package net.bluemind.smime.cacerts.utils;

import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.Proxy;
import java.net.URI;
import java.security.cert.CRLException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import net.bluemind.core.rest.BmContext;
import net.bluemind.smime.cacerts.api.SmimeRevocation;
import net.bluemind.system.service.helper.SecurityCertificateHelper;
import net.bluemind.utils.CertificateUtils;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/bluemind/smime/cacerts/utils/CrlReader.class */
public class CrlReader {
    private static final Logger logger = LoggerFactory.getLogger(CrlReader.class);
    private X509Certificate caCert;
    private String cacertUid;
    private SecurityCertificateHelper systemHelper;
    private Set<CRLEntry> crls = new HashSet();
    private String issuer = issuerWithOids();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/bluemind/smime/cacerts/utils/CrlReader$CRLEntry.class */
    public class CRLEntry {
        private final X509CRL crlX509;
        private final String url;

        public CRLEntry(X509CRL x509crl, String str) {
            this.crlX509 = x509crl;
            this.url = str;
        }

        public List<SmimeRevocation> createRevocations() {
            Set<? extends X509CRLEntry> revokedCertificates = this.crlX509.getRevokedCertificates();
            if (revokedCertificates != null && !revokedCertificates.isEmpty()) {
                return revokedCertificates.stream().map(x509CRLEntry -> {
                    return createRevocation(x509CRLEntry);
                }).toList();
            }
            CrlReader.logger.info("S/MIME CA certificate {} has no revoked certificates", CrlReader.this.cacertUid);
            return Collections.emptyList();
        }

        private SmimeRevocation createRevocation(X509CRLEntry x509CRLEntry) {
            return SmimeRevocation.create(x509CRLEntry.getSerialNumber().toString(), x509CRLEntry.getRevocationDate(), x509CRLEntry.getRevocationReason() != null ? x509CRLEntry.getRevocationReason().name() : null, this.url, this.crlX509.getThisUpdate(), this.crlX509.getNextUpdate(), CrlReader.this.issuer, CrlReader.this.cacertUid);
        }
    }

    public CrlReader(BmContext bmContext, X509Certificate x509Certificate, String str) {
        this.systemHelper = new SecurityCertificateHelper(bmContext);
        this.caCert = x509Certificate;
        this.cacertUid = str;
    }

    private String issuerWithOids() {
        try {
            return (String) Arrays.asList(new JcaX509CertificateHolder(this.caCert).getIssuer().getRDNs()).stream().map(rdn -> {
                return rdn.getFirst().getType().toString().concat("=").concat(rdn.getFirst().getValue().toString());
            }).collect(Collectors.joining(","));
        } catch (CertificateEncodingException e) {
            logger.warn("Error occured trying to read CA issuer : {}", e.getMessage());
            return this.caCert.getIssuerX500Principal().getName("RFC1779");
        }
    }

    public void read(InputStream inputStream) {
        try {
            this.crls.add(readCrlFile(inputStream, null));
        } catch (Exception e) {
            logger.warn("Error occurs trying to read CRL stream : {}", e.getMessage());
        }
    }

    public void read(String str) {
        try {
            this.crls.add(downloadCRLFromWeb(str));
        } catch (Exception e) {
            logger.warn("Error occurs trying to read CRL from url:{} : {}", str, e.getMessage());
        }
    }

    public List<SmimeRevocation> getRevocations() {
        ArrayList arrayList = new ArrayList();
        try {
            CertificateUtils.getCrlDistributionPoints(this.caCert).forEach(str -> {
                read(str);
            });
            arrayList.addAll(createRevocations());
        } catch (IOException e) {
            logger.warn(e.getMessage());
        }
        return arrayList;
    }

    private CRLEntry readCrlFile(InputStream inputStream, String str) throws Exception {
        X509CRL x509crl = (X509CRL) CertificateUtils.generateX509Crl(inputStream);
        x509crl.verify(this.caCert.getPublicKey());
        verifyIssuer(x509crl);
        return new CRLEntry(x509crl, str);
    }

    private void verifyIssuer(X509CRL x509crl) throws CRLException {
        if (!Arrays.equals(this.caCert.getIssuerX500Principal().getEncoded(), x509crl.getIssuerX500Principal().getEncoded())) {
            throw new CRLException("CRL Issuer is not valid.");
        }
    }

    private HttpURLConnection connect(String str) throws IOException {
        Proxy configureProxySession = this.systemHelper.configureProxySession();
        return configureProxySession == null ? (HttpURLConnection) URI.create(str).toURL().openConnection() : (HttpURLConnection) URI.create(str).toURL().openConnection(configureProxySession);
    }

    private CRLEntry downloadCRLFromWeb(String str) throws Exception {
        Throwable th = null;
        try {
            InputStream inputStream = connect(str).getInputStream();
            try {
                CRLEntry readCrlFile = readCrlFile(inputStream, str);
                if (inputStream != null) {
                    inputStream.close();
                }
                return readCrlFile;
            } catch (Throwable th2) {
                if (inputStream != null) {
                    inputStream.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    public List<SmimeRevocation> createRevocations() {
        ArrayList arrayList = new ArrayList();
        this.crls.forEach(cRLEntry -> {
            if (cRLEntry.crlX509 != null) {
                arrayList.addAll(cRLEntry.createRevocations());
            }
        });
        return arrayList;
    }
}
