package br.net.woodstock.rockframework.security.cert.impl;

import br.net.woodstock.rockframework.security.cert.CertificateException;
import br.net.woodstock.rockframework.security.cert.CertificateType;
import br.net.woodstock.rockframework.security.cert.CertificateValidator;
import br.net.woodstock.rockframework.security.cert.ValidationError;
import br.net.woodstock.rockframework.security.util.BouncyCastleProviderHelper;
import br.net.woodstock.rockframework.util.Assert;
import br.net.woodstock.rockframework.utils.CollectionUtils;
import br.net.woodstock.rockframework.utils.ConditionUtils;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.X509Extension;

/* loaded from: input_file:br/net/woodstock/rockframework/security/cert/impl/CRLCertificateValidator.class */
public class CRLCertificateValidator implements CertificateValidator {
    public static final String VALIDATOR_NAME = "CRL Validator";
    private URL url;

    public CRLCertificateValidator() {
    }

    public CRLCertificateValidator(URL url) {
        Assert.notNull(url, "url");
        this.url = url;
    }

    @Override // br.net.woodstock.rockframework.security.cert.CertificateValidator
    public ValidationError[] validate(Certificate[] certificateArr) {
        Assert.notEmpty(certificateArr, "chain");
        try {
            X509Certificate x509Certificate = (X509Certificate) certificateArr[0];
            URL url = null;
            if (this.url == null) {
                URL[] crlDistributionPointsURL = getCrlDistributionPointsURL(x509Certificate);
                if (ConditionUtils.isNotEmpty(crlDistributionPointsURL)) {
                    url = crlDistributionPointsURL[0];
                }
            } else {
                url = this.url;
            }
            return url == null ? new ValidationError[]{new ValidationError(VALIDATOR_NAME, "No url found for validation")} : getCRLFromURL(url).isRevoked(x509Certificate) ? new ValidationError[]{new ValidationError(VALIDATOR_NAME, "Certificate revoked")} : new ValidationError[0];
        } catch (Exception e) {
            throw new CertificateException(e);
        }
    }

    private X509CRL getCRLFromURL(URL url) throws GeneralSecurityException, IOException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance(CertificateType.X509.getType());
        InputStream openStream = url.openStream();
        X509CRL x509crl = (X509CRL) certificateFactory.generateCRL(openStream);
        openStream.close();
        return x509crl;
    }

    public static URL[] getCrlDistributionPointsURL(Certificate certificate) throws IOException {
        byte[] extensionValue = ((X509Certificate) certificate).getExtensionValue(X509Extension.cRLDistributionPoints.getId());
        if (extensionValue == null) {
            return new URL[0];
        }
        CRLDistPoint cRLDistPoint = CRLDistPoint.getInstance(BouncyCastleProviderHelper.toASN1Primitive(BouncyCastleProviderHelper.toASN1Primitive(extensionValue).getOctets()));
        HashSet hashSet = new HashSet();
        for (DistributionPoint distributionPoint : cRLDistPoint.getDistributionPoints()) {
            DistributionPointName distributionPoint2 = distributionPoint.getDistributionPoint();
            if (distributionPoint2 != null && distributionPoint2.getType() == 0) {
                GeneralName[] names = GeneralNames.getInstance(distributionPoint2.getName()).getNames();
                for (int i = 0; i < names.length; i++) {
                    if (names[i].getTagNo() == 6) {
                        hashSet.add(new URL(DERIA5String.getInstance(names[i].getName()).getString()));
                    }
                }
            }
        }
        return (URL[]) CollectionUtils.toArray(hashSet, URL.class);
    }
}
