package org.openoces.ooapi.validation;

import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import org.openoces.ooapi.certificate.CA;
import org.openoces.ooapi.certificate.OcesCertificateFacade;
import org.openoces.ooapi.environment.RootCertificates;
import org.openoces.ooapi.exceptions.CrlNotFoundException;
import org.openoces.ooapi.exceptions.InvalidCrlException;

/* loaded from: input_file:org/openoces/ooapi/validation/FullCrlRevocationChecker.class */
public class FullCrlRevocationChecker implements CaCrlRevokedChecker {
    private static FullCrlRevocationChecker ourInstance = new FullCrlRevocationChecker();
    private HttpCrlDownloader crlDownloader;

    private FullCrlRevocationChecker() {
        this(new CachedHttpCrlDownloader());
    }

    protected FullCrlRevocationChecker(HttpCrlDownloader httpCrlDownloader) {
        this.crlDownloader = httpCrlDownloader;
    }

    public static FullCrlRevocationChecker getInstance() {
        return ourInstance;
    }

    @Override // org.openoces.ooapi.validation.RevocationChecker
    public boolean isRevoked(OcesCertificateFacade ocesCertificateFacade) {
        return downloadCrl(ocesCertificateFacade).isRevoked(ocesCertificateFacade) || isRevoked(ocesCertificateFacade.getSigningCA());
    }

    @Override // org.openoces.ooapi.validation.CaCrlRevokedChecker
    public boolean isRevokedCa(X509Certificate x509Certificate) {
        CA ca = new CA(x509Certificate, new CA(RootCertificates.lookupCertificateBySubjectDn(x509Certificate.getIssuerX500Principal()), null));
        if (ca.isRoot()) {
            return false;
        }
        return downloadCrl(CRLDistributionPointsExtractor.extractCRLDistributionPoints(x509Certificate).getCrlDistributionPoint()).isRevoked(ca);
    }

    @Override // org.openoces.ooapi.validation.RevocationChecker
    public X509CRLEntry getRevocationDetails(OcesCertificateFacade ocesCertificateFacade) {
        return downloadCrl(ocesCertificateFacade).getRevocationDetails(ocesCertificateFacade);
    }

    public boolean isRevoked(CA ca) {
        if (ca.isRoot()) {
            return false;
        }
        return downloadCrl(ca).isRevoked(ca) || isRevoked(ca.getSigningCA());
    }

    public CRL downloadCrl(OcesCertificateFacade ocesCertificateFacade) {
        return downloadCrl(ocesCertificateFacade.getCrlDistributionPoint());
    }

    public CRL downloadCrl(String str) {
        CRL download = this.crlDownloader.download(str);
        if (download == null) {
            throw new CrlNotFoundException("The crl could not be retrieved for url: " + str, str);
        }
        if (download.isPartial()) {
            throw new InvalidCrlException("Crl was downloaded successfully, but it is a partial CRL, not a full CRL", str);
        }
        return download;
    }

    private CRL downloadCrl(CA ca) {
        return downloadCrl(CRLDistributionPointsExtractor.extractCRLDistributionPoints(ca.getCertificate()).getCrlDistributionPoint());
    }
}
