package eu.europa.esig.dss.spi.x509.revocation.ocsp;

import eu.europa.esig.dss.model.Digest;
import eu.europa.esig.dss.model.identifier.EncapsulatedRevocationTokenIdentifier;
import eu.europa.esig.dss.model.x509.revocation.ocsp.OCSP;
import eu.europa.esig.dss.spi.DSSASN1Utils;
import eu.europa.esig.dss.spi.x509.ResponderId;
import eu.europa.esig.dss.spi.x509.revocation.RevocationRef;
import eu.europa.esig.dss.spi.x509.revocation.RevocationToken;
import eu.europa.esig.dss.spi.x509.revocation.RevocationTokenRefMatcher;
import java.util.Arrays;
import org.bouncycastle.asn1.ocsp.ResponderID;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/dss-spi-6.2.jar:eu/europa/esig/dss/spi/x509/revocation/ocsp/OCSPTokenRefMatcher.class */
public class OCSPTokenRefMatcher implements RevocationTokenRefMatcher<OCSP> {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) OCSPTokenRefMatcher.class);

    @Override // eu.europa.esig.dss.spi.x509.revocation.RevocationTokenRefMatcher
    public boolean match(RevocationToken<OCSP> revocationToken, RevocationRef<OCSP> revocationRef) {
        OCSPToken oCSPToken = (OCSPToken) revocationToken;
        OCSPRef oCSPRef = (OCSPRef) revocationRef;
        return oCSPRef.getDigest() != null ? matchByDigest(oCSPToken, oCSPRef.getDigest()) : matchResponse(oCSPToken.getBasicOCSPResp(), oCSPRef);
    }

    @Override // eu.europa.esig.dss.spi.x509.revocation.RevocationTokenRefMatcher
    public boolean match(EncapsulatedRevocationTokenIdentifier<OCSP> encapsulatedRevocationTokenIdentifier, RevocationRef<OCSP> revocationRef) {
        OCSPResponseBinary oCSPResponseBinary = (OCSPResponseBinary) encapsulatedRevocationTokenIdentifier;
        OCSPRef oCSPRef = (OCSPRef) revocationRef;
        return oCSPRef.getDigest() != null ? matchByDigest(oCSPResponseBinary, oCSPRef.getDigest()) : matchResponse(oCSPResponseBinary.getBasicOCSPResp(), oCSPRef);
    }

    private boolean matchByDigest(RevocationToken<OCSP> revocationToken, Digest digest) {
        return Arrays.equals(digest.getValue(), revocationToken.getDigest(digest.getAlgorithm()));
    }

    private boolean matchByDigest(EncapsulatedRevocationTokenIdentifier<OCSP> encapsulatedRevocationTokenIdentifier, Digest digest) {
        return Arrays.equals(digest.getValue(), encapsulatedRevocationTokenIdentifier.getDigestValue(digest.getAlgorithm()));
    }

    private boolean matchResponse(BasicOCSPResp basicOCSPResp, OCSPRef oCSPRef) {
        try {
            if (!oCSPRef.getProducedAt().equals(basicOCSPResp.getProducedAt())) {
                return false;
            }
            ResponderID aSN1Primitive = basicOCSPResp.getResponderId().toASN1Primitive();
            ResponderId responderId = oCSPRef.getResponderId();
            if (matchByKeyHash(aSN1Primitive, responderId)) {
                return true;
            }
            return matchByName(aSN1Primitive, responderId);
        } catch (Exception e) {
            if (LOG.isDebugEnabled()) {
                LOG.warn("An exception occurred during an attempt to compare the OCSP binaries with a reference: {}", e.getMessage(), e);
                return false;
            }
            LOG.warn("An exception occurred during an attempt to compare the OCSP binaries with a reference: {}", e.getMessage());
            return false;
        }
    }

    private boolean matchByKeyHash(ResponderID responderID, ResponderId responderId) {
        return responderId.getSki() != null && Arrays.equals(responderId.getSki(), responderID.getKeyHash());
    }

    private boolean matchByName(ResponderID responderID, ResponderId responderId) {
        return (responderId.getX500Principal() == null || responderID.getName() == null || !responderId.getX500Principal().equals(DSSASN1Utils.toX500Principal(responderID.getName()))) ? false : true;
    }
}
