basicOCSPRespBuilder.addResponse(certID, REVOKED_CERTIFICATES_STATUS.get(certID.getSerialNumber()));
                }
                byte[] encoded = new OCSPRespBuilder().build(0, basicOCSPRespBuilder.build(new BcRSAContentSignerBuilder(new AlgorithmIdentifier(PKCSObjectIdentifiers.sha256WithRSAEncryption), new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256)).build(this.privateKey), this.chain, new Date())).getEncoded();
                httpServerExchange.getResponseHeaders().put(Headers.CONTENT_TYPE, "application/ocsp-response");
                httpServerExchange.getResponseSender().send(ByteBuffer.wrap(encoded));
                httpServerExchange.endExchange();
            } finally {
            }
        } catch (Throwable th3) {
            if (inputStream != null) {
                if (th != null) {
                    try {
                        inputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    inputStream.close();
                }
            }
            throw th3;
        }
    }
}
