package eu.europa.ec.markt.dss.validation102853;

import eu.europa.ec.markt.dss.DSSUtils;
import eu.europa.ec.markt.dss.exception.DSSNullException;
import eu.europa.ec.markt.dss.validation.crl.CRLSource;
import eu.europa.ec.markt.dss.validation.crl.OnlineCRLSource;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DEREnumerated;
import org.bouncycastle.asn1.x509.CRLReason;
import org.bouncycastle.asn1.x509.X509Extension;

/* loaded from: input_file:applet/signature-client.jar:eu/europa/ec/markt/dss/validation102853/CRLCertificateVerifier.class */
public class CRLCertificateVerifier implements CertificateStatusVerifier {
    private static final Logger LOG = Logger.getLogger(CRLCertificateVerifier.class.getName());
    private final CRLSource crlSource;

    public CRLCertificateVerifier(CRLSource cRLSource) {
        this.crlSource = cRLSource;
    }

    /* JADX WARN: Finally extract failed */
    @Override // eu.europa.ec.markt.dss.validation102853.CertificateStatusVerifier
    public RevocationToken check(CertificateToken certificateToken) {
        String str = null;
        try {
            if (this.crlSource == null) {
                certificateToken.extraInfo().infoCRLSourceIsNull();
                return null;
            }
            X509Certificate certificate = certificateToken.getCertificate();
            X509CRL findCrl = this.crlSource.findCrl(certificate, certificateToken.getIssuerToken().getCertificate());
            if (this.crlSource instanceof OnlineCRLSource) {
                str = ((OnlineCRLSource) this.crlSource).getCrlUri(certificate);
            }
            if (findCrl == null) {
                if (LOG.isLoggable(Level.INFO)) {
                    LOG.info("No CRL found for " + certificateToken.getDSSIdAsString());
                }
                if (!(this.crlSource instanceof OnlineCRLSource)) {
                    return null;
                }
                certificateToken.extraInfo().infoNoCRLInfoFound(str);
                return null;
            }
            CRLToken cRLToken = new CRLToken(findCrl);
            if (this.crlSource instanceof OnlineCRLSource) {
                cRLToken.setSourceURI(str);
            }
            if (!isCRLTokenValid(cRLToken, certificateToken.getIssuerToken())) {
                LOG.warning("The CRL is not valid !");
                certificateToken.extraInfo().infoCRLIsNotValid();
                return null;
            }
            X509CRLEntry revokedCertificate = findCrl.getRevokedCertificate(certificate.getSerialNumber());
            if (null == revokedCertificate) {
                if (LOG.isLoggable(Level.FINE)) {
                    LOG.fine("CRL OK for: " + certificateToken.getDSSIdAsString());
                }
                cRLToken.setStatus(true);
            } else {
                if (LOG.isLoggable(Level.FINE)) {
                    LOG.fine("CRL reports certificate: " + certificateToken.getDSSIdAsString() + " as revoked since " + revokedCertificate.getRevocationDate());
                }
                cRLToken.setStatus(false);
                cRLToken.setRevocationDate(revokedCertificate.getRevocationDate());
                ASN1InputStream aSN1InputStream = null;
                try {
                    try {
                        aSN1InputStream = new ASN1InputStream(revokedCertificate.getExtensionValue(X509Extension.reasonCode.getId()));
                        cRLToken.setReason(new CRLReason(DEREnumerated.getInstance(aSN1InputStream.readObject())).toString());
                        DSSUtils.closeQuietly(aSN1InputStream);
                    } catch (Throwable th) {
                        DSSUtils.closeQuietly(aSN1InputStream);
                        throw th;
                    }
                } catch (IllegalArgumentException e) {
                    LOG.warning("Error when revocation reason decoding from CRL: " + e.toString());
                    cRLToken.setReason(new CRLReason(7).toString());
                    DSSUtils.closeQuietly(aSN1InputStream);
                }
            }
            certificateToken.setRevocationToken(cRLToken);
            return cRLToken;
        } catch (Exception e2) {
            LOG.log(Level.SEVERE, "Exception when accessing CRL for " + certificateToken.getDSSIdAsString(), (Throwable) e2);
            certificateToken.extraInfo().infoCRLException(str, e2);
            return null;
        }
    }

    private boolean isCRLTokenValid(CRLToken cRLToken, CertificateToken certificateToken) {
        if (certificateToken == null) {
            throw new DSSNullException(CertificateToken.class, "issuerToken");
        }
        if (!cRLToken.isSignedBy(certificateToken)) {
            cRLToken.infoNotValidSignature();
            return false;
        }
        boolean[] keyUsage = certificateToken.getCertificate().getKeyUsage();
        if (keyUsage != null && (keyUsage == null || keyUsage[6])) {
            return true;
        }
        cRLToken.infoNoKeyUsageExtension();
        return false;
    }
}
