package pl.edu.icm.yadda.aas.x509.crl;

import java.io.InputStream;
import java.net.URL;
import java.security.NoSuchProviderException;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Required;
import pl.edu.icm.yadda.aas.timesync.IDateTimeProvider;
import sun.security.x509.CRLDistributionPointsExtension;
import sun.security.x509.DistributionPoint;
import sun.security.x509.GeneralName;
import sun.security.x509.X509CRLImpl;
import sun.security.x509.X509CertImpl;

/* loaded from: input_file:WEB-INF/lib/yadda-aas2-common-4.3.2.jar:pl/edu/icm/yadda/aas/x509/crl/SunBasedCRLManager.class */
public class SunBasedCRLManager implements ICRLManager {
    private static final String URI_NAME_PREFIX = "URIName: ";
    protected final Logger log = LoggerFactory.getLogger(getClass());
    private static Map<String, CRL> crlMap = new HashMap();
    private IDateTimeProvider dateTimeProvider;
    private String certificateFactoryType;
    private String certificateFactoryProv;
    private CertificateFactory certificateFactory;

    public SunBasedCRLManager() {
    }

    public SunBasedCRLManager(CertificateFactory certificateFactory) {
        this.certificateFactory = certificateFactory;
    }

    public void init() throws CertificateException, NoSuchProviderException {
        if (this.certificateFactory == null) {
            this.log.debug("initializing CertificateFactory");
            this.certificateFactory = CertificateFactory.getInstance(this.certificateFactoryType, this.certificateFactoryProv);
        }
    }

    @Override // pl.edu.icm.yadda.aas.x509.crl.ICRLManager
    public Collection<CRL> getCRLCollection(Collection<X509Certificate> collection) throws CRLException {
        if (collection == null || collection.size() <= 0) {
            return Collections.emptySet();
        }
        HashSet hashSet = new HashSet();
        Iterator<X509Certificate> it = collection.iterator();
        while (it.hasNext()) {
            Collection<CRL> loadCRL = loadCRL(it.next());
            if (loadCRL != null && loadCRL.size() > 0) {
                hashSet.addAll(loadCRL);
            }
        }
        return hashSet;
    }

    protected Collection<CRL> loadCRL(X509Certificate x509Certificate) throws CRLException {
        CRLDistributionPointsExtension cRLDistributionPointsExtension = ((X509CertImpl) x509Certificate).getCRLDistributionPointsExtension();
        if (cRLDistributionPointsExtension == null) {
            return null;
        }
        try {
            HashSet hashSet = new HashSet();
            Iterator it = ((List) cRLDistributionPointsExtension.get("points")).iterator();
            while (it.hasNext()) {
                Iterator it2 = ((DistributionPoint) it.next()).getFullName().names().iterator();
                while (it2.hasNext()) {
                    String generalName = ((GeneralName) it2.next()).toString();
                    if (generalName.startsWith(URI_NAME_PREFIX)) {
                        String substring = generalName.substring(URI_NAME_PREFIX.length());
                        synchronized (crlMap) {
                            CRL crl = (X509CRLImpl) crlMap.get(substring);
                            if (crl != null && crl.getNextUpdate().before(new Date(this.dateTimeProvider.getCurrentDateTime().getMillis()))) {
                                crlMap.remove(substring);
                                crl = null;
                            }
                            if (crl == null) {
                                InputStream inputStream = new URL(substring).openConnection().getInputStream();
                                try {
                                    crl = (X509CRLImpl) this.certificateFactory.generateCRL(inputStream);
                                    inputStream.close();
                                    crlMap.put(substring, crl);
                                } finally {
                                }
                            }
                            hashSet.add(crl);
                        }
                    }
                }
            }
            return hashSet;
        } catch (Exception e) {
            throw new CRLException(e);
        }
    }

    @Required
    public void setDateTimeProvider(IDateTimeProvider iDateTimeProvider) {
        this.dateTimeProvider = iDateTimeProvider;
    }

    public void setCertificateFactoryType(String str) {
        this.certificateFactoryType = str;
    }

    public void setCertificateFactoryProv(String str) {
        this.certificateFactoryProv = str;
    }
}
