package pl.edu.icm.yadda.aas.x509.crl;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.NoSuchProviderException;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.jce.provider.X509CRLObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Required;
import pl.edu.icm.yadda.aas.timesync.IDateTimeProvider;

/* loaded from: input_file:WEB-INF/lib/yadda-aas2-common-1.7.2-SNAPSHOT.jar:pl/edu/icm/yadda/aas/x509/crl/BCBasedCRLManager.class */
public class BCBasedCRLManager implements ICRLManager {
    private static Map<String, CRL> crlMap = new HashMap();
    private IDateTimeProvider dateTimeProvider;
    private CertificateFactory certificateFactory;
    protected final Logger log = LoggerFactory.getLogger(getClass());
    private String certificateFactoryType = "X.509";
    private String certificateFactoryProv = "BC";

    public BCBasedCRLManager() {
    }

    public BCBasedCRLManager(CertificateFactory certificateFactory) {
        this.certificateFactory = certificateFactory;
    }

    public void init() throws CertificateException, NoSuchProviderException {
        if (this.certificateFactory == null) {
            this.log.debug("initializing CertificateFactory");
            this.certificateFactory = CertificateFactory.getInstance(this.certificateFactoryType, this.certificateFactoryProv);
        }
    }

    @Override // pl.edu.icm.yadda.aas.x509.crl.ICRLManager
    public Collection<CRL> getCRLCollection(Collection<X509Certificate> collection) throws CRLException {
        if (collection == null || collection.size() <= 0) {
            return Collections.emptySet();
        }
        HashSet hashSet = new HashSet();
        Iterator<X509Certificate> it = collection.iterator();
        while (it.hasNext()) {
            Collection<CRL> loadCRL = loadCRL(it.next());
            if (loadCRL != null && loadCRL.size() > 0) {
                hashSet.addAll(loadCRL);
            }
        }
        return hashSet;
    }

    protected Collection<CRL> loadCRL(X509Certificate x509Certificate) throws CRLException {
        byte[] extensionValue = x509Certificate.getExtensionValue(X509Extensions.CRLDistributionPoints.getId());
        if (extensionValue == null) {
            return null;
        }
        try {
            DistributionPoint[] distributionPoints = new CRLDistPoint((ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(((ASN1OctetString) new ASN1InputStream(new ByteArrayInputStream(extensionValue)).readObject()).getOctets())).readObject()).getDistributionPoints();
            if (distributionPoints == null) {
                return null;
            }
            HashSet hashSet = new HashSet();
            for (DistributionPoint distributionPoint : distributionPoints) {
                this.log.debug(distributionPoint.toString());
                for (GeneralName generalName : ((GeneralNames) distributionPoint.getDistributionPoint().getName()).getNames()) {
                    if (generalName.getTagNo() == 6) {
                        String string = ((DERIA5String) generalName.getName()).getString();
                        this.log.debug("processed CRL URL name: " + string);
                        synchronized (crlMap) {
                            X509CRLObject x509CRLObject = (X509CRLObject) crlMap.get(string);
                            if (x509CRLObject != null && x509CRLObject.getNextUpdate().before(new Date(this.dateTimeProvider.getCurrentDateTime().getMillis()))) {
                                crlMap.remove(string);
                                x509CRLObject = null;
                            }
                            if (x509CRLObject == null) {
                                InputStream inputStream = new URL(string).openConnection().getInputStream();
                                try {
                                    x509CRLObject = (X509CRLObject) this.certificateFactory.generateCRL(inputStream);
                                    inputStream.close();
                                    crlMap.put(string, x509CRLObject);
                                } finally {
                                }
                            }
                            hashSet.add(x509CRLObject);
                        }
                    } else {
                        this.log.error("unsupported CRL name: " + ((DERIA5String) generalName.getName()).getString() + ", only URI based names are supported!");
                    }
                }
            }
            return hashSet;
        } catch (IOException e) {
            throw new CRLException(e);
        }
    }

    @Required
    public void setDateTimeProvider(IDateTimeProvider iDateTimeProvider) {
        this.dateTimeProvider = iDateTimeProvider;
    }

    public void setCertificateFactoryType(String str) {
        this.certificateFactoryType = str;
    }

    public void setCertificateFactoryProv(String str) {
        this.certificateFactoryProv = str;
    }
}
