package net.maritimeconnectivity.pki;

import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.naming.NamingException;
import javax.naming.directory.InitialDirContext;
import net.maritimeconnectivity.pki.ocsp.CertStatus;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/maritimeconnectivity/pki/CRLVerifier.class */
public final class CRLVerifier {
    private static final Logger log = LoggerFactory.getLogger(CRLVerifier.class);

    private CRLVerifier() {
    }

    public static RevocationInfo verifyCertificateCRL(X509Certificate x509Certificate) {
        try {
            Iterator<String> it = getCrlDistributionPoints(x509Certificate).iterator();
            while (it.hasNext()) {
                X509CRL downloadCRL = downloadCRL(it.next());
                if (downloadCRL.isRevoked(x509Certificate)) {
                    X509CRLEntry revokedCertificate = downloadCRL.getRevokedCertificate(x509Certificate.getSerialNumber());
                    return new RevocationInfo(revokedCertificate.getSerialNumber(), revokedCertificate.getRevocationReason(), revokedCertificate.getRevocationDate(), CertStatus.REVOKED);
                }
            }
            return new RevocationInfo(x509Certificate.getSerialNumber(), null, null, CertStatus.GOOD);
        } catch (Exception e) {
            log.error("An Exception was thrown during OCSP verification!", e);
            return new RevocationInfo(x509Certificate.getSerialNumber(), null, null, CertStatus.UNKNOWN);
        }
    }

    public static RevocationInfo verifyCertificateCRL(X509Certificate x509Certificate, X509CRL x509crl) {
        try {
            if (!x509crl.isRevoked(x509Certificate)) {
                return new RevocationInfo(x509Certificate.getSerialNumber(), null, null, CertStatus.GOOD);
            }
            X509CRLEntry revokedCertificate = x509crl.getRevokedCertificate(x509Certificate.getSerialNumber());
            return new RevocationInfo(revokedCertificate.getSerialNumber(), revokedCertificate.getRevocationReason(), revokedCertificate.getRevocationDate(), CertStatus.REVOKED);
        } catch (Exception e) {
            log.error("An Exception was thrown during OCSP verification!", e);
            return new RevocationInfo(x509Certificate.getSerialNumber(), null, null, CertStatus.UNKNOWN);
        }
    }

    public static X509CRL downloadCRL(String str) throws IOException, CertificateException, NamingException, CRLException {
        if (str.startsWith("http://") || str.startsWith("https://") || str.startsWith("ftp://")) {
            return downloadCRLFromWeb(str);
        }
        if (str.startsWith("ldap://")) {
            return downloadCRLFromLDAP(str);
        }
        throw new CRLException("Can not download CRL from certificate distribution point: " + str);
    }

    public static X509CRL downloadCRLFromLDAP(String str) throws NamingException, CertificateException, CRLException {
        Map hashMap = new HashMap();
        hashMap.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashMap.put("java.naming.provider.url", str);
        byte[] bArr = (byte[]) new InitialDirContext((Hashtable) hashMap).getAttributes("").get("certificateRevocationList;binary").get();
        if (bArr == null || bArr.length == 0) {
            throw new CRLException("Can not download CRL from: " + str);
        }
        return (X509CRL) CertificateFactory.getInstance("X.509").generateCRL(new ByteArrayInputStream(bArr));
    }

    public static X509CRL downloadCRLFromWeb(String str) throws IOException, CRLException, CertificateException {
        InputStream openStream = new URL(str).openStream();
        Throwable th = null;
        try {
            try {
                X509CRL x509crl = (X509CRL) CertificateFactory.getInstance("X.509").generateCRL(openStream);
                if (openStream != null) {
                    if (0 != 0) {
                        try {
                            openStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        openStream.close();
                    }
                }
                return x509crl;
            } finally {
            }
        } catch (Throwable th3) {
            if (openStream != null) {
                if (th != null) {
                    try {
                        openStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    openStream.close();
                }
            }
            throw th3;
        }
    }

    public static X509CRL loadCRLFromFile(String str) throws IOException, CRLException, CertificateException {
        FileInputStream fileInputStream = new FileInputStream(str);
        Throwable th = null;
        try {
            X509CRL x509crl = (X509CRL) CertificateFactory.getInstance("X.509").generateCRL(fileInputStream);
            if (fileInputStream != null) {
                if (0 != 0) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            return x509crl;
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (0 != 0) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }

    public static List<String> getCrlDistributionPoints(X509Certificate x509Certificate) throws IOException {
        byte[] extensionValue = x509Certificate.getExtensionValue(Extension.cRLDistributionPoints.getId());
        if (extensionValue == null) {
            return new ArrayList();
        }
        ASN1InputStream aSN1InputStream = new ASN1InputStream(extensionValue);
        Throwable th = null;
        try {
            ASN1InputStream aSN1InputStream2 = new ASN1InputStream(new ByteArrayInputStream(aSN1InputStream.readObject().getOctets()));
            CRLDistPoint cRLDistPoint = CRLDistPoint.getInstance(aSN1InputStream2.readObject());
            aSN1InputStream2.close();
            if (aSN1InputStream != null) {
                if (0 != 0) {
                    try {
                        aSN1InputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    aSN1InputStream.close();
                }
            }
            ArrayList arrayList = new ArrayList();
            for (DistributionPoint distributionPoint : cRLDistPoint.getDistributionPoints()) {
                DistributionPointName distributionPoint2 = distributionPoint.getDistributionPoint();
                if (distributionPoint2 != null && distributionPoint2.getType() == 0) {
                    for (GeneralName generalName : GeneralNames.getInstance(distributionPoint2.getName()).getNames()) {
                        if (generalName.getTagNo() == 6) {
                            arrayList.add(DERIA5String.getInstance(generalName.getName()).getString());
                        }
                    }
                }
            }
            return arrayList;
        } catch (Throwable th3) {
            if (aSN1InputStream != null) {
                if (0 != 0) {
                    try {
                        aSN1InputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    aSN1InputStream.close();
                }
            }
            throw th3;
        }
    }
}
