package net.sf.jsignpdf.crl;

import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Set;
import net.sf.jsignpdf.BasicSignerOptions;
import net.sf.jsignpdf.Constants;
import org.apache.commons.io.input.CountingInputStream;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.x509.extension.X509ExtensionUtil;

/* loaded from: input_file:net/sf/jsignpdf/crl/CRLInfo.class */
public class CRLInfo {
    private static final Logger LOGGER = Logger.getLogger(CRLInfo.class);
    private CRL[] crls;
    private long byteCount = 0;
    private BasicSignerOptions options;
    private Certificate[] certChain;

    public CRLInfo(BasicSignerOptions basicSignerOptions, Certificate[] certificateArr) {
        if (basicSignerOptions == null || certificateArr == null) {
            throw new NullPointerException();
        }
        this.options = basicSignerOptions;
        this.certChain = certificateArr;
    }

    public CRL[] getCrls() {
        initCrls();
        return this.crls;
    }

    public long getByteCount() {
        initCrls();
        return this.byteCount;
    }

    private void initCrls() {
        if (this.options.isCrlEnabledX() && this.crls == null) {
            LOGGER.info(Constants.RES.get("console.readingCRLs"));
            HashSet<String> hashSet = new HashSet();
            for (Certificate certificate : this.certChain) {
                if (certificate instanceof X509Certificate) {
                    hashSet.addAll(getCrlUrls((X509Certificate) certificate));
                }
            }
            HashSet hashSet2 = new HashSet();
            for (String str : hashSet) {
                try {
                    LOGGER.info(Constants.RES.get("console.crlinfo.loadCrl", str));
                    InputStream countingInputStream = new CountingInputStream(new URL(str).openConnection(this.options.createProxy()).getInputStream());
                    CRL generateCRL = CertificateFactory.getInstance(Constants.CERT_TYPE_X509).generateCRL(countingInputStream);
                    long byteCount = countingInputStream.getByteCount();
                    LOGGER.info(Constants.RES.get("console.crlinfo.crlSize", String.valueOf(byteCount)));
                    if (hashSet2.contains(generateCRL)) {
                        LOGGER.info(Constants.RES.get("console.crlinfo.alreadyLoaded"));
                    } else {
                        this.byteCount += byteCount;
                        hashSet2.add(generateCRL);
                    }
                    countingInputStream.close();
                } catch (MalformedURLException e) {
                    LOGGER.warn("", e);
                } catch (IOException e2) {
                    LOGGER.warn("", e2);
                } catch (CRLException e3) {
                    LOGGER.warn("", e3);
                } catch (CertificateException e4) {
                    LOGGER.warn("", e4);
                }
            }
            this.crls = (CRL[]) hashSet2.toArray(new CRL[hashSet2.size()]);
        }
    }

    private Set<String> getCrlUrls(X509Certificate x509Certificate) {
        String string;
        HashSet hashSet = new HashSet();
        LOGGER.info(Constants.RES.get("console.crlinfo.retrieveCrlUrl", x509Certificate.getSubjectX500Principal().getName()));
        byte[] extensionValue = x509Certificate.getExtensionValue(X509Extension.cRLDistributionPoints.getId());
        if (extensionValue != null) {
            CRLDistPoint cRLDistPoint = null;
            try {
                cRLDistPoint = CRLDistPoint.getInstance(X509ExtensionUtil.fromExtensionValue(extensionValue));
            } catch (IOException e) {
                LOGGER.warn("", e);
            }
            if (cRLDistPoint != null) {
                for (DistributionPoint distributionPoint : cRLDistPoint.getDistributionPoints()) {
                    GeneralNames name = distributionPoint.getDistributionPoint().getName();
                    if (name != null) {
                        GeneralName[] names = name.getNames();
                        if (names != null) {
                            for (GeneralName generalName : names) {
                                if (generalName.getTagNo() == 6 && (string = generalName.getName().getString()) != null && string.startsWith("http")) {
                                    LOGGER.info(Constants.RES.get("console.crlinfo.foundCrlUri", string));
                                    hashSet.add(string);
                                    break;
                                }
                            }
                        }
                        LOGGER.info(Constants.RES.get("console.crlinfo.noUrlInDistPoint"));
                    }
                }
            }
        } else {
            LOGGER.info(Constants.RES.get("console.crlinfo.distPointNotSupported"));
        }
        return hashSet;
    }
}
