package org.jruby.ext.openssl;

import com.fasterxml.jackson.databind.annotation.JsonPOJOBuilder;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateParsingException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.asn1.ASN1GeneralizedTime;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
import org.bouncycastle.asn1.ocsp.CertStatus;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.ocsp.ResponderID;
import org.bouncycastle.asn1.ocsp.RevokedInfo;
import org.bouncycastle.asn1.ocsp.SingleResponse;
import org.bouncycastle.asn1.x509.CRLReason;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cert.ocsp.RespID;
import org.bouncycastle.cert.ocsp.SingleResp;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.jruby.Ruby;
import org.jruby.RubyArray;
import org.jruby.RubyBoolean;
import org.jruby.RubyClass;
import org.jruby.RubyFixnum;
import org.jruby.RubyInteger;
import org.jruby.RubyModule;
import org.jruby.RubyObject;
import org.jruby.RubyString;
import org.jruby.RubyTime;
import org.jruby.anno.JRubyMethod;
import org.jruby.ext.openssl.impl.ASN1Registry;
import org.jruby.runtime.Arity;
import org.jruby.runtime.ObjectAllocator;
import org.jruby.runtime.ThreadContext;
import org.jruby.runtime.Visibility;
import org.jruby.runtime.builtin.IRubyObject;

/* loaded from: input_file:META-INF/jruby.home/lib/ruby/stdlib/jopenssl.jar:org/jruby/ext/openssl/OCSPBasicResponse.class */
public class OCSPBasicResponse extends RubyObject {
    private static final long serialVersionUID = 8755480816625884227L;
    private static final String OCSP_NOCERTS = "NOCERTS";
    private static final String OCSP_NOCHAIN = "NOCHAIN";
    private static final String OCSP_NOCHECKS = "NOCHECKS";
    private static final String OCSP_NOTIME = "NOTIME";
    private static final String OCSP_NOSIGS = "NOSIGS";
    private static final String OCSP_NOVERIFY = "NOVERIFY";
    private static final String OCSP_NOINTERN = "NOINTERN";
    private static final String OCSP_RESPID_KEY = "RESPID_KEY";
    private static final String OCSP_TRUSTOTHER = "TRUSTOTHER";
    private static ObjectAllocator BASICRESPONSE_ALLOCATOR = new ObjectAllocator() { // from class: org.jruby.ext.openssl.OCSPBasicResponse.1
        @Override // org.jruby.runtime.ObjectAllocator
        public IRubyObject allocate(Ruby ruby, RubyClass rubyClass) {
            return new OCSPBasicResponse(ruby, rubyClass);
        }
    };
    private byte[] nonce;
    private List<OCSPSingleResponse> singleResponses;
    private BasicOCSPResponse asn1BCBasicOCSPResp;
    private List<Extension> extensions;

    public static void createBasicResponse(Ruby ruby, RubyModule rubyModule) {
        rubyModule.defineClassUnder("BasicResponse", ruby.getObject(), BASICRESPONSE_ALLOCATOR).defineAnnotatedMethods(OCSPBasicResponse.class);
    }

    public OCSPBasicResponse(Ruby ruby, RubyClass rubyClass) {
        super(ruby, rubyClass);
        this.singleResponses = new ArrayList();
        this.extensions = new ArrayList();
    }

    public OCSPBasicResponse(Ruby ruby) {
        this(ruby, (RubyClass) OCSP._OCSP(ruby).getConstantAt("BasicResponse"));
    }

    @JRubyMethod(name = {"initialize"}, visibility = Visibility.PRIVATE)
    public IRubyObject initialize(ThreadContext threadContext, IRubyObject iRubyObject) {
        if (iRubyObject == null || iRubyObject.isNil()) {
            return this;
        }
        this.asn1BCBasicOCSPResp = BasicOCSPResponse.getInstance(StringHelper.readPossibleDERInput(threadContext, iRubyObject).getBytes());
        return this;
    }

    @Override // org.jruby.RubyBasicObject
    @JRubyMethod(name = {"initialize"}, visibility = Visibility.PRIVATE)
    public IRubyObject initialize(ThreadContext threadContext) {
        return this;
    }

    @Override // org.jruby.RubyBasicObject
    @JRubyMethod(name = {"initialize_copy"}, visibility = Visibility.PRIVATE)
    public IRubyObject initialize_copy(IRubyObject iRubyObject) {
        if (this == iRubyObject) {
            return this;
        }
        checkFrozen();
        this.asn1BCBasicOCSPResp = ((OCSPBasicResponse) iRubyObject).getASN1BCOCSPResp();
        return this;
    }

    @JRubyMethod(name = {"add_nonce"}, rest = true)
    public OCSPBasicResponse add_nonce(IRubyObject[] iRubyObjectArr) {
        Ruby runtime = getRuntime();
        byte[] generateNonce = Arity.checkArgumentCount(runtime, iRubyObjectArr, 0, 1) == 0 ? OCSP.generateNonce(runtime) : ((RubyString) iRubyObjectArr[0]).getBytes();
        this.extensions.add(new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, generateNonce));
        this.nonce = generateNonce;
        return this;
    }

    @JRubyMethod(name = {"add_status"}, rest = true)
    public OCSPBasicResponse add_status(ThreadContext threadContext, IRubyObject[] iRubyObjectArr) {
        Ruby runtime = threadContext.getRuntime();
        Arity.checkArgumentCount(runtime, iRubyObjectArr, 7, 7);
        IRubyObject iRubyObject = iRubyObjectArr[0];
        IRubyObject iRubyObject2 = iRubyObjectArr[1];
        IRubyObject iRubyObject3 = iRubyObjectArr[2];
        IRubyObject iRubyObject4 = iRubyObjectArr[3];
        IRubyObject iRubyObject5 = iRubyObjectArr[4];
        IRubyObject iRubyObject6 = iRubyObjectArr[5];
        IRubyObject iRubyObject7 = iRubyObjectArr[6];
        CertStatus certStatus = null;
        switch (RubyFixnum.fix2int((RubyFixnum) iRubyObject2)) {
            case 0:
                certStatus = new CertStatus();
                break;
            case 1:
                certStatus = new CertStatus(new RevokedInfo(rubyIntOrTimeToGenTime(iRubyObject4), CRLReason.lookup(RubyFixnum.fix2int((RubyFixnum) iRubyObject3))));
                break;
            case 2:
                certStatus = new CertStatus(2, DERNull.INSTANCE);
                break;
        }
        SingleResponse singleResponse = new SingleResponse(((OCSPCertificateId) iRubyObject).getCertID(), certStatus, rubyIntOrTimeToGenTime(iRubyObject5), rubyIntOrTimeToGenTime(iRubyObject6), convertRubyExtensions(iRubyObject7));
        OCSPSingleResponse oCSPSingleResponse = new OCSPSingleResponse(runtime);
        try {
            oCSPSingleResponse.initialize(threadContext, RubyString.newString(runtime, singleResponse.getEncoded()));
            this.singleResponses.add(oCSPSingleResponse);
            return this;
        } catch (IOException e) {
            throw OCSP.newOCSPError(runtime, e);
        }
    }

    @JRubyMethod(name = {"copy_nonce"})
    public IRubyObject copy_nonce(ThreadContext threadContext, IRubyObject iRubyObject) {
        add_nonce(new IRubyObject[]{RubyString.newString(getRuntime(), ((OCSPRequest) iRubyObject).getNonce())});
        return RubyFixnum.one(threadContext.getRuntime());
    }

    @JRubyMethod(name = {"find_response"})
    public IRubyObject find_response(ThreadContext threadContext, IRubyObject iRubyObject) {
        if (iRubyObject.isNil()) {
            return threadContext.nil;
        }
        OCSPCertificateId oCSPCertificateId = (OCSPCertificateId) iRubyObject;
        IRubyObject iRubyObject2 = threadContext.nil;
        Iterator<OCSPSingleResponse> it = this.singleResponses.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            OCSPSingleResponse next = it.next();
            if (oCSPCertificateId.getCertID().equals(next.getBCSingleResp().getCertID())) {
                iRubyObject2 = next;
                break;
            }
        }
        return iRubyObject2;
    }

    @JRubyMethod(name = {"responses"})
    public IRubyObject responses() {
        return RubyArray.newArray(getRuntime(), (Collection<? extends IRubyObject>) this.singleResponses);
    }

    @JRubyMethod(name = {"sign"}, rest = true)
    public IRubyObject sign(ThreadContext threadContext, IRubyObject[] iRubyObjectArr) {
        Ruby runtime = threadContext.getRuntime();
        IRubyObject iRubyObject = threadContext.nil;
        IRubyObject iRubyObject2 = threadContext.nil;
        IRubyObject iRubyObject3 = threadContext.nil;
        Digest digest = new Digest(runtime, Digest._Digest(runtime));
        ArrayList arrayList = new ArrayList();
        switch (Arity.checkArgumentCount(runtime, iRubyObjectArr, 2, 5)) {
            case 3:
                iRubyObject = iRubyObjectArr[2];
                break;
            case 4:
                iRubyObject = iRubyObjectArr[2];
                iRubyObject2 = iRubyObjectArr[3];
                break;
            case 5:
                iRubyObject = iRubyObjectArr[2];
                iRubyObject2 = iRubyObjectArr[3];
                iRubyObject3 = iRubyObjectArr[4];
                break;
        }
        if (iRubyObject3.isNil()) {
            iRubyObject3 = digest.initialize(threadContext, RubyString.newString(runtime, "SHA1"));
        }
        int fix2int = iRubyObject2.isNil() ? 0 : RubyFixnum.fix2int(iRubyObject2);
        if (iRubyObject.isNil()) {
            fix2int |= RubyFixnum.fix2int((RubyFixnum) OCSP._OCSP(runtime).getConstant(OCSP_NOCERTS));
        }
        X509Cert x509Cert = (X509Cert) iRubyObjectArr[0];
        PKey pKey = (PKey) iRubyObjectArr[1];
        try {
            ContentSigner build = OCSP.newJcaContentSignerBuilder(((Digest) iRubyObject3).getShortAlgorithm() + JsonPOJOBuilder.DEFAULT_WITH_PREFIX + pKey.getAlgorithm()).build(pKey.getPrivateKey());
            try {
                BasicOCSPRespBuilder basicOCSPRespBuilder = (fix2int & RubyFixnum.fix2int((RubyFixnum) OCSP._OCSP(runtime).getConstant(OCSP_RESPID_KEY))) != 0 ? new BasicOCSPRespBuilder(SubjectPublicKeyInfo.getInstance(pKey.getPublicKey().getEncoded()), OCSP.newJcaDigestCalculatorProviderBuilder().build().get(build.getAlgorithmIdentifier())) : new BasicOCSPRespBuilder(new RespID(x509Cert.getSubject().getX500Name()));
                X509CertificateHolder[] x509CertificateHolderArr = null;
                try {
                    if ((fix2int & RubyFixnum.fix2int((RubyFixnum) OCSP._OCSP(runtime).getConstant(OCSP_NOCERTS))) == 0) {
                        arrayList.add(new X509CertificateHolder(x509Cert.getAuxCert().getEncoded()));
                        if (!iRubyObject.isNil()) {
                            Iterator it = ((RubyArray) iRubyObject).iterator();
                            while (it.hasNext()) {
                                arrayList.add(new X509CertificateHolder(((Certificate) it.next()).getEncoded()));
                            }
                        }
                        x509CertificateHolderArr = (X509CertificateHolder[]) arrayList.toArray(new X509CertificateHolder[arrayList.size()]);
                    }
                    Date date = (fix2int & RubyFixnum.fix2int((RubyFixnum) OCSP._OCSP(runtime).getConstant(OCSP_NOTIME))) == 0 ? new Date() : null;
                    for (OCSPSingleResponse oCSPSingleResponse : this.singleResponses) {
                        SingleResp singleResp = new SingleResp(oCSPSingleResponse.getBCSingleResp());
                        basicOCSPRespBuilder.addResponse(singleResp.getCertID(), singleResp.getCertStatus(), singleResp.getThisUpdate(), singleResp.getNextUpdate(), oCSPSingleResponse.getBCSingleResp().getSingleExtensions());
                    }
                    try {
                        this.asn1BCBasicOCSPResp = BasicOCSPResponse.getInstance(basicOCSPRespBuilder.setResponseExtensions(new Extensions((Extension[]) this.extensions.toArray(new Extension[this.extensions.size()]))).build(build, x509CertificateHolderArr, date).getEncoded());
                        return this;
                    } catch (Exception e) {
                        throw OCSP.newOCSPError(runtime, e);
                    }
                } catch (Exception e2) {
                    throw OCSP.newOCSPError(runtime, e2);
                }
            } catch (Exception e3) {
                throw OCSP.newOCSPError(runtime, e3);
            }
        } catch (OperatorCreationException e4) {
            throw OCSP.newOCSPError(runtime, e4);
        }
    }

    @JRubyMethod(name = {"verify"}, rest = true)
    public IRubyObject verify(ThreadContext threadContext, IRubyObject[] iRubyObjectArr) {
        List<X509Cert> certsFromResp;
        Ruby ruby = threadContext.runtime;
        int i = 0;
        IRubyObject iRubyObject = iRubyObjectArr[0];
        IRubyObject iRubyObject2 = iRubyObjectArr[1];
        boolean z = false;
        if (Arity.checkArgumentCount(ruby, iRubyObjectArr, 2, 3) == 3) {
            i = RubyFixnum.fix2int(iRubyObjectArr[2]);
        }
        JcaContentVerifierProviderBuilder newJcaContentVerifierProviderBuilder = OCSP.newJcaContentVerifierProviderBuilder();
        BasicOCSPResp basicOCSPResp = getBasicOCSPResp();
        Certificate findSignerCert = findSignerCert(threadContext, this.asn1BCBasicOCSPResp, convertRubyCerts(iRubyObject), i);
        if (findSignerCert == null) {
            return RubyBoolean.newBoolean(ruby, false);
        }
        if ((i & RubyFixnum.fix2int((RubyFixnum) OCSP._OCSP(ruby).getConstant(OCSP_NOINTERN))) == 0 && (i & RubyFixnum.fix2int((RubyFixnum) OCSP._OCSP(ruby).getConstant(OCSP_TRUSTOTHER))) != 0) {
            i |= RubyFixnum.fix2int((RubyFixnum) OCSP._OCSP(ruby).getConstant(OCSP_NOVERIFY));
        }
        if ((i & RubyFixnum.fix2int((RubyFixnum) OCSP._OCSP(ruby).getConstant(OCSP_NOSIGS))) == 0) {
            PublicKey publicKey = findSignerCert.getPublicKey();
            if (publicKey == null) {
                return RubyBoolean.newBoolean(ruby, false);
            }
            try {
                z = basicOCSPResp.isSignatureValid(newJcaContentVerifierProviderBuilder.build(publicKey));
            } catch (Exception e) {
                throw OCSP.newOCSPError(ruby, e);
            }
        }
        if ((i & RubyFixnum.fix2int((RubyFixnum) OCSP._OCSP(ruby).getConstant(OCSP_NOVERIFY))) == 0) {
            if ((i & RubyFixnum.fix2int((RubyFixnum) OCSP._OCSP(ruby).getConstant(OCSP_NOCHAIN))) != 0) {
                certsFromResp = Collections.EMPTY_LIST;
            } else if (basicOCSPResp.getCerts() == null || iRubyObject == null || ((RubyArray) iRubyObject).isEmpty()) {
                certsFromResp = getCertsFromResp(threadContext);
            } else {
                certsFromResp = getCertsFromResp(threadContext);
                Iterator it = ((RubyArray) iRubyObject).iterator();
                while (it.hasNext()) {
                    try {
                        certsFromResp.add(X509Cert.wrap(threadContext, ((Certificate) it.next()).getEncoded()));
                    } catch (CertificateEncodingException e2) {
                        throw OCSP.newOCSPError(ruby, e2);
                    }
                }
            }
            try {
                X509StoreContext newStoreContext = X509StoreContext.newStoreContext(threadContext, (X509Store) iRubyObject2, X509Cert.wrap(ruby, findSignerCert), RubyArray.newArray(ruby, (Collection<? extends IRubyObject>) certsFromResp));
                newStoreContext.set_purpose(threadContext, X509._X509(ruby).getConstant("PURPOSE_OCSP_HELPER"));
                boolean isTrue = newStoreContext.verify(threadContext).isTrue();
                IRubyObject chain = newStoreContext.chain(threadContext);
                if ((i & RubyFixnum.fix2int((RubyFixnum) OCSP._OCSP(ruby).getConstant(OCSP_NOCHECKS))) > 0) {
                    isTrue = true;
                }
                try {
                    if (checkIssuer(getBasicOCSPResp(), chain)) {
                        return RubyBoolean.newBoolean(ruby, true);
                    }
                    if ((i & RubyFixnum.fix2int((RubyFixnum) OCSP._OCSP(ruby).getConstant(OCSP_NOCHAIN))) != 0) {
                        return RubyBoolean.newBoolean(ruby, isTrue);
                    }
                    X509Cert x509Cert = (X509Cert) ((RubyArray) chain).last();
                    try {
                        x509Cert.getAuxCert().verify(x509Cert.getAuxCert().getPublicKey());
                        z = true;
                    } catch (Exception e3) {
                        z = false;
                    }
                } catch (IOException e4) {
                    throw OCSP.newOCSPError(ruby, e4);
                }
            } catch (CertificateEncodingException e5) {
                throw OCSP.newOCSPError(ruby, e5);
            }
        }
        return RubyBoolean.newBoolean(ruby, z);
    }

    @JRubyMethod(name = {"status"})
    public IRubyObject status(ThreadContext threadContext) {
        Ruby ruby = threadContext.runtime;
        RubyArray newArray = RubyArray.newArray(ruby, this.singleResponses.size());
        for (OCSPSingleResponse oCSPSingleResponse : this.singleResponses) {
            RubyArray newArray2 = RubyArray.newArray(ruby, 7);
            newArray2.append(oCSPSingleResponse.certid(threadContext));
            newArray2.append(oCSPSingleResponse.cert_status());
            newArray2.append(oCSPSingleResponse.revocation_reason());
            newArray2.append(oCSPSingleResponse.revocation_time());
            newArray2.append(oCSPSingleResponse.this_update());
            newArray2.append(oCSPSingleResponse.next_update());
            newArray2.append(oCSPSingleResponse.extensions());
            newArray.add(newArray2);
        }
        return newArray;
    }

    @JRubyMethod(name = {"to_der"})
    public IRubyObject to_der() {
        Ruby runtime = getRuntime();
        try {
            return RubyString.newString(runtime, this.asn1BCBasicOCSPResp.getEncoded());
        } catch (IOException e) {
            throw OCSP.newOCSPError(runtime, e);
        }
    }

    private boolean checkIssuer(BasicOCSPResp basicOCSPResp, IRubyObject iRubyObject) throws IOException {
        boolean z = false;
        if (((RubyArray) iRubyObject).size() <= 0) {
            return false;
        }
        List<SingleResp> asList = Arrays.asList(basicOCSPResp.getResponses());
        CertificateID checkCertIds = checkCertIds(asList);
        X509Cert x509Cert = (X509Cert) ((RubyArray) iRubyObject).first();
        if (((RubyArray) iRubyObject).size() > 1) {
            X509Cert x509Cert2 = (X509Cert) ((RubyArray) iRubyObject).entry(1);
            if (matchIssuerId(x509Cert2, checkCertIds, asList)) {
                return checkDelegated(x509Cert2);
            }
        } else {
            z = matchIssuerId(x509Cert, checkCertIds, asList);
        }
        return z;
    }

    private boolean checkDelegated(X509Cert x509Cert) {
        try {
            if ((x509Cert.getAuxCert().getExFlags() & 4) != 0) {
                if (x509Cert.getAuxCert().getExtendedKeyUsage().contains(ASN1Registry.OBJ_OCSP_sign)) {
                    return true;
                }
            }
            return false;
        } catch (IOException e) {
            throw OCSP.newOCSPError(getRuntime(), e);
        } catch (CertificateParsingException e2) {
            throw OCSP.newOCSPError(getRuntime(), e2);
        }
    }

    private boolean matchIssuerId(X509Cert x509Cert, CertificateID certificateID, List<SingleResp> list) throws IOException {
        Ruby runtime = getRuntime();
        if (certificateID != null) {
            MessageDigest digest = Digest.getDigest(runtime, ASN1.oid2Sym(runtime, certificateID.getHashAlgOID()));
            return digest.digest(x509Cert.getIssuer().getX500Name().getEncoded()).equals(certificateID.getIssuerNameHash()) && digest.digest(x509Cert.getAuxCert().getPublicKey().getEncoded()).equals(certificateID.getIssuerKeyHash());
        }
        Iterator<SingleResp> it = list.iterator();
        while (it.hasNext()) {
            if (!matchIssuerId(x509Cert, it.next().getCertID(), null)) {
                return false;
            }
        }
        return true;
    }

    private CertificateID checkCertIds(List<SingleResp> list) {
        ArrayList arrayList = new ArrayList(list);
        CertificateID certID = ((SingleResp) arrayList.remove(0)).getCertID();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            if (!certID.equals(((SingleResp) it.next()).getCertID())) {
                return null;
            }
        }
        return certID;
    }

    public BasicOCSPResponse getASN1BCOCSPResp() {
        return this.asn1BCBasicOCSPResp;
    }

    public byte[] getNonce() {
        return this.nonce;
    }

    private ASN1GeneralizedTime rubyIntOrTimeToGenTime(IRubyObject iRubyObject) {
        Date javaDate;
        if (iRubyObject.isNil()) {
            return null;
        }
        if (iRubyObject instanceof RubyInteger) {
            javaDate = new Date(System.currentTimeMillis() + (RubyFixnum.fix2int(iRubyObject) * 1000));
        } else {
            if (!(iRubyObject instanceof RubyTime)) {
                throw getRuntime().newArgumentError("Unknown Revocation Time class: " + iRubyObject.getMetaClass());
            }
            javaDate = ((RubyTime) iRubyObject).getJavaDate();
        }
        return new ASN1GeneralizedTime(javaDate);
    }

    private Extensions convertRubyExtensions(IRubyObject iRubyObject) {
        if (iRubyObject.isNil()) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        Iterator it = ((RubyArray) iRubyObject).iterator();
        while (it.hasNext()) {
            arrayList.add(Extension.getInstance(((RubyString) ((X509Extension) it.next()).to_der()).getBytes()));
        }
        Extension[] extensionArr = new Extension[arrayList.size()];
        arrayList.toArray(extensionArr);
        return new Extensions(extensionArr);
    }

    private List<Certificate> convertRubyCerts(IRubyObject iRubyObject) {
        Iterator it = ((RubyArray) iRubyObject).iterator();
        ArrayList arrayList = new ArrayList();
        while (it.hasNext()) {
            arrayList.add(it.next());
        }
        return arrayList;
    }

    private Certificate findSignerCert(ThreadContext threadContext, BasicOCSPResponse basicOCSPResponse, List<Certificate> list, int i) {
        Ruby ruby = threadContext.runtime;
        ResponderID responderID = basicOCSPResponse.getTbsResponseData().getResponderID();
        Certificate findSignerByRespId = findSignerByRespId(threadContext, list, responderID);
        if (findSignerByRespId == null && (i & RubyFixnum.fix2int((RubyFixnum) OCSP._OCSP(ruby).getConstant(OCSP_NOINTERN))) == 0) {
            ArrayList arrayList = new ArrayList();
            for (X509CertificateHolder x509CertificateHolder : getBasicOCSPResp().getCerts()) {
                try {
                    arrayList.add(X509Cert.wrap(threadContext, x509CertificateHolder.getEncoded()).getAuxCert());
                } catch (IOException e) {
                    throw OCSP.newOCSPError(ruby, e);
                }
            }
            findSignerByRespId = findSignerByRespId(threadContext, arrayList, responderID);
        }
        return findSignerByRespId;
    }

    private Certificate findSignerByRespId(ThreadContext threadContext, List<? extends Certificate> list, ResponderID responderID) {
        if (responderID.getName() != null) {
            for (Certificate certificate : list) {
                try {
                    if (X509Cert.wrap(threadContext, certificate).getSubject().getX500Name().equals(responderID.getName())) {
                        return certificate;
                    }
                } catch (CertificateEncodingException e) {
                    throw OCSP.newOCSPError(threadContext.runtime, e);
                }
            }
            return null;
        }
        if (responderID.getKeyHash().length != 20) {
            return null;
        }
        for (Certificate certificate2 : list) {
            if (responderID.getKeyHash().equals(Digest.digest(threadContext, this, RubyString.newString(threadContext.runtime, "SHA1"), RubyString.newString(threadContext.runtime, certificate2.getPublicKey().getEncoded())).getBytes())) {
                return certificate2;
            }
        }
        return null;
    }

    private List<X509Cert> getCertsFromResp(ThreadContext threadContext) {
        X509CertificateHolder[] certs = getBasicOCSPResp().getCerts();
        ArrayList arrayList = new ArrayList(certs.length);
        for (X509CertificateHolder x509CertificateHolder : certs) {
            try {
                arrayList.add(X509Cert.wrap(threadContext, x509CertificateHolder.getEncoded()));
            } catch (IOException e) {
                throw OCSP.newOCSPError(threadContext.runtime, e);
            }
        }
        return arrayList;
    }

    private BasicOCSPResp getBasicOCSPResp() {
        return new BasicOCSPResp(this.asn1BCBasicOCSPResp);
    }
}
