package org.apereo.cas.adaptors.x509.authentication.revocation.policy;

import java.security.cert.X509CRL;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import org.apereo.cas.adaptors.x509.authentication.ExpiredCRLException;
import org.apereo.cas.adaptors.x509.util.CertUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/adaptors/x509/authentication/revocation/policy/ThresholdExpiredCRLRevocationPolicy.class */
public class ThresholdExpiredCRLRevocationPolicy implements RevocationPolicy<X509CRL> {
    private transient Logger logger = LoggerFactory.getLogger(getClass());
    private int threshold;

    @Override // org.apereo.cas.adaptors.x509.authentication.revocation.policy.RevocationPolicy
    public void apply(X509CRL x509crl) throws ExpiredCRLException {
        ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC);
        if (CertUtils.isExpired(x509crl, now)) {
            if (CertUtils.isExpired(x509crl, now.minusSeconds(this.threshold))) {
                throw new ExpiredCRLException(x509crl.toString(), now, this.threshold);
            }
            this.logger.info(String.format("CRL expired on %s but is within threshold period, %s seconds.", x509crl.getNextUpdate(), Integer.valueOf(this.threshold)));
        }
    }

    public void setThreshold(int i) {
        this.threshold = i;
    }
}
