package weblogic.security.pki.revocation.common;

import java.security.cert.X509Certificate;
import java.util.logging.Level;
import javax.security.auth.x500.X500Principal;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:weblogic/security/pki/revocation/common/OcspChecker.class */
public abstract class OcspChecker extends AbstractRevocChecker {
    private static final CertRevocStatusCache ocspStatusCache = CertRevocStatusCache.getInstance();

    public static OcspChecker getInstance(AbstractCertRevocContext abstractCertRevocContext) {
        return new DefaultOcspChecker(abstractCertRevocContext);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OcspChecker(AbstractCertRevocContext abstractCertRevocContext) {
        super(abstractCertRevocContext);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // weblogic.security.pki.revocation.common.AbstractRevocChecker
    public final CertRevocStatus getCertRevocStatus(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        Util.checkNotNull("Issuer X509Certificate.", x509Certificate);
        Util.checkNotNull("X509Certificate to be checked.", x509Certificate2);
        AbstractCertRevocContext context = getContext();
        X500Principal issuerX500Principal = x509Certificate2.getIssuerX500Principal();
        boolean isOcspResponseCacheEnabled = context.isOcspResponseCacheEnabled(issuerX500Principal);
        if (context.isLoggable(Level.FINEST)) {
            context.log(Level.FINEST, "OcspResponseCacheEnabled={0}", Boolean.valueOf(isOcspResponseCacheEnabled));
        }
        boolean isOcspNonceEnabled = context.isOcspNonceEnabled(issuerX500Principal);
        if (context.isLoggable(Level.FINEST)) {
            context.log(Level.FINEST, "OcspNonceEnabled={0}", Boolean.valueOf(isOcspNonceEnabled));
        }
        if (isOcspResponseCacheEnabled) {
            if (isOcspNonceEnabled) {
                updateCachedStatus(x509Certificate2, null);
            } else {
                CertRevocStatus cachedStatus = getCachedStatus(x509Certificate2);
                if (null != cachedStatus) {
                    if (context.isLoggable(Level.FINEST)) {
                        context.log(Level.FINEST, "Revocation status found in OCSP cache.", new Object[0]);
                    }
                    return cachedStatus;
                }
                if (context.isLoggable(Level.FINEST)) {
                    context.log(Level.FINEST, "Revocation status not found in OCSP cache.", new Object[0]);
                }
            }
        }
        CertRevocStatus remoteStatus = getRemoteStatus(x509Certificate, x509Certificate2);
        if (null != remoteStatus && isOcspNonceEnabled) {
            remoteStatus = checkRequiredNonce(remoteStatus);
        }
        if (isOcspResponseCacheEnabled && !isOcspNonceEnabled) {
            updateCachedStatus(x509Certificate2, remoteStatus);
        }
        return remoteStatus;
    }

    private CertRevocStatus getCachedStatus(X509Certificate x509Certificate) {
        Util.checkNotNull("X509Certificate to be checked.", x509Certificate);
        AbstractCertRevocContext context = getContext();
        int ocspTimeTolerance = context.getOcspTimeTolerance(x509Certificate.getIssuerX500Principal());
        if (context.isLoggable(Level.FINEST)) {
            context.log(Level.FINEST, "OcspTimeTolerance={0}", Integer.valueOf(ocspTimeTolerance));
        }
        int ocspResponseCacheRefreshPeriodPercent = context.getOcspResponseCacheRefreshPeriodPercent();
        if (context.isLoggable(Level.FINEST)) {
            context.log(Level.FINEST, "OcspResponseCacheRefreshPeriodPercent={0}", Integer.valueOf(ocspResponseCacheRefreshPeriodPercent));
        }
        return ocspStatusCache.getStatus(x509Certificate, ocspTimeTolerance, ocspResponseCacheRefreshPeriodPercent, context.getLogListener());
    }

    private void updateCachedStatus(X509Certificate x509Certificate, CertRevocStatus certRevocStatus) {
        Util.checkNotNull("X509Certificate to be checked.", x509Certificate);
        AbstractCertRevocContext context = getContext();
        int ocspTimeTolerance = context.getOcspTimeTolerance(x509Certificate.getIssuerX500Principal());
        if (context.isLoggable(Level.FINEST)) {
            context.log(Level.FINEST, "OcspTimeTolerance={0}", Integer.valueOf(ocspTimeTolerance));
        }
        int ocspResponseCacheRefreshPeriodPercent = context.getOcspResponseCacheRefreshPeriodPercent();
        if (context.isLoggable(Level.FINEST)) {
            context.log(Level.FINEST, "OcspResponseCacheRefreshPeriodPercent={0}", Integer.valueOf(ocspResponseCacheRefreshPeriodPercent));
        }
        int ocspResponseCacheCapacity = context.getOcspResponseCacheCapacity();
        if (context.isLoggable(Level.FINEST)) {
            context.log(Level.FINEST, "OcspResponseCacheCapacity={0}", Integer.valueOf(ocspResponseCacheCapacity));
        }
        ocspStatusCache.putStatus(x509Certificate, certRevocStatus, ocspTimeTolerance, ocspResponseCacheRefreshPeriodPercent, ocspResponseCacheCapacity, context.getLogListener());
    }

    private CertRevocStatus checkRequiredNonce(CertRevocStatus certRevocStatus) {
        Util.checkNotNull("CertRevocStatus", certRevocStatus);
        if (!certRevocStatus.isNonceIgnored().booleanValue()) {
            return certRevocStatus;
        }
        AbstractCertRevocContext context = getContext();
        if (context.isLoggable(Level.FINE)) {
            context.log(Level.FINE, "OCSP responder ignored nonce, so response was ignored, which was:\n{0}", certRevocStatus);
        }
        context.logIgnoredNonceCertRevocStatus(certRevocStatus);
        return null;
    }

    abstract CertRevocStatus getRemoteStatus(X509Certificate x509Certificate, X509Certificate x509Certificate2);
}
