package org.apereo.cas.adaptors.x509.authentication.handler.support;

import java.security.cert.X509CRL;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import org.apereo.cas.adaptors.x509.util.CertUtils;
import org.apereo.inspektr.aspect.TraceLogAspect;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.internal.AroundClosure;
import org.aspectj.runtime.reflect.Factory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.stereotype.Component;

@RefreshScope
@Component("thresholdExpiredCRLRevocationPolicy")
/* loaded from: input_file:org/apereo/cas/adaptors/x509/authentication/handler/support/ThresholdExpiredCRLRevocationPolicy.class */
public class ThresholdExpiredCRLRevocationPolicy implements RevocationPolicy<X509CRL> {
    private static final int DEFAULT_THRESHOLD = 172800;
    private transient Logger logger = LoggerFactory.getLogger(getClass());
    private int threshold = DEFAULT_THRESHOLD;
    private static final JoinPoint.StaticPart ajc$tjp_0 = null;

    /* loaded from: input_file:org/apereo/cas/adaptors/x509/authentication/handler/support/ThresholdExpiredCRLRevocationPolicy$AjcClosure1.class */
    public class AjcClosure1 extends AroundClosure {
        public AjcClosure1(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            ThresholdExpiredCRLRevocationPolicy.apply_aroundBody0((ThresholdExpiredCRLRevocationPolicy) objArr2[0], (X509CRL) objArr2[1], (JoinPoint) objArr2[2]);
            return null;
        }
    }

    @Override // org.apereo.cas.adaptors.x509.authentication.handler.support.RevocationPolicy
    public void apply(X509CRL x509crl) throws ExpiredCRLException {
        TraceLogAspect.aspectOf().traceMethod(new AjcClosure1(new Object[]{this, x509crl, Factory.makeJP(ajc$tjp_0, this, this, x509crl)}).linkClosureAndJoinPoint(69648));
    }

    @Autowired
    public void setThreshold(@Value("${cas.x509.authn.revocation.policy.threshold:172800}") int i) {
        this.threshold = i;
    }

    static {
        ajc$preClinit();
    }

    static final void apply_aroundBody0(ThresholdExpiredCRLRevocationPolicy thresholdExpiredCRLRevocationPolicy, X509CRL x509crl, JoinPoint joinPoint) {
        ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC);
        if (CertUtils.isExpired(x509crl, now)) {
            if (CertUtils.isExpired(x509crl, now.minusSeconds(thresholdExpiredCRLRevocationPolicy.threshold))) {
                throw new ExpiredCRLException(x509crl.toString(), now, thresholdExpiredCRLRevocationPolicy.threshold);
            }
            thresholdExpiredCRLRevocationPolicy.logger.info(String.format("CRL expired on %s but is within threshold period, %s seconds.", x509crl.getNextUpdate(), Integer.valueOf(thresholdExpiredCRLRevocationPolicy.threshold)));
        }
    }

    private static void ajc$preClinit() {
        Factory factory = new Factory("ThresholdExpiredCRLRevocationPolicy.java", ThresholdExpiredCRLRevocationPolicy.class);
        ajc$tjp_0 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "apply", "org.apereo.cas.adaptors.x509.authentication.handler.support.ThresholdExpiredCRLRevocationPolicy", "java.security.cert.X509CRL", "crl", "org.apereo.cas.adaptors.x509.authentication.handler.support.ExpiredCRLException", "void"), 51);
    }
}
