package no.digipost.security.ocsp;

import java.security.cert.X509Certificate;
import java.util.Optional;
import java.util.stream.Stream;
import no.digipost.security.X509;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:no/digipost/security/ocsp/OcspUtils.class */
public final class OcspUtils {
    private static final Logger LOG = LoggerFactory.getLogger(OcspUtils.class);
    private static final DLSequence ASN1_OCSP_SIGNING = new DLSequence(new ASN1ObjectIdentifier("1.3.6.1.5.5.7.3.9"));
    private static final ASN1ObjectIdentifier ASN1_EXTENDED_KEY_USAGE = new ASN1ObjectIdentifier("2.5.29.37");

    public static Optional<X509Certificate> findOscpSigningCertificate(BasicOCSPResp basicOCSPResp) {
        if (basicOCSPResp.getCerts() == null || basicOCSPResp.getCerts().length <= 0) {
            return Optional.empty();
        }
        Optional<X509Certificate> findFirst = Stream.of((Object[]) basicOCSPResp.getCerts()).filter(x509CertificateHolder -> {
            Optional map = Optional.of(x509CertificateHolder).map((v0) -> {
                return v0.getExtensions();
            }).map(extensions -> {
                return extensions.getExtension(ASN1_EXTENDED_KEY_USAGE);
            }).map((v0) -> {
                return v0.getParsedValue();
            }).map((v0) -> {
                return v0.toASN1Primitive();
            });
            DLSequence dLSequence = ASN1_OCSP_SIGNING;
            dLSequence.getClass();
            return map.filter((v1) -> {
                return r1.equals(v1);
            }).isPresent();
        }).map(X509::getCertificateFromHolder).findFirst();
        if (!findFirst.isPresent()) {
            LOG.warn("OCSP response contained certificates, but none of them have OCSP signing extended key usage (identifier {})", ASN1_EXTENDED_KEY_USAGE.getId());
        }
        return findFirst;
    }

    private OcspUtils() {
    }
}
