package com.helger.peppol.utils;

import com.helger.commons.ValueEnforcer;
import com.helger.commons.cache.MappedCache;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.util.Objects;
import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.concurrent.ThreadSafe;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ThreadSafe
/* loaded from: input_file:WEB-INF/lib/peppol-commons-9.5.1.jar:com/helger/peppol/utils/PeppolRevocationCache.class */
public final class PeppolRevocationCache extends MappedCache<X509Certificate, String, ExpiringObject<ERevoked>> {
    public static final Duration DEFAULT_CACHING_DURATION = Duration.ofHours(6);
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) PeppolRevocationCache.class);
    private final Function<X509Certificate, ERevoked> m_aRevocationChecker;
    private final Duration m_aCachingDuration;

    @Nonnull
    private static String _getKey(@Nonnull X509Certificate x509Certificate) {
        return x509Certificate.getSubjectX500Principal().getName() + "-" + x509Certificate.getSerialNumber().toString();
    }

    public PeppolRevocationCache(@Nonnull Function<X509Certificate, ERevoked> function, @Nonnull Duration duration) {
        super(PeppolRevocationCache::_getKey, x509Certificate -> {
            return ExpiringObject.ofDuration((ERevoked) function.apply(x509Certificate), duration);
        }, 1000, "CertificateRevocationCache", false);
        ValueEnforcer.notNull(duration, "CachingDuration");
        Objects.requireNonNull(duration);
        ValueEnforcer.isFalse(duration::isNegative, "CachingDuration must not be negative");
        this.m_aRevocationChecker = function;
        this.m_aCachingDuration = duration;
    }

    @Nonnull
    public Function<X509Certificate, ERevoked> getRevocationChecker() {
        return this.m_aRevocationChecker;
    }

    @Nonnull
    public Duration getCachingDuration() {
        return this.m_aCachingDuration;
    }

    public boolean isRevoked(@Nonnull X509Certificate x509Certificate) {
        ValueEnforcer.notNull(x509Certificate, "Cert");
        ExpiringObject<ERevoked> fromCache = getFromCache(x509Certificate);
        if (fromCache.isExpiredNow()) {
            LOGGER.info("The cached entry for certificate '" + _getKey(x509Certificate) + "' is expired and needs to be re-fetched.");
            removeFromCache(x509Certificate);
            fromCache = getFromCache(x509Certificate);
        }
        return fromCache.getObject().isRevoked();
    }
}
