package net.ripe.rpki.commons.crypto.x509cert;

import java.net.URI;
import java.security.cert.X509Certificate;
import net.ripe.rpki.commons.crypto.crl.CrlLocator;
import net.ripe.rpki.commons.crypto.crl.X509Crl;
import net.ripe.rpki.commons.validation.ValidationLocation;
import net.ripe.rpki.commons.validation.ValidationOptions;
import net.ripe.rpki.commons.validation.ValidationResult;
import net.ripe.rpki.commons.validation.ValidationString;
import net.ripe.rpki.commons.validation.objectvalidators.CertificateRepositoryObjectValidationContext;
import net.ripe.rpki.commons.validation.objectvalidators.X509RouterCertificateValidator;

/* loaded from: input_file:net/ripe/rpki/commons/crypto/x509cert/X509RouterCertificate.class */
public class X509RouterCertificate extends X509GenericCertificate implements X509CertificateObject {
    private Boolean revoked;

    /* JADX INFO: Access modifiers changed from: protected */
    public X509RouterCertificate(X509Certificate x509Certificate) {
        super(x509Certificate);
    }

    @Override // net.ripe.rpki.commons.crypto.CertificateRepositoryObject
    public URI getCrlUri() {
        return findFirstRsyncCrlDistributionPoint();
    }

    @Override // net.ripe.rpki.commons.crypto.CertificateRepositoryObject
    public URI getParentCertificateUri() {
        return findFirstAuthorityInformationAccessByMethod(X509CertificateInformationAccessDescriptor.ID_CA_CA_ISSUERS);
    }

    @Override // net.ripe.rpki.commons.crypto.CertificateRepositoryObject
    public void validate(String str, CertificateRepositoryObjectValidationContext certificateRepositoryObjectValidationContext, CrlLocator crlLocator, ValidationOptions validationOptions, ValidationResult validationResult) {
        ValidationLocation currentLocation = validationResult.getCurrentLocation();
        validationResult.setLocation(new ValidationLocation(getCrlUri()));
        validationResult.setLocation(currentLocation);
        X509Crl crl = crlLocator.getCrl(getCrlUri(), certificateRepositoryObjectValidationContext, validationResult);
        if (crl == null) {
            validationResult.rejectIfFalse(false, ValidationString.OBJECTS_CRL_VALID, getCrlUri().toString());
        } else {
            new X509RouterCertificateValidator(validationOptions, validationResult, certificateRepositoryObjectValidationContext.getRouterCertificate(), crl).validate(str, (String) this);
            this.revoked = Boolean.valueOf(hasErrorInRevocationCheck(validationResult.getFailures(new ValidationLocation(str))));
        }
    }

    @Override // net.ripe.rpki.commons.crypto.CertificateRepositoryObject
    public void validate(String str, CertificateRepositoryObjectValidationContext certificateRepositoryObjectValidationContext, X509Crl x509Crl, URI uri, ValidationOptions validationOptions, ValidationResult validationResult) {
        if (!isRoot() && x509Crl == null) {
            validationResult.rejectIfFalse(false, ValidationString.OBJECTS_CRL_VALID, uri.toString());
        } else {
            new X509RouterCertificateValidator(validationOptions, validationResult, certificateRepositoryObjectValidationContext.getRouterCertificate(), x509Crl).validate(str, (String) this);
            this.revoked = Boolean.valueOf(hasErrorInRevocationCheck(validationResult.getFailures(new ValidationLocation(str))));
        }
    }

    @Override // net.ripe.rpki.commons.crypto.CertificateRepositoryObject
    public boolean isPastValidityTime() {
        return getValidityPeriod().isExpiredNow();
    }

    @Override // net.ripe.rpki.commons.crypto.CertificateRepositoryObject
    public boolean isRevoked() {
        if (this.revoked == null) {
            throw new IllegalStateException("isRevoked() could only be called after validate()");
        }
        return this.revoked.booleanValue();
    }
}
