// // Decompiled by Procyon v0.6.0 // package org.bouncycastle.jce.provider; import java.util.Collections; import java.util.WeakHashMap; import org.bouncycastle.asn1.ASN1GeneralizedTime; import java.text.ParseException; import org.bouncycastle.asn1.ocsp.SingleResponse; import org.bouncycastle.asn1.ocsp.ResponseData; import java.util.Date; import java.io.InputStream; import java.io.OutputStream; import org.bouncycastle.asn1.ocsp.Signature; import java.net.URL; import java.io.IOException; import java.util.HashMap; import org.bouncycastle.asn1.ocsp.ResponseBytes; import org.bouncycastle.util.io.Streams; import java.net.HttpURLConnection; import org.bouncycastle.asn1.ocsp.OCSPRequest; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.asn1.ocsp.TBSRequest; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.util.Arrays; import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.x509.Extensions; import org.bouncycastle.asn1.ocsp.Request; import org.bouncycastle.asn1.ASN1EncodableVector; import java.net.MalformedURLException; import java.security.cert.CertPathValidatorException; import org.bouncycastle.asn1.ocsp.BasicOCSPResponse; import org.bouncycastle.asn1.ASN1OctetString; import org.bouncycastle.jcajce.util.JcaJceHelper; import java.security.cert.Extension; import java.util.List; import java.security.cert.X509Certificate; import org.bouncycastle.jcajce.PKIXCertRevocationCheckerParameters; import org.bouncycastle.asn1.ocsp.OCSPResponse; import org.bouncycastle.asn1.ocsp.CertID; import java.lang.ref.WeakReference; import java.net.URI; import java.util.Map; class OcspCache { private static final int DEFAULT_TIMEOUT = 15000; private static final int DEFAULT_MAX_RESPONSE_SIZE = 32768; private static Map>> cache; static OCSPResponse getOcspResponse(final CertID certID, final PKIXCertRevocationCheckerParameters pkixCertRevocationCheckerParameters, final URI uri, final X509Certificate x509Certificate, final List list, final JcaJceHelper jcaJceHelper) throws CertPathValidatorException { Map map = null; final WeakReference weakReference = OcspCache.cache.get(uri); if (weakReference != null) { map = (Map)weakReference.get(); } if (map != null) { final OCSPResponse ocspResponse = map.get(certID); if (ocspResponse != null) { if (isCertIDFoundAndCurrent(BasicOCSPResponse.getInstance(ASN1OctetString.getInstance(ocspResponse.getResponseBytes().getResponse()).getOctets()), pkixCertRevocationCheckerParameters.getValidDate(), certID)) { return ocspResponse; } map.remove(certID); } } URL url; try { url = uri.toURL(); } catch (final MalformedURLException cause) { throw new CertPathValidatorException("configuration error: " + cause.getMessage(), cause, pkixCertRevocationCheckerParameters.getCertPath(), pkixCertRevocationCheckerParameters.getIndex()); } final ASN1EncodableVector asn1EncodableVector = new ASN1EncodableVector(); asn1EncodableVector.add(new Request(certID, null)); final ASN1EncodableVector asn1EncodableVector2 = new ASN1EncodableVector(); byte[] clone = null; for (int i = 0; i != list.size(); ++i) { final Extension extension = list.get(i); final ASN1ObjectIdentifier asn1ObjectIdentifier = new ASN1ObjectIdentifier(extension.getId()); final DEROctetString derOctetString = new DEROctetString(extension.getValue()); if (OCSPObjectIdentifiers.id_pkix_ocsp_nonce.equals(asn1ObjectIdentifier)) { clone = Arrays.clone(derOctetString.getOctets()); } asn1EncodableVector2.add(new org.bouncycastle.asn1.x509.Extension(asn1ObjectIdentifier, extension.isCritical(), derOctetString)); } TBSRequest tbsRequest; if (asn1EncodableVector2.size() != 0) { tbsRequest = new TBSRequest(null, new DERSequence(asn1EncodableVector), Extensions.getInstance(new DERSequence(asn1EncodableVector2))); } else { tbsRequest = new TBSRequest(null, new DERSequence(asn1EncodableVector), (Extensions)null); } final Signature signature = null; try { final byte[] encoded = new OCSPRequest(tbsRequest, signature).getEncoded(); final HttpURLConnection httpURLConnection = (HttpURLConnection)url.openConnection(); httpURLConnection.setConnectTimeout(15000); httpURLConnection.setReadTimeout(15000); httpURLConnection.setDoOutput(true); httpURLConnection.setDoInput(true); httpURLConnection.setRequestMethod("POST"); httpURLConnection.setRequestProperty("Content-type", "application/ocsp-request"); httpURLConnection.setRequestProperty("Content-length", String.valueOf(encoded.length)); final OutputStream outputStream = httpURLConnection.getOutputStream(); outputStream.write(encoded); outputStream.flush(); final InputStream inputStream = httpURLConnection.getInputStream(); int contentLength = httpURLConnection.getContentLength(); if (contentLength < 0) { contentLength = 32768; } final OCSPResponse instance = OCSPResponse.getInstance(Streams.readAllLimited(inputStream, contentLength)); if (0 != instance.getResponseStatus().getIntValue()) { throw new CertPathValidatorException("OCSP responder failed: " + instance.getResponseStatus().getValue(), null, pkixCertRevocationCheckerParameters.getCertPath(), pkixCertRevocationCheckerParameters.getIndex()); } int n = 0; final ResponseBytes instance2 = ResponseBytes.getInstance(instance.getResponseBytes()); if (instance2.getResponseType().equals(OCSPObjectIdentifiers.id_pkix_ocsp_basic)) { final BasicOCSPResponse instance3 = BasicOCSPResponse.getInstance(instance2.getResponse().getOctets()); n = ((ProvOcspRevocationChecker.validatedOcspResponse(instance3, pkixCertRevocationCheckerParameters, clone, x509Certificate, jcaJceHelper) && isCertIDFoundAndCurrent(instance3, pkixCertRevocationCheckerParameters.getValidDate(), certID)) ? 1 : 0); } if (n == 0) { throw new CertPathValidatorException("OCSP response failed to validate", null, pkixCertRevocationCheckerParameters.getCertPath(), pkixCertRevocationCheckerParameters.getIndex()); } final WeakReference weakReference2 = OcspCache.cache.get(uri); if (weakReference2 != null) { map = (Map)weakReference2.get(); } if (map != null) { map.put(certID, instance); } else { final HashMap referent = new HashMap(); referent.put(certID, instance); OcspCache.cache.put(uri, new WeakReference>(referent)); } return instance; } catch (final IOException cause2) { throw new CertPathValidatorException("configuration error: " + cause2.getMessage(), cause2, pkixCertRevocationCheckerParameters.getCertPath(), pkixCertRevocationCheckerParameters.getIndex()); } } private static boolean isCertIDFoundAndCurrent(final BasicOCSPResponse basicOCSPResponse, final Date date, final CertID certID) { final ASN1Sequence responses = ResponseData.getInstance(basicOCSPResponse.getTbsResponseData()).getResponses(); for (int i = 0; i != responses.size(); ++i) { final SingleResponse instance = SingleResponse.getInstance(responses.getObjectAt(i)); if (certID.equals(instance.getCertID())) { final ASN1GeneralizedTime nextUpdate = instance.getNextUpdate(); try { if (nextUpdate != null && date.after(nextUpdate.getDate())) { return false; } } catch (final ParseException ex) { return false; } return true; } } return false; } static { OcspCache.cache = Collections.synchronizedMap(new WeakHashMap>>()); } }