package com.helger.peppol.utils;

import com.helger.commons.ValueEnforcer;
import com.helger.commons.annotation.Nonempty;
import com.helger.commons.cache.Cache;
import com.helger.commons.collection.impl.CommonsArrayList;
import com.helger.commons.collection.impl.ICommonsList;
import com.helger.commons.datetime.PDTFactory;
import com.helger.commons.io.stream.NonBlockingByteArrayInputStream;
import com.helger.commons.io.stream.StreamHelper;
import com.helger.commons.string.StringHelper;
import com.helger.commons.timing.StopWatch;
import com.helger.commons.url.EURLProtocol;
import java.io.IOException;
import java.io.InputStream;
import java.io.UncheckedIOException;
import java.net.URL;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.time.LocalDateTime;
import java.time.temporal.TemporalAmount;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.concurrent.Immutable;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
import org.bouncycastle.asn1.ASN1IA5String;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Immutable
/* loaded from: input_file:WEB-INF/lib/peppol-commons-9.0.8.jar:com/helger/peppol/utils/CRLHelper.class */
public final class CRLHelper {
    public static final Duration DEFAULT_CACHING_DURATION = Duration.ofDays(1);

    /* loaded from: input_file:WEB-INF/lib/peppol-commons-9.0.8.jar:com/helger/peppol/utils/CRLHelper$CRLCache.class */
    public static final class CRLCache extends Cache<String, TimedCRL> {
        public static final CRLCache INSTANCE = new CRLCache();
        private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) CRLCache.class);

        @Nullable
        private static TimedCRL _loadCRL(@Nonnull String str) {
            if (!EURLProtocol.HTTP.isUsedInURL(str) && !EURLProtocol.HTTPS.isUsedInURL(str) && !EURLProtocol.FTP.isUsedInURL(str)) {
                return null;
            }
            LOGGER.info("Trying to download CRL from URL '" + str + "'");
            StopWatch createdStarted = StopWatch.createdStarted();
            try {
                try {
                    InputStream openStream = new URL(str).openStream();
                    try {
                        byte[] allBytes = StreamHelper.getAllBytes(openStream);
                        if (allBytes == null) {
                            if (openStream != null) {
                                openStream.close();
                            }
                            createdStarted.stop();
                            Logger logger = LOGGER;
                            logger.info("Downloading the CRL took " + createdStarted.getMillis() + " milliseconds for " + logger + " bytes");
                            return null;
                        }
                        int length = allBytes.length;
                        TimedCRL ofNow = TimedCRL.ofNow(CRLHelper.convertToCRL(allBytes));
                        if (openStream != null) {
                            openStream.close();
                        }
                        createdStarted.stop();
                        Logger logger2 = LOGGER;
                        logger2.info("Downloading the CRL took " + createdStarted.getMillis() + " milliseconds for " + logger2 + " bytes");
                        return ofNow;
                    } catch (Throwable th) {
                        if (openStream != null) {
                            try {
                                openStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                } catch (Throwable th3) {
                    createdStarted.stop();
                    Logger logger3 = LOGGER;
                    logger3.info("Downloading the CRL took " + createdStarted.getMillis() + " milliseconds for " + logger3 + " bytes");
                    throw th3;
                }
            } catch (Exception e) {
                LOGGER.error("Error downloading CRL from URL '" + str + "'", (Throwable) e);
                createdStarted.stop();
                Logger logger4 = LOGGER;
                logger4.info("Downloading the CRL took " + createdStarted.getMillis() + " milliseconds for " + logger4 + " bytes");
                return null;
            }
        }

        protected CRLCache() {
            super(CRLCache::_loadCRL, 100, "CRL Cache");
        }

        void manuallyPutInCache(@Nonnull String str, @Nonnull TimedCRL timedCRL) {
            ValueEnforcer.notEmpty(str, "CRLURL");
            ValueEnforcer.notNull(timedCRL, "TimedCRL");
            super.putInCache(str, timedCRL);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/peppol-commons-9.0.8.jar:com/helger/peppol/utils/CRLHelper$TimedCRL.class */
    public static class TimedCRL {
        private final LocalDateTime m_aReadDateTime;
        private final CRL m_aCRL;

        public TimedCRL(@Nonnull LocalDateTime localDateTime, @Nonnull CRL crl) {
            this.m_aReadDateTime = localDateTime;
            this.m_aCRL = crl;
        }

        @Nonnull
        public final LocalDateTime getReadDateTime() {
            return this.m_aReadDateTime;
        }

        public boolean isValid(@Nonnull Duration duration) {
            return this.m_aReadDateTime.plus((TemporalAmount) duration).isAfter(PDTFactory.getCurrentLocalDateTime());
        }

        @Nonnull
        public final CRL getCRL() {
            return this.m_aCRL;
        }

        @Nonnull
        public static TimedCRL ofNow(@Nonnull CRL crl) {
            return new TimedCRL(PDTFactory.getCurrentLocalDateTime(), crl);
        }
    }

    private CRLHelper() {
    }

    @Nonnull
    public static X509CRL convertToCRL(@Nonnull @Nonempty byte[] bArr) {
        ValueEnforcer.notEmpty(bArr, "CRLBytes");
        try {
            NonBlockingByteArrayInputStream nonBlockingByteArrayInputStream = new NonBlockingByteArrayInputStream(bArr);
            try {
                X509CRL x509crl = (X509CRL) CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID).generateCRL(nonBlockingByteArrayInputStream);
                nonBlockingByteArrayInputStream.close();
                return x509crl;
            } catch (Throwable th) {
                try {
                    nonBlockingByteArrayInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (CRLException e) {
            throw new IllegalArgumentException("Cannot generate X509CRL from the stream data", e);
        } catch (CertificateException e2) {
            throw new IllegalArgumentException(e2);
        }
    }

    @Nonnull
    public static ICommonsList<String> getAllDistributionPoints(@Nonnull X509Certificate x509Certificate) {
        ValueEnforcer.notNull(x509Certificate, "Certificate");
        CommonsArrayList commonsArrayList = new CommonsArrayList();
        byte[] extensionValue = x509Certificate.getExtensionValue(Extension.cRLDistributionPoints.getId());
        if (extensionValue != null) {
            try {
                ASN1InputStream aSN1InputStream = new ASN1InputStream(extensionValue);
                try {
                    try {
                        ASN1InputStream aSN1InputStream2 = new ASN1InputStream(((DEROctetString) aSN1InputStream.readObject()).getOctets());
                        try {
                            CRLDistPoint cRLDistPoint = CRLDistPoint.getInstance(aSN1InputStream2.readObject());
                            aSN1InputStream2.close();
                            for (DistributionPoint distributionPoint : cRLDistPoint.getDistributionPoints()) {
                                DistributionPointName distributionPoint2 = distributionPoint.getDistributionPoint();
                                if (distributionPoint2 != null && distributionPoint2.getType() == 0) {
                                    for (GeneralName generalName : GeneralNames.getInstance(distributionPoint2.getName()).getNames()) {
                                        if (generalName.getTagNo() == 6) {
                                            commonsArrayList.add(ASN1IA5String.getInstance(generalName.getName()).getString().trim());
                                        }
                                    }
                                }
                            }
                            aSN1InputStream.close();
                        } catch (Throwable th) {
                            try {
                                aSN1InputStream2.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                            throw th;
                        }
                    } finally {
                    }
                } catch (IOException e) {
                    throw new UncheckedIOException(e);
                }
            } catch (IOException e2) {
                throw new UncheckedIOException(e2);
            }
        }
        return commonsArrayList;
    }

    @Nullable
    public static CRL getCRLFromURL(@Nullable String str) {
        return getCRLFromURL(str, DEFAULT_CACHING_DURATION);
    }

    @Nullable
    public static CRL getCRLFromURL(@Nullable String str, @Nonnull Duration duration) {
        TimedCRL fromCache;
        ValueEnforcer.notNull(duration, "CachingDuration");
        if (!StringHelper.hasText(str) || (fromCache = CRLCache.INSTANCE.getFromCache(str)) == null) {
            return null;
        }
        if (fromCache.isValid(duration)) {
            return fromCache.getCRL();
        }
        CRLCache.INSTANCE.removeFromCache(str);
        TimedCRL fromCache2 = CRLCache.INSTANCE.getFromCache(str);
        if (fromCache2 != null) {
            return fromCache2.getCRL();
        }
        return null;
    }

    public static void setCRLOfURL(@Nonnull @Nonempty String str, @Nonnull CRL crl) {
        ValueEnforcer.notEmpty(str, "CRLURL");
        ValueEnforcer.notNull(crl, "CRL");
        CRLCache.INSTANCE.manuallyPutInCache(str, TimedCRL.ofNow(crl));
    }
}
