package io.netty.example.ocsp;

import io.netty.bootstrap.ServerBootstrap;
import io.netty.channel.Channel;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelInitializer;
import io.netty.handler.ssl.OpenSsl;
import io.netty.handler.ssl.ReferenceCountedOpenSslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
import io.netty.util.CharsetUtil;
import io.netty.util.internal.EmptyArrays;
import java.io.BufferedReader;
import java.io.FileNotFoundException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.Reader;
import java.math.BigInteger;
import java.net.URI;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.concurrent.TimeUnit;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.CertificateStatus;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.bouncycastle.cert.ocsp.SingleResp;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMParser;

/* loaded from: input_file:io/netty/example/ocsp/OcspServerExample.class */
public class OcspServerExample {
    public static void main(String[] strArr) throws Exception {
        X509Certificate[] parseCertificates = parseCertificates(OcspServerExample.class, "netty_io_chain.pem");
        X509Certificate x509Certificate = parseCertificates[0];
        X509Certificate x509Certificate2 = parseCertificates[parseCertificates.length - 1];
        URI ocspUri = OcspUtils.ocspUri(x509Certificate);
        System.out.println("OCSP Responder URI: " + ocspUri);
        if (ocspUri == null) {
            throw new IllegalStateException("The CA/certificate doesn't have an OCSP responder");
        }
        OCSPResp request = OcspUtils.request(ocspUri, new OcspRequestBuilder().certificate(x509Certificate).issuer(x509Certificate2).build(), 5L, TimeUnit.SECONDS);
        if (request.getStatus() != 0) {
            throw new IllegalStateException("response-status=" + request.getStatus());
        }
        SingleResp singleResp = ((BasicOCSPResp) request.getResponseObject()).getResponses()[0];
        String certStatus = singleResp.getCertStatus();
        System.out.println("Status: " + ((Object) (certStatus == CertificateStatus.GOOD ? "Good" : certStatus)));
        System.out.println("This Update: " + singleResp.getThisUpdate());
        System.out.println("Next Update: " + singleResp.getNextUpdate());
        if (certStatus != null) {
            throw new IllegalStateException("certificate-status=" + ((Object) certStatus));
        }
        BigInteger serialNumber = x509Certificate.getSerialNumber();
        BigInteger serialNumber2 = singleResp.getCertID().getSerialNumber();
        if (!serialNumber.equals(serialNumber2)) {
            throw new IllegalStateException("Bad Serials=" + serialNumber + " vs. " + serialNumber2);
        }
        if (!OpenSsl.isAvailable()) {
            throw new IllegalStateException("OpenSSL is not available!");
        }
        if (!OpenSsl.isOcspSupported()) {
            throw new IllegalStateException("OCSP is not supported!");
        }
        if (0 == 0) {
            throw new IllegalStateException("Because we don't have a PrivateKey we can't continue past this point.");
        }
        ReferenceCountedOpenSslContext build = SslContextBuilder.forServer((PrivateKey) null, parseCertificates).sslProvider(SslProvider.OPENSSL).enableOcsp(true).build();
        try {
            new ServerBootstrap().childHandler(newServerHandler(build, request));
            build.release();
        } catch (Throwable th) {
            build.release();
            throw th;
        }
    }

    private static ChannelInitializer<Channel> newServerHandler(final ReferenceCountedOpenSslContext referenceCountedOpenSslContext, final OCSPResp oCSPResp) {
        return new ChannelInitializer<Channel>() { // from class: io.netty.example.ocsp.OcspServerExample.1
            protected void initChannel(Channel channel) throws Exception {
                ChannelHandler newHandler = referenceCountedOpenSslContext.newHandler(channel.alloc());
                if (oCSPResp != null) {
                    newHandler.engine().setOcspResponse(oCSPResp.getEncoded());
                }
                channel.pipeline().addLast(new ChannelHandler[]{newHandler});
            }
        };
    }

    private static X509Certificate[] parseCertificates(Class<?> cls, String str) throws Exception {
        InputStream resourceAsStream = cls.getResourceAsStream(str);
        try {
            if (resourceAsStream == null) {
                throw new FileNotFoundException("clazz=" + cls + ", name=" + str);
            }
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(resourceAsStream, CharsetUtil.US_ASCII));
            try {
                X509Certificate[] parseCertificates = parseCertificates(bufferedReader);
                bufferedReader.close();
                if (resourceAsStream != null) {
                    resourceAsStream.close();
                }
                return parseCertificates;
            } finally {
            }
        } catch (Throwable th) {
            if (resourceAsStream != null) {
                try {
                    resourceAsStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private static X509Certificate[] parseCertificates(Reader reader) throws Exception {
        JcaX509CertificateConverter provider = new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider());
        ArrayList arrayList = new ArrayList();
        PEMParser pEMParser = new PEMParser(reader);
        while (true) {
            try {
                X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) pEMParser.readObject();
                if (x509CertificateHolder == null) {
                    return (X509Certificate[]) arrayList.toArray(EmptyArrays.EMPTY_X509_CERTIFICATES);
                }
                X509Certificate certificate = provider.getCertificate(x509CertificateHolder);
                if (certificate != null) {
                    arrayList.add(certificate);
                }
            } finally {
                pEMParser.close();
            }
        }
    }
}
