package no.difi.certvalidator.rule;

import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Date;
import no.difi.certvalidator.api.FailedValidationException;
import no.difi.certvalidator.api.ValidatorRule;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/commons-certvalidator-2.0.1.jar:no/difi/certvalidator/rule/ExpirationRule.class */
public class ExpirationRule implements ValidatorRule {
    private static final Logger logger = LoggerFactory.getLogger(ExpirationRule.class);

    @Override // no.difi.certvalidator.api.ValidatorRule
    public void validate(X509Certificate x509Certificate) throws FailedValidationException {
        try {
            x509Certificate.checkValidity(new Date());
        } catch (CertificateExpiredException e) {
            logger.debug("Certificate expired. ({})", x509Certificate.getSerialNumber());
            throw new FailedValidationException("Certificate does not have a valid expiration date.");
        } catch (CertificateNotYetValidException e2) {
            logger.debug("Certificate not yet valid. ({})", x509Certificate.getSerialNumber());
            throw new FailedValidationException("Certificate does not have a valid expiration date.");
        }
    }
}
