package net.ripe.rpki.commons.crypto.cms;

import java.net.URI;
import java.util.Arrays;
import javax.security.auth.x500.X500Principal;
import net.ripe.rpki.commons.crypto.CertificateRepositoryObject;
import net.ripe.rpki.commons.crypto.ValidityPeriod;
import net.ripe.rpki.commons.crypto.crl.CrlLocator;
import net.ripe.rpki.commons.crypto.crl.X509Crl;
import net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate;
import net.ripe.rpki.commons.validation.ValidationLocation;
import net.ripe.rpki.commons.validation.ValidationOptions;
import net.ripe.rpki.commons.validation.ValidationResult;
import net.ripe.rpki.commons.validation.ValidationString;
import net.ripe.rpki.commons.validation.objectvalidators.CertificateRepositoryObjectValidationContext;
import net.ripe.rpki.commons.validation.objectvalidators.X509ResourceCertificateParentChildValidator;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.joda.time.DateTime;

/* loaded from: input_file:net/ripe/rpki/commons/crypto/cms/RpkiSignedObject.class */
public abstract class RpkiSignedObject implements CertificateRepositoryObject {
    private static final long serialVersionUID = 1;
    public static final String RSA_ENCRYPTION_OID = CMSSignedDataGenerator.ENCRYPTION_RSA;
    public static final String SHA256WITHRSA_ENCRYPTION_OID = PKCSObjectIdentifiers.sha256WithRSAEncryption.getId();
    public static final String DIGEST_ALGORITHM_OID = CMSSignedDataGenerator.DIGEST_SHA256;
    private byte[] encoded;
    private X509ResourceCertificate certificate;
    private String oid;
    private DateTime signingTime;

    /* JADX INFO: Access modifiers changed from: protected */
    public RpkiSignedObject(RpkiSignedObjectInfo rpkiSignedObjectInfo) {
        this(rpkiSignedObjectInfo.getEncoded(), rpkiSignedObjectInfo.getCertificate(), rpkiSignedObjectInfo.getContentType(), rpkiSignedObjectInfo.getSigningTime());
    }

    protected RpkiSignedObject(byte[] bArr, X509ResourceCertificate x509ResourceCertificate, ASN1ObjectIdentifier aSN1ObjectIdentifier, DateTime dateTime) {
        this.encoded = bArr;
        this.certificate = x509ResourceCertificate;
        this.oid = aSN1ObjectIdentifier.getId();
        this.signingTime = dateTime;
    }

    @Override // net.ripe.rpki.commons.crypto.CertificateRepositoryObject
    public byte[] getEncoded() {
        return this.encoded;
    }

    public DateTime getSigningTime() {
        return this.signingTime;
    }

    public ASN1ObjectIdentifier getContentType() {
        return new ASN1ObjectIdentifier(this.oid);
    }

    public X509ResourceCertificate getCertificate() {
        return this.certificate;
    }

    public boolean signedBy(X509ResourceCertificate x509ResourceCertificate) {
        return this.certificate.equals(x509ResourceCertificate);
    }

    public ValidityPeriod getValidityPeriod() {
        return this.certificate.getValidityPeriod();
    }

    public DateTime getNotValidBefore() {
        return this.certificate.getValidityPeriod().getNotValidBefore();
    }

    public DateTime getNotValidAfter() {
        return this.certificate.getValidityPeriod().getNotValidAfter();
    }

    public X500Principal getCertificateIssuer() {
        return getCertificate().getIssuer();
    }

    public X500Principal getCertificateSubject() {
        return getCertificate().getSubject();
    }

    @Override // net.ripe.rpki.commons.crypto.CertificateRepositoryObject
    public URI getCrlUri() {
        return getCertificate().findFirstRsyncCrlDistributionPoint();
    }

    @Override // net.ripe.rpki.commons.crypto.CertificateRepositoryObject
    public void validate(String str, CertificateRepositoryObjectValidationContext certificateRepositoryObjectValidationContext, CrlLocator crlLocator, ValidationOptions validationOptions, ValidationResult validationResult) {
        ValidationLocation currentLocation = validationResult.getCurrentLocation();
        validationResult.setLocation(new ValidationLocation(getCrlUri()));
        X509Crl crl = crlLocator.getCrl(getCrlUri(), certificateRepositoryObjectValidationContext, validationResult);
        validationResult.setLocation(currentLocation);
        validationResult.rejectIfNull(crl, ValidationString.OBJECTS_CRL_VALID, getCrlUri().toString());
        if (crl == null) {
            return;
        }
        new X509ResourceCertificateParentChildValidator(validationOptions, validationResult, certificateRepositoryObjectValidationContext.getCertificate(), crl, certificateRepositoryObjectValidationContext.getResources()).validate(str, getCertificate());
    }

    public int hashCode() {
        return Arrays.hashCode(getEncoded());
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj != null && getClass() == obj.getClass()) {
            return Arrays.equals(getEncoded(), ((RpkiSignedObject) obj).getEncoded());
        }
        return false;
    }
}
