package org.nhindirect.stagent.cert.impl;

import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
import java.security.cert.CRL;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nhindirect.stagent.DefaultNHINDAgent;
import org.nhindirect.stagent.cert.RevocationManager;
import sun.security.x509.CRLDistributionPointsExtension;
import sun.security.x509.DistributionPoint;
import sun.security.x509.GeneralName;
import sun.security.x509.X509CRLImpl;
import sun.security.x509.X509CertImpl;

/* loaded from: input_file:org/nhindirect/stagent/cert/impl/CRLRevocationManager.class */
public class CRLRevocationManager implements RevocationManager {
    private static final int CRL_FETCH_TIMEOUT = 3000;
    private Set<CRL> crlCollection = new HashSet();
    private static CertificateFactory certificateFactory;
    private static final Log LOGGER = LogFactory.getFactory().getInstance(DefaultNHINDAgent.class);
    private static Map<String, X509CRLImpl> cache = new HashMap();

    private Set<CRL> getCRLCollection() {
        return Collections.unmodifiableSet(this.crlCollection);
    }

    private void loadCRLs(X509Certificate x509Certificate) {
        CRL crlFromUri;
        if (x509Certificate == null) {
            return;
        }
        try {
            CRLDistributionPointsExtension cRLDistributionPointsExtension = new X509CertImpl(x509Certificate.getEncoded()).getCRLDistributionPointsExtension();
            if (cRLDistributionPointsExtension != null) {
                Iterator it = ((List) cRLDistributionPointsExtension.get("points")).iterator();
                while (it.hasNext()) {
                    Iterator it2 = ((DistributionPoint) it.next()).getFullName().names().iterator();
                    while (it2.hasNext()) {
                        String generalName = ((GeneralName) it2.next()).toString();
                        if (generalName.startsWith("URIName: ") && (crlFromUri = getCrlFromUri(getNameString(generalName))) != null) {
                            this.crlCollection.add(crlFromUri);
                        }
                    }
                }
            }
        } catch (Exception e) {
            if (LOGGER.isWarnEnabled()) {
                LOGGER.warn("Unable to handle CDP CRL(s): " + e.getMessage());
            }
        }
    }

    @Override // org.nhindirect.stagent.cert.RevocationManager
    public boolean isRevoked(X509Certificate x509Certificate) {
        loadCRLs(x509Certificate);
        Iterator<CRL> it = getCRLCollection().iterator();
        while (it.hasNext()) {
            if (it.next().isRevoked(x509Certificate)) {
                return true;
            }
        }
        return false;
    }

    private X509CRLImpl getCrlFromUri(String str) {
        X509CRLImpl x509CRLImpl;
        if (str == null || str.trim().length() == 0) {
            return null;
        }
        synchronized (cache) {
            X509CRLImpl x509CRLImpl2 = cache.get(str);
            if (x509CRLImpl2 != null && x509CRLImpl2.getNextUpdate().before(new Date())) {
                cache.remove(str);
                x509CRLImpl2 = null;
            }
            if (x509CRLImpl2 == null) {
                try {
                    URLConnection openConnection = new URL(str).openConnection();
                    openConnection.setConnectTimeout(CRL_FETCH_TIMEOUT);
                    InputStream inputStream = openConnection.getInputStream();
                    try {
                        x509CRLImpl2 = (X509CRLImpl) certificateFactory.generateCRL(inputStream);
                        inputStream.close();
                        cache.put(str, x509CRLImpl2);
                    } catch (Throwable th) {
                        inputStream.close();
                        throw th;
                    }
                } catch (Exception e) {
                    if (LOGGER.isWarnEnabled()) {
                        LOGGER.warn("Unable to retrieve or parse CRL " + str);
                    }
                }
            }
            x509CRLImpl = x509CRLImpl2;
        }
        return x509CRLImpl;
    }

    protected String getNameString(String str) {
        return str.substring(9);
    }

    static {
        try {
            certificateFactory = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e) {
            e.printStackTrace();
        }
    }
}
