package net.maritimecloud.pki;

import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CRLReason;
import java.security.cert.X509Certificate;
import net.maritimecloud.pki.ocsp.OCSPClient;
import net.maritimecloud.pki.ocsp.OCSPValidationException;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.cert.ocsp.RevokedStatus;

/* loaded from: input_file:net/maritimecloud/pki/OCSPVerifier.class */
public class OCSPVerifier {
    public static RevocationInfo verifyCertificateOCSP(X509Certificate x509Certificate, KeyStore keyStore) throws IOException, KeyStoreException, OCSPValidationException {
        return verifyCertificateOCSP(x509Certificate, (X509Certificate) keyStore.getCertificate(CertificateHandler.getElement(new X500Name(x509Certificate.getIssuerDN().getName()), BCStyle.UID)));
    }

    public static RevocationInfo verifyCertificateOCSP(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws IOException, OCSPValidationException {
        OCSPClient oCSPClient = new OCSPClient(x509Certificate2, x509Certificate);
        RevocationInfo revocationInfo = new RevocationInfo();
        if (oCSPClient.checkOCSP()) {
            revocationInfo.setStatus(oCSPClient.getCertificateStatus());
        } else {
            revocationInfo.setStatus(oCSPClient.getCertificateStatus());
            if (oCSPClient.getRevokedStatus().isPresent()) {
                RevokedStatus revokedStatus = oCSPClient.getRevokedStatus().get();
                revocationInfo.setRevokeReason(CRLReason.values()[revokedStatus.getRevocationReason()]);
                revocationInfo.setRevokedAt(revokedStatus.getRevocationTime());
            }
        }
        return revocationInfo;
    }
}
