package no.difi.certvalidator.rule;

import java.io.IOException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import no.difi.certvalidator.api.CertificateValidationException;
import no.difi.certvalidator.api.CrlCache;
import no.difi.certvalidator.api.CrlFetcher;
import no.difi.certvalidator.api.FailedValidationException;
import no.difi.certvalidator.api.ValidatorRule;
import no.difi.certvalidator.util.SimpleCachingCrlFetcher;
import no.difi.certvalidator.util.SimpleCrlCache;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.x509.extension.X509ExtensionUtil;

/* loaded from: input_file:WEB-INF/lib/commons-certvalidator-2.1.0.jar:no/difi/certvalidator/rule/CRLRule.class */
public class CRLRule implements ValidatorRule {
    private static final String CRL_EXTENSION = "2.5.29.31";
    private CrlFetcher crlFetcher;

    public CRLRule(CrlFetcher crlFetcher) {
        this.crlFetcher = crlFetcher;
    }

    public CRLRule(CrlCache crlCache) {
        this(new SimpleCachingCrlFetcher(crlCache));
    }

    public CRLRule() {
        this.crlFetcher = new SimpleCachingCrlFetcher(new SimpleCrlCache());
    }

    @Override // no.difi.certvalidator.api.ValidatorRule
    public void validate(X509Certificate x509Certificate) throws CertificateValidationException {
        Iterator<String> it = getCrlDistributionPoints(x509Certificate).iterator();
        while (it.hasNext()) {
            X509CRL x509crl = this.crlFetcher.get(it.next());
            if (x509crl != null && x509crl.isRevoked(x509Certificate)) {
                throw new FailedValidationException("Certificate is revoked.");
            }
        }
    }

    public static List<String> getCrlDistributionPoints(X509Certificate x509Certificate) throws CertificateValidationException {
        try {
            ArrayList arrayList = new ArrayList();
            if (!x509Certificate.getNonCriticalExtensionOIDs().contains(CRL_EXTENSION)) {
                return arrayList;
            }
            for (DistributionPoint distributionPoint : CRLDistPoint.getInstance(X509ExtensionUtil.fromExtensionValue(x509Certificate.getExtensionValue(CRL_EXTENSION))).getDistributionPoints()) {
                for (GeneralName generalName : ((GeneralNames) distributionPoint.getDistributionPoint().getName()).getNames()) {
                    if (generalName.getTagNo() == 6) {
                        arrayList.add(((DERIA5String) generalName.getName()).getString());
                    }
                }
            }
            return arrayList;
        } catch (IOException | NullPointerException e) {
            throw new CertificateValidationException(e.getMessage(), e);
        }
    }
}
