package org.openoces.ooapi.validation;

import java.security.cert.X509CRLEntry;
import org.openoces.ooapi.certificate.CA;
import org.openoces.ooapi.certificate.OcesCertificateFacade;
import org.openoces.ooapi.environment.Environments;
import org.openoces.ooapi.environment.RootCertificates;
import org.openoces.ooapi.exceptions.InvalidCrlException;
import org.openoces.ooapi.ldap.LDAPFactory;

/* loaded from: input_file:org/openoces/ooapi/validation/PartitionedCrlRevocationChecker.class */
public class PartitionedCrlRevocationChecker implements RevocationChecker {
    private static PartitionedCrlRevocationChecker ourInstance = new PartitionedCrlRevocationChecker();
    private CachedLdapCrlDownloader crlDownloader = new CachedLdapCrlDownloader();

    private PartitionedCrlRevocationChecker() {
    }

    public static PartitionedCrlRevocationChecker getInstance() {
        return ourInstance;
    }

    @Override // org.openoces.ooapi.validation.RevocationChecker
    public boolean isRevoked(OcesCertificateFacade ocesCertificateFacade) {
        return Environments.isInternalEnvironment(LDAPFactory.getEnvironmentFromCaCommonName(ocesCertificateFacade.getIssuerDn())) ? FullCrlRevocationChecker.getInstance().isRevoked(ocesCertificateFacade) : getCrlInstance(ocesCertificateFacade).isRevoked(ocesCertificateFacade) || isRevoked(ocesCertificateFacade.getSigningCA());
    }

    private CRL getCrlInstance(OcesCertificateFacade ocesCertificateFacade) {
        String partitionedCrlDistributionPoint = ocesCertificateFacade.getPartitionedCrlDistributionPoint();
        CRL download = this.crlDownloader.download(RootCertificates.getEnvironment(ocesCertificateFacade.getSigningCA()), partitionedCrlDistributionPoint);
        if (!download.isPartial()) {
            throw new InvalidCrlException("Crl was downloaded successfully, but is not a partial CRL", partitionedCrlDistributionPoint);
        }
        if (download.isCorrectPartialCrl(partitionedCrlDistributionPoint)) {
            return download;
        }
        throw new InvalidCrlException("Crl was downloaded successfully, but is not the correct partitioned crl", partitionedCrlDistributionPoint);
    }

    @Override // org.openoces.ooapi.validation.RevocationChecker
    public X509CRLEntry getRevocationDetails(OcesCertificateFacade ocesCertificateFacade) {
        return getCrlInstance(ocesCertificateFacade).getRevocationDetails(ocesCertificateFacade);
    }

    public boolean isRevoked(CA ca) {
        if (ca.isRoot()) {
            return false;
        }
        return downloadCrl(ca, RootCertificates.getEnvironment(ca.getSigningCA())).isRevoked(ca) || isRevoked(ca.getSigningCA());
    }

    private CRL downloadCrl(CA ca, Environments.Environment environment) {
        return this.crlDownloader.download(environment, CRLDistributionPointsExtractor.extractCRLDistributionPoints(ca.getCertificate()).getPartitionedCRLDistributionPoint());
    }
}
