package br.net.woodstock.rockframework.security.cert.impl;

import br.net.woodstock.rockframework.security.cert.CertificateException;
import br.net.woodstock.rockframework.security.cert.CertificateType;
import br.net.woodstock.rockframework.security.cert.CertificateVerifier;
import br.net.woodstock.rockframework.util.Assert;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.X509Extension;

/* loaded from: input_file:br/net/woodstock/rockframework/security/cert/impl/CRLCertificateVerifier.class */
public class CRLCertificateVerifier implements CertificateVerifier {
    @Override // br.net.woodstock.rockframework.security.cert.CertificateVerifier
    public boolean verify(Certificate certificate) {
        Assert.notNull(certificate, "certificate");
        try {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            boolean z = true;
            Iterator<String> it = getCrlDistributionPointsURL(x509Certificate).iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (getCRLFromURL(it.next()).isRevoked(x509Certificate)) {
                    z = false;
                    break;
                }
            }
            return z;
        } catch (Exception e) {
            throw new CertificateException(e);
        }
    }

    private X509CRL getCRLFromURL(String str) throws GeneralSecurityException, IOException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance(CertificateType.X509.getType());
        InputStream openStream = new URL(str).openStream();
        X509CRL x509crl = (X509CRL) certificateFactory.generateCRL(openStream);
        openStream.close();
        return x509crl;
    }

    private List<String> getCrlDistributionPointsURL(X509Certificate x509Certificate) throws IOException {
        byte[] extensionValue = x509Certificate.getExtensionValue(X509Extension.cRLDistributionPoints.getId());
        if (extensionValue == null) {
            return Collections.emptyList();
        }
        CRLDistPoint cRLDistPoint = CRLDistPoint.getInstance(new ASN1InputStream(new ByteArrayInputStream(new ASN1InputStream(new ByteArrayInputStream(extensionValue)).readObject().getOctets())).readObject());
        ArrayList arrayList = new ArrayList();
        for (DistributionPoint distributionPoint : cRLDistPoint.getDistributionPoints()) {
            DistributionPointName distributionPoint2 = distributionPoint.getDistributionPoint();
            if (distributionPoint2 != null && distributionPoint2.getType() == 0) {
                GeneralName[] names = GeneralNames.getInstance(distributionPoint2.getName()).getNames();
                for (int i = 0; i < names.length; i++) {
                    if (names[i].getTagNo() == 6) {
                        arrayList.add(DERIA5String.getInstance(names[i].getName()).getString());
                    }
                }
            }
        }
        return arrayList;
    }
}
