package bluecrystal.service.validator;

import bluecrystal.domain.OperationStatus;
import bluecrystal.service.exception.RevokedException;
import bluecrystal.service.exception.UndefStateException;
import java.io.IOException;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.operator.OperatorCreationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:bluecrystal/service/validator/StatusValidatorImpl.class */
public class StatusValidatorImpl implements StatusValidator {
    static final Logger LOG = LoggerFactory.getLogger(StatusValidatorImpl.class);
    private boolean useOcsp;
    private OcspValidator ocspValidator;
    private CrlValidator crlValidator;

    public StatusValidatorImpl(CrlValidator crlValidator, OcspValidator ocspValidator) {
        this.ocspValidator = ocspValidator;
        this.crlValidator = crlValidator;
    }

    @Override // bluecrystal.service.validator.StatusValidator
    public void setUseOcsp(boolean z) {
        this.useOcsp = z;
    }

    @Override // bluecrystal.service.validator.StatusValidator
    public OperationStatus verifyStatusEE(Collection<X509Certificate> collection, Date date, List<String> list) throws IOException, CertificateException, CRLException, UndefStateException, RevokedException {
        Iterator<X509Certificate> it = collection.iterator();
        OperationStatus operationStatus = new OperationStatus(0, (Date) null);
        OperationStatus operationStatus2 = new OperationStatus(0, (Date) null);
        X509Certificate x509Certificate = null;
        if (it.hasNext()) {
            x509Certificate = it.next();
            LOG.debug("** EE - VALIDATING: " + x509Certificate.getSubjectDN().getName() + " " + new Date());
            operationStatus2 = this.crlValidator.verifyLCR(x509Certificate, date, list);
            operationStatus = operationStatus2;
        } else {
            LOG.error("** ERROR: nenhum certificado na hierarquia! " + new Date());
        }
        if (it.hasNext() && this.useOcsp) {
            X509Certificate next = it.next();
            if (operationStatus2.getStatus() == 1) {
                if (this.useOcsp) {
                    LOG.debug("validating OCSP");
                    try {
                        operationStatus2 = this.ocspValidator.verifyOCSP(x509Certificate, next, date);
                    } catch (Exception e) {
                    }
                }
                if (isEE(x509Certificate)) {
                    operationStatus = operationStatus2;
                }
            }
        }
        LOG.debug("Cert bom até .." + operationStatus.getGoodUntil());
        return operationStatus;
    }

    @Override // bluecrystal.service.validator.StatusValidator
    public OperationStatus verifyStatus(Collection<X509Certificate> collection, Date date) throws IOException, CertificateException, CRLException, UndefStateException, RevokedException, OperatorCreationException {
        Iterator<X509Certificate> it = collection.iterator();
        OperationStatus operationStatus = new OperationStatus(0, (Date) null);
        OperationStatus operationStatus2 = new OperationStatus(0, (Date) null);
        X509Certificate x509Certificate = null;
        if (it.hasNext()) {
            x509Certificate = it.next();
            LOG.debug("** EE - VALIDATING: " + x509Certificate.getSubjectDN().getName() + " " + new Date());
            operationStatus2 = this.crlValidator.verifyLCR(x509Certificate, date, null);
            operationStatus = operationStatus2;
        }
        while (it.hasNext() && this.useOcsp) {
            X509Certificate next = it.next();
            if (operationStatus2.getStatus() == 1) {
                if (this.useOcsp) {
                    operationStatus2 = this.ocspValidator.verifyOCSP(x509Certificate, next, date);
                }
                if (isEE(x509Certificate)) {
                    operationStatus = operationStatus2;
                }
            }
            x509Certificate = next;
            LOG.debug("VALIDATING: " + x509Certificate.getSubjectDN().getName() + " " + new Date());
            operationStatus2 = this.crlValidator.verifyLCR(x509Certificate, date, null);
        }
        if (this.useOcsp) {
            this.ocspValidator.verifyOCSP(x509Certificate, x509Certificate, date);
            if (operationStatus.getStatus() == 1) {
                throw new UndefStateException();
            }
        }
        return operationStatus;
    }

    private static boolean isEE(X509Certificate x509Certificate) {
        return x509Certificate.getBasicConstraints() == -1;
    }
}
