package de.gematik.test.tiger.proxy.tls;

import de.gematik.test.tiger.common.pki.TigerConfigurationPkiIdentity;
import java.security.cert.X509Certificate;
import java.util.Date;
import lombok.Generated;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cert.ocsp.CertificateStatus;
import org.bouncycastle.cert.ocsp.OCSPRespBuilder;
import org.bouncycastle.cert.ocsp.RespID;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/tiger-proxy-3.1.2.jar:de/gematik/test/tiger/proxy/tls/OcspUtils.class */
public class OcspUtils {

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) OcspUtils.class);

    public static byte[] buildOcspResponse(X509Certificate x509Certificate, TigerConfigurationPkiIdentity tigerConfigurationPkiIdentity) {
        log.info("Building OCSP response...");
        CertificateID certificateID = new CertificateID(new BcDigestCalculatorProvider().get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(x509Certificate), x509Certificate.getSerialNumber());
        ContentSigner build = new JcaContentSignerBuilder(tigerConfigurationPkiIdentity.getCertificate().getSigAlgName()).setProvider(BouncyCastleProvider.PROVIDER_NAME).build(tigerConfigurationPkiIdentity.getPrivateKey());
        BasicOCSPRespBuilder basicOCSPRespBuilder = new BasicOCSPRespBuilder(SubjectPublicKeyInfo.getInstance(tigerConfigurationPkiIdentity.getCertificate().getPublicKey().getEncoded()), new JcaDigestCalculatorProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build().get(RespID.HASH_SHA1));
        basicOCSPRespBuilder.addResponse(certificateID, CertificateStatus.GOOD);
        return new OCSPRespBuilder().build(0, basicOCSPRespBuilder.build(build, new X509CertificateHolder[]{new X509CertificateHolder(tigerConfigurationPkiIdentity.getCertificate().getEncoded())}, new Date())).getEncoded();
    }

    @Generated
    private OcspUtils() {
    }
}
