package net.ripe.rpki.commons.crypto.crl;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.Serializable;
import java.math.BigInteger;
import java.net.URI;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Comparator;
import java.util.Iterator;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
import javax.security.auth.x500.X500Principal;
import net.ripe.rpki.commons.crypto.CertificateRepositoryObject;
import net.ripe.rpki.commons.crypto.x509cert.X509CertificateBuilderHelper;
import net.ripe.rpki.commons.crypto.x509cert.X509CertificateUtil;
import net.ripe.rpki.commons.util.EqualsSupport;
import net.ripe.rpki.commons.validation.ValidationOptions;
import net.ripe.rpki.commons.validation.ValidationResult;
import net.ripe.rpki.commons.validation.ValidationString;
import net.ripe.rpki.commons.validation.objectvalidators.CertificateRepositoryObjectValidationContext;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.Validate;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.x509.extension.X509ExtensionUtil;
import org.joda.time.DateTime;
import org.joda.time.DateTimeZone;

/* loaded from: input_file:net/ripe/rpki/commons/crypto/crl/X509Crl.class */
public class X509Crl implements CertificateRepositoryObject {
    private static final long serialVersionUID = 1;
    private final byte[] encoded;
    private transient X509CRL crl;

    /* loaded from: input_file:net/ripe/rpki/commons/crypto/crl/X509Crl$Entry.class */
    public static class Entry extends EqualsSupport implements Comparable<Entry>, Serializable {
        private static final long serialVersionUID = 1;
        private final BigInteger serialNumber;
        private final DateTime revocationDateTime;

        public Entry(BigInteger bigInteger, DateTime dateTime) {
            Validate.notNull(bigInteger, "serial is required");
            Validate.notNull(dateTime, "revocationDateTime is required");
            this.serialNumber = bigInteger;
            this.revocationDateTime = dateTime.withMillisOfSecond(0);
        }

        public Entry(X509CRLEntry x509CRLEntry) {
            this.serialNumber = x509CRLEntry.getSerialNumber();
            this.revocationDateTime = new DateTime(x509CRLEntry.getRevocationDate(), DateTimeZone.UTC);
        }

        public BigInteger getSerialNumber() {
            return this.serialNumber;
        }

        public DateTime getRevocationDateTime() {
            return this.revocationDateTime;
        }

        @Override // java.lang.Comparable
        public int compareTo(Entry entry) {
            return getSerialNumber().compareTo(entry.getSerialNumber());
        }
    }

    /* loaded from: input_file:net/ripe/rpki/commons/crypto/crl/X509Crl$X509CRLEntryComparator.class */
    public static class X509CRLEntryComparator implements Comparator<X509CRLEntry> {
        @Override // java.util.Comparator
        public int compare(X509CRLEntry x509CRLEntry, X509CRLEntry x509CRLEntry2) {
            return x509CRLEntry.getSerialNumber().compareTo(x509CRLEntry2.getSerialNumber());
        }
    }

    public X509Crl(byte[] bArr) {
        Validate.notNull(bArr);
        this.encoded = bArr;
    }

    public X509Crl(X509CRL x509crl) {
        Validate.notNull(x509crl);
        try {
            this.crl = x509crl;
            this.encoded = x509crl.getEncoded();
        } catch (CRLException e) {
            throw new IllegalArgumentException(e);
        }
    }

    @Override // net.ripe.rpki.commons.crypto.CertificateRepositoryObject
    public byte[] getEncoded() {
        return this.encoded;
    }

    public X509CRL getCrl() {
        if (this.crl == null) {
            this.crl = makeX509CRLFromEncoded(this.encoded);
        }
        return this.crl;
    }

    public static X509Crl parseDerEncoded(byte[] bArr, ValidationResult validationResult) {
        try {
            X509Crl x509Crl = new X509Crl(makeX509CRLFromEncoded(bArr));
            validationResult.pass(ValidationString.CRL_PARSED, new String[0]);
            return x509Crl;
        } catch (IllegalArgumentException e) {
            validationResult.error(ValidationString.CRL_PARSED, new String[0]);
            throw e;
        }
    }

    private static X509CRL makeX509CRLFromEncoded(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        ByteArrayInputStream byteArrayInputStream = null;
        try {
            try {
                byteArrayInputStream = new ByteArrayInputStream(bArr);
                X509CRL x509crl = (X509CRL) CertificateFactory.getInstance("X.509").generateCRL(byteArrayInputStream);
                if (byteArrayInputStream != null) {
                    IOUtils.closeQuietly(byteArrayInputStream);
                }
                return x509crl;
            } catch (CRLException e) {
                throw new IllegalArgumentException(e);
            } catch (CertificateException e2) {
                throw new IllegalArgumentException(e2);
            }
        } catch (Throwable th) {
            if (byteArrayInputStream != null) {
                IOUtils.closeQuietly(byteArrayInputStream);
            }
            throw th;
        }
    }

    public int hashCode() {
        return (31 * 1) + Arrays.hashCode(this.encoded);
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj != null && getClass() == obj.getClass()) {
            return Arrays.equals(this.encoded, ((X509Crl) obj).encoded);
        }
        return false;
    }

    public byte[] getAuthorityKeyIdentifier() {
        return X509CertificateUtil.getAuthorityKeyIdentifier(getCrl());
    }

    public DateTime getThisUpdateTime() {
        return new DateTime(getCrl().getThisUpdate(), DateTimeZone.UTC);
    }

    public DateTime getNextUpdateTime() {
        return new DateTime(getCrl().getNextUpdate(), DateTimeZone.UTC);
    }

    public X500Principal getIssuer() {
        return getCrl().getIssuerX500Principal();
    }

    @Override // net.ripe.rpki.commons.crypto.CertificateRepositoryObject
    public void validate(String str, CertificateRepositoryObjectValidationContext certificateRepositoryObjectValidationContext, CrlLocator crlLocator, ValidationOptions validationOptions, ValidationResult validationResult) {
        new X509CrlValidator(validationOptions, validationResult, certificateRepositoryObjectValidationContext.getCertificate()).validate(str, this);
    }

    public int getVersion() {
        return getCrl().getVersion();
    }

    public String getSigAlgName() {
        return getCrl().getSigAlgName();
    }

    public SortedSet<Entry> getRevokedCertificates() {
        TreeSet treeSet = new TreeSet();
        Set<? extends X509CRLEntry> revokedCertificates = getCrl().getRevokedCertificates();
        if (revokedCertificates != null) {
            Iterator<? extends X509CRLEntry> it = revokedCertificates.iterator();
            while (it.hasNext()) {
                treeSet.add(new Entry(it.next()));
            }
        }
        return treeSet;
    }

    public Entry getRevokedCertificate(BigInteger bigInteger) {
        X509CRLEntry revokedCertificate = getCrl().getRevokedCertificate(bigInteger);
        if (revokedCertificate == null) {
            return null;
        }
        return new Entry(revokedCertificate);
    }

    public BigInteger getNumber() {
        try {
            byte[] extensionValue = getCrl().getExtensionValue(X509Extension.cRLNumber.getId());
            if (extensionValue == null) {
                return null;
            }
            return X509ExtensionUtil.fromExtensionValue(extensionValue).getPositiveValue();
        } catch (IOException e) {
            throw new X509CrlException("cannot get CRLNumber extension from CRL", e);
        }
    }

    @Override // net.ripe.rpki.commons.crypto.CertificateRepositoryObject
    public URI getCrlUri() {
        return null;
    }

    @Override // net.ripe.rpki.commons.crypto.CertificateRepositoryObject
    public URI getParentCertificateUri() {
        throw new UnsupportedOperationException();
    }

    public void verify(PublicKey publicKey) throws SignatureException {
        try {
            getCrl().verify(publicKey, X509CertificateBuilderHelper.DEFAULT_SIGNATURE_PROVIDER);
        } catch (InvalidKeyException e) {
            throw new IllegalArgumentException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalArgumentException(e2);
        } catch (NoSuchProviderException e3) {
            throw new IllegalArgumentException(e3);
        } catch (CRLException e4) {
            throw new IllegalArgumentException(e4);
        }
    }

    public boolean isRevoked(X509Certificate x509Certificate) {
        return getCrl().isRevoked(x509Certificate);
    }
}
