package eu.europa.ec.markt.dss.validation.crl;

import eu.europa.ec.markt.dss.CertificateIdentifier;
import eu.europa.ec.markt.dss.DSSUtils;
import eu.europa.ec.markt.dss.exception.DSSException;
import eu.europa.ec.markt.dss.validation.https.HTTPDataLoader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.logging.Logger;
import javax.naming.directory.InitialDirContext;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.X509Extension;

/* loaded from: input_file:applet/signature-client.jar:eu/europa/ec/markt/dss/validation/crl/OnlineCRLSource.class */
public class OnlineCRLSource implements CRLSource {
    private static final Logger LOG = Logger.getLogger(OnlineCRLSource.class.getName());
    private String preferredProtocol;
    private HTTPDataLoader dataLoader;

    public void setPreferredProtocol(String str) {
        this.preferredProtocol = str;
    }

    public void setDataLoader(HTTPDataLoader hTTPDataLoader) {
        this.dataLoader = hTTPDataLoader;
    }

    @Override // eu.europa.ec.markt.dss.validation.crl.CRLSource
    public X509CRL findCrl(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws DSSException {
        X509CRL downloadCRLFromURL;
        String crlUri = getCrlUri(x509Certificate);
        LOG.info("CRL's URL for " + CertificateIdentifier.getIdAsString(x509Certificate) + " : " + crlUri);
        if (crlUri == null) {
            return null;
        }
        boolean z = crlUri.startsWith("http://") || crlUri.startsWith("https://");
        if (this.dataLoader != null && z) {
            downloadCRLFromURL = downloadCrlFromHTTP(crlUri);
        } else if (z || crlUri.startsWith("ftp://")) {
            downloadCRLFromURL = downloadCRLFromURL(crlUri);
        } else {
            if (!crlUri.startsWith("ldap://")) {
                LOG.warning("DSS framework only supports HTTP, HTTPS, FTP and LDAP CRL's url.");
                return null;
            }
            downloadCRLFromURL = downloadCRLFromLDAP_(crlUri);
        }
        if (downloadCRLFromURL == null) {
            return null;
        }
        try {
            downloadCRLFromURL.verify(x509Certificate2.getPublicKey());
            boolean[] keyUsage = x509Certificate2.getKeyUsage();
            if (keyUsage != null && (keyUsage == null || keyUsage[6])) {
                return downloadCRLFromURL;
            }
            LOG.warning("No KeyUsage extension for CRL issuing certificate!");
            return null;
        } catch (Exception e) {
            LOG.warning("The CRL signature is not valid!");
            return null;
        }
    }

    private static X509CRL downloadCRLFromURL(String str) throws DSSException {
        InputStream inputStream = null;
        try {
            try {
                inputStream = new URL(str).openStream();
                X509CRL loadCRL = DSSUtils.loadCRL(inputStream);
                IOUtils.closeQuietly(inputStream);
                return loadCRL;
            } catch (Exception e) {
                LOG.warning(e.getMessage());
                IOUtils.closeQuietly(inputStream);
                return null;
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(inputStream);
            throw th;
        }
    }

    private static X509CRL downloadCRLFromLDAP_(String str) throws DSSException {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", str);
        try {
            byte[] bArr = (byte[]) new InitialDirContext(hashtable).getAttributes("").get("certificateRevocationList;binary").get();
            if (bArr == null || bArr.length == 0) {
                throw new DSSException("Can not download CRL from: " + str);
            }
            return DSSUtils.loadCRL(new ByteArrayInputStream(bArr));
        } catch (Exception e) {
            LOG.warning(e.getMessage());
            e.printStackTrace();
            return null;
        }
    }

    private X509CRL downloadCrlFromHTTP(String str) {
        if (str == null) {
            return null;
        }
        try {
            return DSSUtils.loadCRL(this.dataLoader.get(str));
        } catch (DSSException e) {
            LOG.warning(e.getMessage());
            return null;
        }
    }

    public String getCrlUri(X509Certificate x509Certificate) throws DSSException {
        byte[] extensionValue = x509Certificate.getExtensionValue(X509Extension.cRLDistributionPoints.getId());
        if (null == extensionValue) {
            return null;
        }
        ASN1InputStream aSN1InputStream = null;
        ASN1InputStream aSN1InputStream2 = null;
        try {
            try {
                ArrayList<String> arrayList = new ArrayList();
                aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(extensionValue));
                aSN1InputStream2 = new ASN1InputStream(((DEROctetString) aSN1InputStream.readObject()).getOctets());
                for (DistributionPoint distributionPoint : CRLDistPoint.getInstance((ASN1Sequence) aSN1InputStream2.readObject()).getDistributionPoints()) {
                    DistributionPointName distributionPoint2 = distributionPoint.getDistributionPoint();
                    if (0 == distributionPoint2.getType()) {
                        for (GeneralName generalName : ((GeneralNames) distributionPoint2.getName()).getNames()) {
                            if (generalName.getTagNo() != 6) {
                                LOG.fine("Not a uniform resource identifier");
                            } else {
                                arrayList.add(generalName.getDERObject() instanceof DERTaggedObject ? DERIA5String.getInstance(((DERTaggedObject) generalName.getDERObject()).getObject()).getString() : DERIA5String.getInstance(generalName.getDERObject()).getString());
                            }
                        }
                        if (this.preferredProtocol != null) {
                            for (String str : arrayList) {
                                if (str.startsWith(this.preferredProtocol)) {
                                    DSSUtils.closeQuietly(aSN1InputStream);
                                    DSSUtils.closeQuietly(aSN1InputStream2);
                                    return str;
                                }
                            }
                        }
                        if (arrayList.size() > 0) {
                            String str2 = (String) arrayList.get(0);
                            DSSUtils.closeQuietly(aSN1InputStream);
                            DSSUtils.closeQuietly(aSN1InputStream2);
                            return str2;
                        }
                    }
                }
                DSSUtils.closeQuietly(aSN1InputStream);
                DSSUtils.closeQuietly(aSN1InputStream2);
                return null;
            } catch (IOException e) {
                throw new DSSException(e);
            }
        } catch (Throwable th) {
            DSSUtils.closeQuietly(aSN1InputStream);
            DSSUtils.closeQuietly(aSN1InputStream2);
            throw th;
        }
    }
}
