package org.apereo.cas.adaptors.x509.authentication.revocation;

import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.cert.X509CRLEntry;
import java.time.ZonedDateTime;
import java.time.temporal.TemporalAccessor;
import org.apereo.cas.util.DateTimeUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/adaptors/x509/authentication/revocation/RevokedCertificateException.class */
public class RevokedCertificateException extends GeneralSecurityException {
    public static final String CRL_REASON_OID = "2.5.29.21";
    private static final long serialVersionUID = 8827788431199129708L;
    private static final Logger LOGGER = LoggerFactory.getLogger(RevokedCertificateException.class);
    private final ZonedDateTime revocationDate;
    private final BigInteger serial;
    private final Reason reason;

    /* loaded from: input_file:org/apereo/cas/adaptors/x509/authentication/revocation/RevokedCertificateException$Reason.class */
    public enum Reason {
        Unspecified,
        KeyCompromise,
        CACompromise,
        AffiliationChanged,
        Superseded,
        CessationOfOperation,
        CertificateHold,
        RemoveFromCRL,
        PrivilegeWithdrawn,
        AACompromise;

        public static Reason fromCode(int i) {
            Reason[] values = values();
            for (int i2 = 0; i2 < values.length; i2++) {
                if (i2 == i) {
                    return values[i2];
                }
            }
            throw new IllegalArgumentException("Unknown CRL reason code.");
        }
    }

    public RevokedCertificateException(ZonedDateTime zonedDateTime, BigInteger bigInteger) {
        this(zonedDateTime, bigInteger, null);
    }

    public RevokedCertificateException(ZonedDateTime zonedDateTime, BigInteger bigInteger, Reason reason) {
        this.revocationDate = ZonedDateTime.from((TemporalAccessor) zonedDateTime);
        this.serial = bigInteger;
        this.reason = reason;
    }

    public RevokedCertificateException(X509CRLEntry x509CRLEntry) {
        this(DateTimeUtils.zonedDateTimeOf(x509CRLEntry.getRevocationDate()), x509CRLEntry.getSerialNumber(), getReasonFromX509Entry(x509CRLEntry));
    }

    private static Reason getReasonFromX509Entry(X509CRLEntry x509CRLEntry) {
        if (!x509CRLEntry.hasExtensions()) {
            return null;
        }
        try {
            int parseInt = Integer.parseInt(new String(x509CRLEntry.getExtensionValue(CRL_REASON_OID), "ASCII"));
            if (parseInt < Reason.values().length) {
                return Reason.fromCode(parseInt);
            }
            return null;
        } catch (Exception e) {
            LOGGER.trace("An exception occurred when resolving extension value: {}", e.getMessage());
            return null;
        }
    }

    public ZonedDateTime getRevocationDate() {
        if (this.revocationDate == null) {
            return null;
        }
        return ZonedDateTime.from((TemporalAccessor) this.revocationDate);
    }

    public BigInteger getSerial() {
        return this.serial;
    }

    public Reason getReason() {
        return this.reason;
    }

    @Override // java.lang.Throwable
    public String getMessage() {
        return this.reason != null ? String.format("Certificate %s revoked on %s for reason %s", this.serial, this.revocationDate, this.reason) : String.format("Certificate %s revoked on %s", this.serial, this.revocationDate);
    }
}
