package eu.emi.security.authn.x509.helpers.pkipath.bc;

import eu.emi.security.authn.x509.CrlCheckingMode;
import eu.emi.security.authn.x509.ValidationErrorCode;
import eu.emi.security.authn.x509.helpers.pkipath.ExtPKIXParameters;
import eu.emi.security.authn.x509.helpers.pkipath.SimpleValidationErrorException;
import eu.emi.security.authn.x509.helpers.revocation.RevocationChecker;
import eu.emi.security.authn.x509.helpers.revocation.RevocationStatus;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.List;

/* loaded from: input_file:eu/emi/security/authn/x509/helpers/pkipath/bc/CRLRevocationChecker.class */
public class CRLRevocationChecker implements RevocationChecker {
    private ExtPKIXParameters paramsPKIX;
    private Date validDate;
    private PublicKey workingPublicKey;
    private List<?> certificates;
    private CrlCheckingMode checkingMode;

    public CRLRevocationChecker(ExtPKIXParameters extPKIXParameters, Date date, PublicKey publicKey, List<?> list, CrlCheckingMode crlCheckingMode) {
        this.paramsPKIX = extPKIXParameters;
        this.validDate = date;
        this.workingPublicKey = publicKey;
        this.certificates = list;
        this.checkingMode = crlCheckingMode;
    }

    @Override // eu.emi.security.authn.x509.helpers.revocation.RevocationChecker
    public RevocationStatus checkRevocation(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws SimpleValidationErrorException {
        if (this.checkingMode == CrlCheckingMode.IGNORE) {
            return RevocationStatus.unknown;
        }
        try {
            RFC3280CertPathUtilitiesHelper.checkCRLs2(this.paramsPKIX, x509Certificate, this.validDate, x509Certificate2, this.workingPublicKey, this.certificates);
            return RevocationStatus.verified;
        } catch (SimpleValidationErrorException e) {
            if (e.getCode() == ValidationErrorCode.noValidCrlFound && this.checkingMode == CrlCheckingMode.IF_VALID) {
                return RevocationStatus.unknown;
            }
            throw e;
        }
    }
}
