package org.xipki.ca.server;

import java.io.Closeable;
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CRLException;
import java.time.Duration;
import java.time.Instant;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.LinkedList;
import java.util.List;
import java.util.Random;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import org.apache.logging.log4j.util.ProcessIdUtil;
import org.bouncycastle.asn1.ASN1GeneralizedTime;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.DERGeneralizedTime;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.CRLReason;
import org.bouncycastle.asn1.x509.CertificateList;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
import org.bouncycastle.asn1.x509.ReasonFlags;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509CRLHolder;
import org.bouncycastle.cert.X509v2CRLBuilder;
import org.slf4j.Logger;
import org.xipki.audit.AuditEvent;
import org.xipki.ca.api.PublicCaInfo;
import org.xipki.ca.api.mgmt.CaManager;
import org.xipki.ca.api.mgmt.CrlControl;
import org.xipki.ca.api.mgmt.RequestorInfo;
import org.xipki.ca.sdk.CaAuditConstants;
import org.xipki.ca.server.db.CertStore;
import org.xipki.ca.server.mgmt.CaManagerImpl;
import org.xipki.security.ConcurrentBagEntrySigner;
import org.xipki.security.ConcurrentContentSigner;
import org.xipki.security.CrlReason;
import org.xipki.security.KeyUsage;
import org.xipki.security.NoIdleSignerException;
import org.xipki.security.X509Cert;
import org.xipki.security.util.X509Util;
import org.xipki.util.Args;
import org.xipki.util.CollectionUtil;
import org.xipki.util.DateUtil;
import org.xipki.util.HourMinute;
import org.xipki.util.LogUtil;
import org.xipki.util.exception.ErrorCode;
import org.xipki.util.exception.OperationException;

/* loaded from: input_file:WEB-INF/lib/ca-server-6.4.0.jar:org/xipki/ca/server/X509CrlModule.class */
public class X509CrlModule extends X509CaModule implements Closeable {
    private final X509Cert caCert;
    private final int shardId;
    private final CertStore certstore;
    private final CaManagerImpl caManager;
    private final AtomicBoolean crlGenInProcess;
    private ScheduledFuture<?> crlGenerationService;
    private final X509PublisherModule publisher;

    /* loaded from: input_file:WEB-INF/lib/ca-server-6.4.0.jar:org/xipki/ca/server/X509CrlModule$CrlGenerationService.class */
    private class CrlGenerationService implements Runnable {
        private CrlGenerationService() {
        }

        @Override // java.lang.Runnable
        public void run() {
            if (X509CrlModule.this.caInfo.getCrlControl() == null || X509CrlModule.this.crlGenInProcess.get()) {
                return;
            }
            X509CrlModule.this.crlGenInProcess.set(true);
            try {
                run0();
            } catch (Throwable th) {
                LogUtil.error(X509CrlModule.this.LOG, th);
            } finally {
                X509CrlModule.this.crlGenInProcess.set(false);
            }
        }

        private void run0() throws OperationException {
            boolean isBefore;
            CrlControl crlControl = X509CrlModule.this.caInfo.getCrlControl();
            long thisUpdateOfCurrentCrl = X509CrlModule.this.certstore.getThisUpdateOfCurrentCrl(X509CrlModule.this.caIdent, false);
            Instant now = Instant.now();
            if (thisUpdateOfCurrentCrl == 0) {
                isBefore = true;
            } else {
                Instant plus = X509CrlModule.this.getScheduledCrlGenTimeNotAfter(Instant.ofEpochSecond(thisUpdateOfCurrentCrl)).plus(crlControl.getFullCrlIntervals() * crlControl.getIntervalHours(), (TemporalUnit) ChronoUnit.HOURS);
                isBefore = plus.isBefore(now);
                if (isBefore && Duration.between(plus, now).getSeconds() < X509CrlModule.this.shardId * 10) {
                    isBefore = false;
                }
            }
            boolean z = false;
            if (crlControl.getDeltaCrlIntervals() > 0 && !isBefore) {
                Instant plus2 = X509CrlModule.this.getScheduledCrlGenTimeNotAfter(Instant.ofEpochSecond(Math.max(X509CrlModule.this.certstore.getThisUpdateOfCurrentCrl(X509CrlModule.this.caIdent, true), thisUpdateOfCurrentCrl))).plus(crlControl.getDeltaCrlIntervals() * crlControl.getIntervalHours(), (TemporalUnit) ChronoUnit.HOURS);
                z = plus2.isBefore(now);
                if (z && Duration.between(plus2, now).getSeconds() < X509CrlModule.this.shardId * 10) {
                    z = false;
                }
            }
            if (!isBefore && !z) {
                X509CrlModule.this.LOG.debug("No CRL is needed to be created");
                return;
            }
            try {
                X509CrlModule.this.scheduledGenerateCrl(z, now, crlControl.getOverlap().add(X509CrlModule.this.getScheduledCrlGenTimeNotAfter(now).plus((z ? crlControl.getDeltaCrlIntervals() : (crlControl.isExtendedNextUpdate() || crlControl.getDeltaCrlIntervals() <= 0) ? crlControl.getFullCrlIntervals() : crlControl.getDeltaCrlIntervals()) * crlControl.getIntervalHours(), (TemporalUnit) ChronoUnit.HOURS)));
            } catch (Throwable th) {
                LogUtil.error(X509CrlModule.this.LOG, th);
            }
        }
    }

    public X509CrlModule(CaManagerImpl caManagerImpl, CaInfo caInfo, CertStore certStore, X509PublisherModule x509PublisherModule) throws OperationException {
        super(caInfo);
        this.crlGenInProcess = new AtomicBoolean(false);
        this.shardId = caManagerImpl.getShardId();
        this.publisher = x509PublisherModule;
        this.caManager = (CaManagerImpl) Args.notNull(caManagerImpl, "caManager");
        this.caCert = caInfo.getCert();
        this.certstore = (CertStore) Args.notNull(certStore, "certstore");
        if (caInfo.getCrlControl() != null) {
            if (!(caInfo.getCrlSignerName() != null ? getCrlSigner().getDbEntry().getCertificate() : this.caCert).hasKeyusage(KeyUsage.cRLSign)) {
                this.LOG.error("CRL signer does not have keyusage cRLSign");
                throw new OperationException(ErrorCode.SYSTEM_FAILURE, "CRL signer does not have keyusage cRLSign");
            }
        }
        this.crlGenerationService = caManagerImpl.getScheduledThreadPoolExecutor().scheduleAtFixedRate(new CrlGenerationService(), 60 + new Random().nextInt(60), 60L, TimeUnit.SECONDS);
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        if (this.crlGenerationService != null) {
            this.crlGenerationService.cancel(false);
            this.crlGenerationService = null;
        }
    }

    public X509CRLHolder getCurrentCrl(RequestorInfo requestorInfo) throws OperationException {
        return getCrl(requestorInfo, null);
    }

    public X509CRLHolder getCrl(RequestorInfo requestorInfo, BigInteger bigInteger) throws OperationException {
        this.LOG.info("     START getCrl: ca={}, crlNumber={}", this.caIdent.getName(), bigInteger);
        boolean z = false;
        AuditEvent newAuditEvent = newAuditEvent(bigInteger == null ? CaAuditConstants.TYPE_download_crl : CaAuditConstants.TYPE_downlaod_crl4number, requestorInfo);
        if (bigInteger != null) {
            newAuditEvent.addEventData(CaAuditConstants.NAME_crl_number, bigInteger);
        }
        try {
            byte[] encodedCrl = this.certstore.getEncodedCrl(this.caIdent, bigInteger);
            if (encodedCrl == null) {
                if (0 == 0) {
                    this.LOG.info("    FAILED getCrl: ca={}", this.caIdent.getName());
                }
                finish(newAuditEvent, false);
                return null;
            }
            try {
                X509CRLHolder parseCrl = X509Util.parseCrl(encodedCrl);
                z = true;
                if (this.LOG.isInfoEnabled()) {
                    this.LOG.info("SUCCESSFUL getCrl: ca={}, thisUpdate={}", this.caIdent.getName(), parseCrl.getThisUpdate());
                }
                if (1 == 0) {
                    this.LOG.info("    FAILED getCrl: ca={}", this.caIdent.getName());
                }
                finish(newAuditEvent, true);
                return parseCrl;
            } catch (RuntimeException | CRLException e) {
                throw new OperationException(ErrorCode.SYSTEM_FAILURE, e);
            }
        } catch (Throwable th) {
            if (!z) {
                this.LOG.info("    FAILED getCrl: ca={}", this.caIdent.getName());
            }
            finish(newAuditEvent, z);
            throw th;
        }
    }

    public CertificateList getBcCurrentCrl(RequestorInfo requestorInfo) throws OperationException {
        return getBcCrl(requestorInfo, null);
    }

    public CertificateList getBcCrl(RequestorInfo requestorInfo, BigInteger bigInteger) throws OperationException {
        this.LOG.info("     START getCrl: ca={}, crlNumber={}", this.caIdent.getName(), bigInteger);
        boolean z = false;
        AuditEvent newAuditEvent = newAuditEvent(bigInteger == null ? CaAuditConstants.TYPE_download_crl : CaAuditConstants.TYPE_downlaod_crl4number, requestorInfo);
        if (bigInteger != null) {
            newAuditEvent.addEventData(CaAuditConstants.NAME_crl_number, bigInteger);
        }
        try {
            byte[] encodedCrl = this.certstore.getEncodedCrl(this.caIdent, bigInteger);
            if (encodedCrl == null) {
                if (0 == 0) {
                    this.LOG.info("    FAILED getCrl: ca={}", this.caIdent.getName());
                }
                finish(newAuditEvent, false);
                return null;
            }
            try {
                CertificateList certificateList = CertificateList.getInstance(encodedCrl);
                z = true;
                if (this.LOG.isInfoEnabled()) {
                    this.LOG.info("SUCCESSFUL getCrl: ca={}, thisUpdate={}", this.caIdent.getName(), certificateList.getThisUpdate().getTime());
                }
                if (1 == 0) {
                    this.LOG.info("    FAILED getCrl: ca={}", this.caIdent.getName());
                }
                finish(newAuditEvent, true);
                return certificateList;
            } catch (RuntimeException e) {
                throw new OperationException(ErrorCode.SYSTEM_FAILURE, e);
            }
        } catch (Throwable th) {
            if (!z) {
                this.LOG.info("    FAILED getCrl: ca={}", this.caIdent.getName());
            }
            finish(newAuditEvent, z);
            throw th;
        }
    }

    private void cleanupCrlsWithoutException() {
        int cleanupCrls;
        try {
            int numCrls = this.caInfo.getNumCrls();
            this.LOG.info("     START cleanupCrls: ca={}, numCrls={}", this.caIdent.getName(), Integer.valueOf(numCrls));
            AuditEvent newAuditEvent = newAuditEvent(CaAuditConstants.TYPE_cleanup_crl, null);
            boolean z = false;
            if (numCrls <= 0) {
                cleanupCrls = 0;
            } else {
                try {
                    cleanupCrls = this.certstore.cleanupCrls(this.caIdent, this.caInfo.getNumCrls());
                } catch (Throwable th) {
                    if (!z) {
                        this.LOG.info("    FAILED cleanupCrls: ca={}", this.caIdent.getName());
                    }
                    finish(newAuditEvent, z);
                    throw th;
                }
            }
            int i = cleanupCrls;
            z = true;
            newAuditEvent.addEventData(CaAuditConstants.NAME_num, Integer.valueOf(i));
            this.LOG.info("SUCCESSFUL cleanupCrls: ca={}, num={}", this.caIdent.getName(), Integer.valueOf(i));
            if (1 == 0) {
                this.LOG.info("    FAILED cleanupCrls: ca={}", this.caIdent.getName());
            }
            finish(newAuditEvent, true);
        } catch (Throwable th2) {
            this.LOG.warn("could not cleanup CRLs.{}: {}", th2.getClass().getName(), th2.getMessage());
        }
    }

    public X509CRLHolder generateCrlOnDemand(RequestorInfo requestorInfo) throws OperationException {
        CrlControl crlControl = this.caInfo.getCrlControl();
        if (crlControl == null) {
            throw new OperationException(ErrorCode.NOT_PERMITTED, "CA could not generate CRL");
        }
        if (this.crlGenInProcess.get()) {
            throw new OperationException(ErrorCode.SYSTEM_UNAVAILABLE, "TRY_LATER");
        }
        this.crlGenInProcess.set(true);
        try {
            Instant now = Instant.now();
            X509CRLHolder generateCrl = generateCrl(false, requestorInfo, false, now, crlControl.getOverlap().add(getScheduledCrlGenTimeNotAfter(now).plus(((crlControl.isExtendedNextUpdate() || crlControl.getDeltaCrlIntervals() <= 0) ? crlControl.getFullCrlIntervals() : crlControl.getDeltaCrlIntervals()) * crlControl.getIntervalHours(), (TemporalUnit) ChronoUnit.HOURS)));
            this.crlGenInProcess.set(false);
            return generateCrl;
        } catch (Throwable th) {
            this.crlGenInProcess.set(false);
            throw th;
        }
    }

    private void scheduledGenerateCrl(boolean z, Instant instant, Instant instant2) throws OperationException {
        AuditEvent newAuditEvent = newAuditEvent("gen_crl", null);
        try {
            generateCrl0(true, z, instant, instant2, newAuditEvent);
            finish(newAuditEvent, true);
        } catch (OperationException e) {
            finish(newAuditEvent, false);
            throw e;
        }
    }

    private X509CRLHolder generateCrl(boolean z, RequestorInfo requestorInfo, boolean z2, Instant instant, Instant instant2) throws OperationException {
        AuditEvent newAuditEvent = newAuditEvent("gen_crl", requestorInfo);
        try {
            X509CRLHolder generateCrl0 = generateCrl0(z, z2, instant, instant2, newAuditEvent);
            finish(newAuditEvent, true);
            return generateCrl0;
        } catch (OperationException e) {
            finish(newAuditEvent, false);
            throw e;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r14v0, types: [org.xipki.audit.AuditEvent] */
    private X509CRLHolder generateCrl0(boolean z, boolean z2, Instant instant, Instant instant2, AuditEvent auditEvent) throws OperationException {
        List<CertRevInfoWithSerial> revokedCerts;
        CrlControl crlControl = this.caInfo.getCrlControl();
        if (crlControl == null) {
            throw new OperationException(ErrorCode.NOT_PERMITTED, "CRL generation is not allowed");
        }
        BigInteger bigInteger = null;
        if (z2) {
            bigInteger = this.caInfo.getMaxFullCrlNumber();
            if (bigInteger == null) {
                throw new OperationException(ErrorCode.SYSTEM_FAILURE, "Should not happen. No FullCRL is available while generating DeltaCRL");
            }
        }
        Logger logger = this.LOG;
        Object[] objArr = new Object[5];
        objArr[0] = this.caIdent.getName();
        objArr[1] = Boolean.valueOf(z2);
        objArr[2] = instant;
        objArr[3] = instant2;
        objArr[4] = z2 ? bigInteger : ProcessIdUtil.DEFAULT_PROCESSID;
        logger.info("     START generateCrl: ca={}, deltaCRL={}, thisUpdate={}, nextUpdate={}, baseCRLNumber={}", objArr);
        auditEvent.addEventData(CaAuditConstants.NAME_crl_type, z2 ? "DELTA_CRL" : "FULL_CRL");
        if (instant2 == null) {
            auditEvent.addEventData(CaAuditConstants.NAME_next_update, CaManager.NULL);
        } else {
            auditEvent.addEventData(CaAuditConstants.NAME_next_update, DateUtil.toUtcTimeyyyyMMddhhmmss(instant2));
            if (instant2.getEpochSecond() - instant.getEpochSecond() < 600) {
                throw new OperationException(ErrorCode.CRL_FAILURE, "nextUpdate and thisUpdate are too close");
            }
        }
        try {
            SignerEntryWrapper crlSigner = getCrlSigner();
            PublicCaInfo publicCaInfo = this.caInfo.getPublicCaInfo();
            boolean z3 = crlSigner != null;
            X500Name subject = z3 ? crlSigner.getSubject() : publicCaInfo.getSubject();
            X509v2CRLBuilder x509v2CRLBuilder = new X509v2CRLBuilder(subject, Date.from(instant));
            if (instant2 != null) {
                x509v2CRLBuilder.setNextUpdate(Date.from(instant2));
            }
            CrlControl crlControl2 = this.caInfo.getCrlControl();
            boolean isIncludeExpiredcerts = crlControl2.isIncludeExpiredcerts();
            Instant ofEpochSecond = isIncludeExpiredcerts ? Instant.ofEpochSecond(0L) : instant.minus(600L, (TemporalUnit) ChronoUnit.SECONDS);
            List<CertRevInfoWithSerial> linkedList = new LinkedList();
            if (z2) {
                linkedList = this.certstore.getCertsForDeltaCrl(this.caIdent, bigInteger, ofEpochSecond);
            } else {
                long j = 1;
                do {
                    revokedCerts = this.certstore.getRevokedCerts(this.caIdent, ofEpochSecond, j, 100);
                    linkedList.addAll(revokedCerts);
                    long j2 = 1;
                    for (CertRevInfoWithSerial certRevInfoWithSerial : revokedCerts) {
                        if (certRevInfoWithSerial.getId() > j2) {
                            j2 = certRevInfoWithSerial.getId();
                        }
                    }
                    j = j2 + 1;
                } while (revokedCerts.size() >= 100);
                revokedCerts.clear();
            }
            if (z3 && linkedList.isEmpty()) {
                x509v2CRLBuilder.addCRLEntry(BigInteger.ZERO, new Date(0L), new Extensions(createCertificateIssuerExtension(publicCaInfo.getSubject())));
                this.LOG.debug("added cert ca={} serial=0 to the indirect CRL", this.caIdent);
            } else {
                Collections.sort(linkedList);
                boolean z4 = true;
                for (CertRevInfoWithSerial certRevInfoWithSerial2 : linkedList) {
                    CrlReason reason = certRevInfoWithSerial2.getReason();
                    if (crlControl2.isExcludeReason() && reason != CrlReason.REMOVE_FROM_CRL) {
                        reason = CrlReason.UNSPECIFIED;
                    }
                    Instant revocationTime = certRevInfoWithSerial2.getRevocationTime();
                    Instant invalidityTime = certRevInfoWithSerial2.getInvalidityTime();
                    switch (crlControl2.getInvalidityDateMode()) {
                        case forbidden:
                            invalidityTime = null;
                            break;
                        case optional:
                            break;
                        case required:
                            if (invalidityTime == null) {
                                invalidityTime = revocationTime;
                                break;
                            }
                            break;
                        default:
                            throw new IllegalStateException("unknown TripleState " + crlControl2.getInvalidityDateMode());
                    }
                    BigInteger serial = certRevInfoWithSerial2.getSerial();
                    this.LOG.debug("added cert ca={} serial={} to CRL", this.caIdent, serial);
                    if (z3 && z4) {
                        ArrayList arrayList = new ArrayList(3);
                        if (reason != CrlReason.UNSPECIFIED) {
                            arrayList.add(createReasonExtension(reason.getCode()));
                        }
                        if (invalidityTime != null) {
                            arrayList.add(createInvalidityDateExtension(invalidityTime));
                        }
                        arrayList.add(createCertificateIssuerExtension(publicCaInfo.getSubject()));
                        x509v2CRLBuilder.addCRLEntry(serial, Date.from(revocationTime), new Extensions((Extension[]) arrayList.toArray(new Extension[0])));
                        z4 = false;
                    } else if (invalidityTime != null) {
                        x509v2CRLBuilder.addCRLEntry(serial, Date.from(revocationTime), reason.getCode(), Date.from(invalidityTime));
                    } else {
                        x509v2CRLBuilder.addCRLEntry(serial, Date.from(revocationTime), reason.getCode());
                    }
                }
                linkedList.clear();
            }
            BigInteger nextCrlNumber = this.caInfo.nextCrlNumber();
            auditEvent.addEventData(CaAuditConstants.NAME_crl_number, nextCrlNumber);
            if (bigInteger != null) {
                auditEvent.addEventData(CaAuditConstants.NAME_basecrl_number, bigInteger);
            }
            try {
                x509v2CRLBuilder.addExtension(Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifier(z3 ? crlSigner.getSigner().getCertificate().getSubjectKeyId() : publicCaInfo.getSubjectKeyIdentifer()));
                x509v2CRLBuilder.addExtension(Extension.cRLNumber, false, new ASN1Integer(nextCrlNumber));
                if (z3) {
                    x509v2CRLBuilder.addExtension(Extension.issuingDistributionPoint, true, new IssuingDistributionPoint((DistributionPointName) null, false, false, (ReasonFlags) null, true, false));
                }
                if (z2) {
                    x509v2CRLBuilder.addExtension(Extension.deltaCRLIndicator, true, new ASN1Integer(bigInteger));
                }
                List<String> deltaCrlUris = publicCaInfo.getCaUris().getDeltaCrlUris();
                if (crlControl.getDeltaCrlIntervals() > 0 && CollectionUtil.isNotEmpty(deltaCrlUris)) {
                    x509v2CRLBuilder.addExtension(Extension.freshestCRL, false, CaUtil.createCrlDistributionPoints(deltaCrlUris, publicCaInfo.getSubject(), subject));
                }
                if (isIncludeExpiredcerts) {
                    x509v2CRLBuilder.addExtension(Extension.expiredCertsOnCRL, false, new DERGeneralizedTime(Date.from(this.caCert.getNotBefore())));
                }
                ConcurrentContentSigner signer = crlSigner == null ? this.caInfo.getSigner(null) : crlSigner.getSigner();
                try {
                    ConcurrentBagEntrySigner borrowSigner = signer.borrowSigner();
                    try {
                        X509CRLHolder build = x509v2CRLBuilder.build(borrowSigner.value());
                        signer.requiteSigner(borrowSigner);
                        if (z && this.certstore.getThisUpdateOfCurrentCrl(this.caIdent, z2) > instant.getEpochSecond() - 10) {
                            this.LOG.info("IGNORE generateCrl: ca={}", this.caIdent.getName());
                            if (1 == 0) {
                                this.LOG.info("    FAILED generateCrl: ca={}", this.caIdent.getName());
                            }
                            return null;
                        }
                        this.caInfo.setNextCrlNumber(nextCrlNumber.longValue() + 1);
                        this.caManager.commitNextCrlNo(this.caIdent, this.caInfo.getNextCrlNumber());
                        this.publisher.publishCrl(build);
                        this.LOG.info("SUCCESSFUL generateCrl: ca={}, crlNumber={}, thisUpdate={}", this.caIdent.getName(), nextCrlNumber, build.getThisUpdate());
                        if (!z2) {
                            cleanupCrlsWithoutException();
                        }
                        if (1 == 0) {
                            this.LOG.info("    FAILED generateCrl: ca={}", this.caIdent.getName());
                        }
                        return build;
                    } catch (Throwable th) {
                        signer.requiteSigner(borrowSigner);
                        throw th;
                    }
                } catch (NoIdleSignerException e) {
                    throw new OperationException(ErrorCode.SYSTEM_FAILURE, "NoIdleSignerException: " + e.getMessage());
                }
            } catch (CertIOException e2) {
                LogUtil.error(this.LOG, e2, "crlBuilder.addExtension");
                throw new OperationException(ErrorCode.INVALID_EXTENSION, (Throwable) e2);
            }
        } catch (Throwable th2) {
            if (0 == 0) {
                this.LOG.info("    FAILED generateCrl: ca={}", this.caIdent.getName());
            }
            throw th2;
        }
    }

    private Instant getScheduledCrlGenTimeNotAfter(Instant instant) {
        ZonedDateTime ofInstant = ZonedDateTime.ofInstant(instant, ZoneOffset.UTC);
        int hour = (ofInstant.getHour() * 60) + ofInstant.getMinute();
        int intervalHours = this.caInfo.getCrlControl().getIntervalHours() * 60;
        HourMinute intervalDayTime = this.caInfo.getCrlControl().getIntervalDayTime();
        int hour2 = (intervalDayTime.getHour() * 60) + intervalDayTime.getMinute();
        Instant instant2 = ZonedDateTime.of(ofInstant.getYear(), ofInstant.getMonthValue(), ofInstant.getDayOfMonth(), 0, 0, 0, 0, ofInstant.getZone()).toInstant();
        if (hour == hour2) {
            return instant2.plus(hour2, (TemporalUnit) ChronoUnit.MINUTES);
        }
        if (hour < hour2) {
            return instant2.plus(hour2 - intervalHours, (TemporalUnit) ChronoUnit.MINUTES);
        }
        int i = 0;
        while (hour >= hour2 + ((i + 1) * intervalHours)) {
            i++;
        }
        return instant2.plus(hour2 + (i * intervalHours), (TemporalUnit) ChronoUnit.MINUTES);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SignerEntryWrapper getCrlSigner() {
        String crlSignerName;
        if (this.caInfo.getCrlControl() == null || (crlSignerName = this.caInfo.getCrlSignerName()) == null) {
            return null;
        }
        return this.caManager.getSignerWrapper(crlSignerName);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean healthy() {
        SignerEntryWrapper crlSigner = getCrlSigner();
        if (crlSigner == null || crlSigner.getSigner() == null) {
            return true;
        }
        return crlSigner.isHealthy();
    }

    private static Extension createReasonExtension(int i) {
        try {
            return new Extension(Extension.reasonCode, false, CRLReason.lookup(i).getEncoded());
        } catch (IOException e) {
            throw new IllegalArgumentException("error encoding reason: " + e.getMessage(), e);
        }
    }

    private static Extension createInvalidityDateExtension(Instant instant) {
        try {
            return new Extension(Extension.invalidityDate, false, new ASN1GeneralizedTime(Date.from(instant)).getEncoded());
        } catch (IOException e) {
            throw new IllegalArgumentException("error encoding reason: " + e.getMessage(), e);
        }
    }

    private static Extension createCertificateIssuerExtension(X500Name x500Name) {
        try {
            return new Extension(Extension.certificateIssuer, true, new GeneralNames(new GeneralName(x500Name)).getEncoded());
        } catch (IOException e) {
            throw new IllegalArgumentException("error encoding reason: " + e.getMessage(), e);
        }
    }
}
