package com.helger.security.crl;

import com.helger.commons.ValueEnforcer;
import com.helger.commons.annotation.Nonempty;
import com.helger.commons.collection.impl.CommonsArrayList;
import com.helger.commons.collection.impl.ICommonsList;
import com.helger.commons.io.stream.NonBlockingByteArrayInputStream;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import javax.annotation.Nonnull;
import javax.annotation.concurrent.Immutable;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
import org.bouncycastle.asn1.ASN1IA5String;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Immutable
/* loaded from: input_file:WEB-INF/lib/ph-security-11.2.0.jar:com/helger/security/crl/CRLHelper.class */
public final class CRLHelper {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) CRLHelper.class);

    private CRLHelper() {
    }

    @Nonnull
    public static X509CRL convertToCRL(@Nonnull @Nonempty byte[] bArr) {
        ValueEnforcer.notEmpty(bArr, "CRLBytes");
        try {
            NonBlockingByteArrayInputStream nonBlockingByteArrayInputStream = new NonBlockingByteArrayInputStream(bArr);
            try {
                X509CRL x509crl = (X509CRL) CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID).generateCRL(nonBlockingByteArrayInputStream);
                nonBlockingByteArrayInputStream.close();
                return x509crl;
            } catch (Throwable th) {
                try {
                    nonBlockingByteArrayInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (CRLException e) {
            throw new IllegalArgumentException("Cannot generate X.509 CRL from the stream data", e);
        } catch (CertificateException e2) {
            throw new IllegalArgumentException(e2);
        }
    }

    @Nonnull
    public static ICommonsList<String> getAllDistributionPoints(@Nonnull X509Certificate x509Certificate) {
        ValueEnforcer.notNull(x509Certificate, "Certificate");
        CommonsArrayList commonsArrayList = new CommonsArrayList();
        byte[] extensionValue = x509Certificate.getExtensionValue(Extension.cRLDistributionPoints.getId());
        if (extensionValue != null) {
            try {
                ASN1InputStream aSN1InputStream = new ASN1InputStream(extensionValue);
                try {
                    try {
                        ASN1InputStream aSN1InputStream2 = new ASN1InputStream(((DEROctetString) aSN1InputStream.readObject()).getOctets());
                        try {
                            CRLDistPoint cRLDistPoint = CRLDistPoint.getInstance(aSN1InputStream2.readObject());
                            aSN1InputStream2.close();
                            for (DistributionPoint distributionPoint : cRLDistPoint.getDistributionPoints()) {
                                DistributionPointName distributionPoint2 = distributionPoint.getDistributionPoint();
                                if (distributionPoint2 != null && distributionPoint2.getType() == 0) {
                                    for (GeneralName generalName : GeneralNames.getInstance(distributionPoint2.getName()).getNames()) {
                                        if (generalName.getTagNo() == 6) {
                                            String trim = ASN1IA5String.getInstance(generalName.getName()).getString().trim();
                                            if (LOGGER.isDebugEnabled()) {
                                                LOGGER.debug("Found CRL URL '" + trim + "' in certificate");
                                            }
                                            commonsArrayList.add(trim);
                                        }
                                    }
                                }
                            }
                            aSN1InputStream.close();
                        } catch (Throwable th) {
                            try {
                                aSN1InputStream2.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                            throw th;
                        }
                    } finally {
                    }
                } catch (IOException e) {
                    throw new UncheckedIOException(e);
                }
            } catch (IOException e2) {
                throw new UncheckedIOException(e2);
            }
        }
        return commonsArrayList;
    }
}
