package org.opensaml.lite.security.credential.criteria;

import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import org.opensaml.lite.security.Credential;
import org.opensaml.lite.security.EvaluableCredentialCriteria;
import org.opensaml.lite.security.x509.X509CRLEvaluationCriteria;
import org.opensaml.lite.security.x509.X509Credential;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pl.edu.icm.yadda.aas.x509.crl.ICRLManager;

/* loaded from: input_file:WEB-INF/lib/yadda-aas2-common-0.5.1.jar:org/opensaml/lite/security/credential/criteria/EvaluatableX509CRLEvaluationCriteria.class */
public class EvaluatableX509CRLEvaluationCriteria implements EvaluableCredentialCriteria {
    protected final Logger log = LoggerFactory.getLogger(getClass());
    private ICRLManager crlManager;

    public EvaluatableX509CRLEvaluationCriteria(X509CRLEvaluationCriteria x509CRLEvaluationCriteria) {
        if (x509CRLEvaluationCriteria == null) {
            throw new NullPointerException("Criteria instance may not be null");
        }
        this.crlManager = x509CRLEvaluationCriteria.getCrlManager();
    }

    public EvaluatableX509CRLEvaluationCriteria(ICRLManager iCRLManager) {
        if (iCRLManager == null) {
            throw new IllegalArgumentException("crlManager may not be null");
        }
        this.crlManager = iCRLManager;
    }

    @Override // org.opensaml.lite.security.EvaluableCriteria
    public Boolean evaluate(Credential credential) {
        if (credential == null) {
            this.log.error("Credential target was null");
            return null;
        }
        if (!(credential instanceof X509Credential)) {
            return Boolean.TRUE;
        }
        X509Certificate entityCertificate = ((X509Credential) credential).getEntityCertificate();
        if (entityCertificate == null) {
            this.log.info("X509Credential did not contain an entity certificate, does not satisfy X509 CRL criteria");
            return Boolean.FALSE;
        }
        HashSet hashSet = new HashSet(1);
        hashSet.add(entityCertificate);
        try {
            for (CRL crl : this.crlManager.getCRLCollection(hashSet)) {
                if (crl.isRevoked(entityCertificate)) {
                    this.log.info("certificate " + entityCertificate.toString() + " is revoked on CRL list: " + crl.toString());
                    return Boolean.FALSE;
                }
            }
            return Boolean.TRUE;
        } catch (CRLException e) {
            this.log.error("exception occured when retrieving CRL list from certificate: " + entityCertificate, (Throwable) e);
            return Boolean.FALSE;
        }
    }
}
