package eu.emi.security.authn.x509.helpers.ocsp;

import eu.emi.security.authn.x509.OCSPCheckingMode;
import eu.emi.security.authn.x509.ValidationErrorCode;
import eu.emi.security.authn.x509.helpers.ocsp.OCSPResult;
import eu.emi.security.authn.x509.helpers.pkipath.SimpleValidationErrorException;
import eu.emi.security.authn.x509.helpers.revocation.RevocationChecker;
import eu.emi.security.authn.x509.helpers.revocation.RevocationStatus;
import java.security.cert.X509Certificate;

/* loaded from: input_file:eu/emi/security/authn/x509/helpers/ocsp/OCSPRevocationChecker.class */
public class OCSPRevocationChecker implements RevocationChecker {
    private OCSPVerifier verifier;
    private OCSPCheckingMode checkingMode;

    public OCSPRevocationChecker(OCSPVerifier oCSPVerifier, OCSPCheckingMode oCSPCheckingMode) {
        this.verifier = oCSPVerifier;
        this.checkingMode = oCSPCheckingMode;
    }

    @Override // eu.emi.security.authn.x509.helpers.revocation.RevocationChecker
    public RevocationStatus checkRevocation(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws SimpleValidationErrorException {
        if (this.checkingMode == OCSPCheckingMode.IGNORE) {
            return RevocationStatus.unknown;
        }
        try {
            OCSPResult verify = this.verifier.verify(x509Certificate, x509Certificate2);
            if (verify.getStatus() == OCSPResult.Status.revoked) {
                throw new SimpleValidationErrorException(ValidationErrorCode.ocspCertRevoked, verify.getRevocationTime(), verify.getRevocationReason());
            }
            return verify.getStatus() == OCSPResult.Status.good ? RevocationStatus.verified : RevocationStatus.unknown;
        } catch (SimpleValidationErrorException e) {
            if (this.checkingMode == OCSPCheckingMode.REQUIRE) {
                throw e;
            }
            return RevocationStatus.unknown;
        }
    }
}
