package eu.europa.esig.dss.service.crl;

import eu.europa.esig.dss.crl.CRLUtils;
import eu.europa.esig.dss.enumerations.RevocationOrigin;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.model.x509.revocation.crl.CRL;
import eu.europa.esig.dss.service.http.commons.CommonsDataLoader;
import eu.europa.esig.dss.spi.DSSASN1Utils;
import eu.europa.esig.dss.spi.client.http.DataLoader;
import eu.europa.esig.dss.spi.client.http.Protocol;
import eu.europa.esig.dss.spi.x509.revocation.OnlineRevocationSource;
import eu.europa.esig.dss.spi.x509.revocation.RevocationSourceAlternateUrlsSupport;
import eu.europa.esig.dss.spi.x509.revocation.RevocationToken;
import eu.europa.esig.dss.spi.x509.revocation.crl.CRLSource;
import eu.europa.esig.dss.spi.x509.revocation.crl.CRLToken;
import eu.europa.esig.dss.utils.Utils;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/service/crl/OnlineCRLSource.class */
public class OnlineCRLSource implements CRLSource, RevocationSourceAlternateUrlsSupport<CRL>, OnlineRevocationSource<CRL> {
    private static final long serialVersionUID = 6912729291417315212L;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) OnlineCRLSource.class);
    private Protocol preferredProtocol;
    private DataLoader dataLoader;

    public OnlineCRLSource() {
        this.dataLoader = new CommonsDataLoader();
        LOG.trace("+OnlineCRLSource with the default data loader.");
    }

    public OnlineCRLSource(DataLoader dataLoader) {
        this.dataLoader = dataLoader;
        LOG.trace("+OnlineCRLSource with the specific data loader.");
    }

    public void setPreferredProtocol(Protocol protocol) {
        this.preferredProtocol = protocol;
    }

    @Override // eu.europa.esig.dss.spi.x509.revocation.OnlineRevocationSource
    public void setDataLoader(DataLoader dataLoader) {
        this.dataLoader = dataLoader;
    }

    @Override // eu.europa.esig.dss.spi.x509.revocation.crl.CRLSource, eu.europa.esig.dss.spi.x509.revocation.RevocationSource, eu.europa.esig.dss.spi.x509.revocation.crl.CRLSource
    /* renamed from: getRevocationToken */
    public RevocationToken<CRL> getRevocationToken2(CertificateToken certificateToken, CertificateToken certificateToken2) {
        return getRevocationToken(certificateToken, certificateToken2, Collections.emptyList());
    }

    @Override // eu.europa.esig.dss.spi.x509.revocation.RevocationSourceAlternateUrlsSupport
    public RevocationToken<CRL> getRevocationToken(CertificateToken certificateToken, CertificateToken certificateToken2, List<String> list) {
        Objects.requireNonNull(this.dataLoader, "DataLoader is not provided !");
        if (certificateToken == null) {
            return null;
        }
        if (Utils.isCollectionNotEmpty(list)) {
            LOG.info("CRL alternative urls : {}", list);
        }
        List<String> crlUrls = DSSASN1Utils.getCrlUrls(certificateToken);
        if (Utils.isCollectionEmpty(crlUrls) && Utils.isCollectionEmpty(list)) {
            LOG.debug("No CRL location found for {}", certificateToken.getDSSIdAsString());
            return null;
        }
        crlUrls.addAll(list);
        OnlineRevocationSource.RevocationTokenAndUrl<CRL> revocationTokenAndUrl = getRevocationTokenAndUrl(certificateToken, certificateToken2, crlUrls);
        if (revocationTokenAndUrl != null) {
            return (CRLToken) revocationTokenAndUrl.getRevocationToken();
        }
        LOG.debug("No CRL has been downloaded for a CertificateToken with Id '{}' from a list of urls : {}", certificateToken.getDSSIdAsString(), crlUrls);
        return null;
    }

    @Override // eu.europa.esig.dss.spi.x509.revocation.OnlineRevocationSource
    public OnlineRevocationSource.RevocationTokenAndUrl<CRL> getRevocationTokenAndUrl(CertificateToken certificateToken, CertificateToken certificateToken2) {
        Objects.requireNonNull(this.dataLoader, "DataLoader is not provided !");
        if (certificateToken == null) {
            return null;
        }
        List<String> crlUrls = DSSASN1Utils.getCrlUrls(certificateToken);
        if (!Utils.isCollectionEmpty(crlUrls)) {
            return getRevocationTokenAndUrl(certificateToken, certificateToken2, crlUrls);
        }
        LOG.debug("No CRL location found for {}", certificateToken.getDSSIdAsString());
        return null;
    }

    protected OnlineRevocationSource.RevocationTokenAndUrl<CRL> getRevocationTokenAndUrl(CertificateToken certificateToken, CertificateToken certificateToken2, List<String> list) {
        Objects.requireNonNull(this.dataLoader, "DataLoader is not provided !");
        if (certificateToken2 == null || Utils.isCollectionEmpty(list)) {
            return null;
        }
        prioritize(list);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Trying to retrieve a CRL from URL(s) {}...", list);
        }
        DataLoader.DataAndUrl downloadCrl = downloadCrl(list);
        if (downloadCrl == null) {
            return null;
        }
        try {
            CRLToken cRLToken = new CRLToken(certificateToken, CRLUtils.buildCRLValidity(CRLUtils.buildCRLBinary(downloadCrl.getData()), certificateToken2));
            cRLToken.setExternalOrigin(RevocationOrigin.EXTERNAL);
            cRLToken.setSourceURL(downloadCrl.getUrlString());
            if (LOG.isDebugEnabled()) {
                LOG.debug("CRL '{}' has been retrieved from a source with URL '{}'.", cRLToken.getDSSIdAsString(), downloadCrl.getUrlString());
            }
            return new OnlineRevocationSource.RevocationTokenAndUrl<>(downloadCrl.getUrlString(), cRLToken);
        } catch (Exception e) {
            LOG.warn("Unable to parse/validate the CRL (url: {}) : {}", downloadCrl.getUrlString(), e.getMessage(), e);
            return null;
        }
    }

    private DataLoader.DataAndUrl downloadCrl(List<String> list) {
        try {
            return this.dataLoader.get(list);
        } catch (DSSException e) {
            LOG.warn("Unable to download CRL from URLs [{}]. Reason : [{}]", list, e.getMessage(), e);
            return null;
        }
    }

    private void prioritize(List<String> list) {
        if (this.preferredProtocol != null) {
            ArrayList arrayList = new ArrayList();
            for (String str : list) {
                if (this.preferredProtocol.isTheSame(str)) {
                    arrayList.add(str);
                }
            }
            list.removeAll(arrayList);
            for (int size = arrayList.size() - 1; size >= 0; size--) {
                list.add(0, (String) arrayList.get(size));
            }
        }
    }

    @Override // eu.europa.esig.dss.spi.x509.revocation.RevocationSourceAlternateUrlsSupport
    /* renamed from: getRevocationToken, reason: avoid collision after fix types in other method */
    public /* bridge */ /* synthetic */ RevocationToken<CRL> getRevocationToken2(CertificateToken certificateToken, CertificateToken certificateToken2, List list) {
        return getRevocationToken(certificateToken, certificateToken2, (List<String>) list);
    }
}
