package eu.europa.esig.dss.spi.x509.revocation.crl;

import eu.europa.esig.dss.crl.CRLUtils;
import eu.europa.esig.dss.crl.CRLValidity;
import eu.europa.esig.dss.enumerations.CertificateStatus;
import eu.europa.esig.dss.enumerations.RevocationReason;
import eu.europa.esig.dss.enumerations.RevocationType;
import eu.europa.esig.dss.enumerations.SignatureValidity;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.model.x509.revocation.crl.CRL;
import eu.europa.esig.dss.spi.DSSASN1Utils;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.x509.revocation.RevocationCertificateSource;
import eu.europa.esig.dss.spi.x509.revocation.RevocationToken;
import java.io.InputStream;
import java.security.PublicKey;
import java.security.cert.CRLReason;
import java.security.cert.X509CRLEntry;
import java.util.Objects;
import javax.security.auth.x500.X500Principal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/dss-spi-6.1.jar:eu/europa/esig/dss/spi/x509/revocation/crl/CRLToken.class */
public class CRLToken extends RevocationToken<CRL> {
    private static final long serialVersionUID = 1934492191629483078L;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) CRLToken.class);
    private final CRLValidity crlValidity;

    public CRLToken(CertificateToken certificateToken, CRLValidity cRLValidity) {
        Objects.requireNonNull(cRLValidity, "CRL Validity cannot be null");
        this.crlValidity = cRLValidity;
        this.relatedCertificate = certificateToken;
        initInfo();
        setRevocationStatus(certificateToken);
        if (LOG.isDebugEnabled()) {
            LOG.debug("A CRLToken created with Id : [{}]", getDSSIdAsString());
        }
    }

    private void initInfo() {
        this.signatureAlgorithm = this.crlValidity.getSignatureAlgorithm();
        this.thisUpdate = this.crlValidity.getThisUpdate();
        this.productionDate = this.crlValidity.getThisUpdate();
        this.nextUpdate = this.crlValidity.getNextUpdate();
        this.expiredCertsOnCRL = this.crlValidity.getExpiredCertsOnCRL();
        CertificateToken issuerToken = this.crlValidity.getIssuerToken();
        if (issuerToken != null) {
            this.publicKeyOfTheSigner = issuerToken.getPublicKey();
        }
        this.signatureValidity = SignatureValidity.get(Boolean.valueOf(this.crlValidity.isSignatureIntact()));
        this.signatureInvalidityReason = this.crlValidity.getSignatureInvalidityReason();
    }

    private void setRevocationStatus(CertificateToken certificateToken) {
        X500Principal issuerX500Principal = certificateToken.getIssuerX500Principal();
        CertificateToken issuerToken = this.crlValidity.getIssuerToken();
        X500Principal x500Principal = null;
        if (issuerToken != null) {
            x500Principal = issuerToken.getSubject().getPrincipal();
        }
        if (!DSSASN1Utils.x500PrincipalAreEquals(issuerX500Principal, x500Principal)) {
            if (!this.crlValidity.isSignatureIntact()) {
                throw new DSSException(this.crlValidity.getSignatureInvalidityReason());
            }
            throw new DSSException("The CRLToken is not signed by the same issuer as the CertificateToken to be verified!");
        }
        X509CRLEntry revocationInfo = CRLUtils.getRevocationInfo(this.crlValidity, certificateToken.getSerialNumber());
        if (revocationInfo == null) {
            this.status = CertificateStatus.GOOD;
            return;
        }
        this.status = CertificateStatus.REVOKED;
        this.revocationDate = revocationInfo.getRevocationDate();
        CRLReason revocationReason = revocationInfo.getRevocationReason();
        if (revocationReason != null) {
            this.reason = RevocationReason.fromInt(revocationReason.ordinal());
        }
    }

    @Override // eu.europa.esig.dss.model.x509.Token
    protected SignatureValidity checkIsSignedBy(PublicKey publicKey) {
        throw new UnsupportedOperationException(getClass().getName());
    }

    @Override // eu.europa.esig.dss.spi.x509.revocation.RevocationToken
    public RevocationCertificateSource getCertificateSource() {
        return null;
    }

    public CRLValidity getCrlValidity() {
        return this.crlValidity;
    }

    @Override // eu.europa.esig.dss.model.x509.Token
    public X500Principal getIssuerX500Principal() {
        if (this.crlValidity.getIssuerToken() != null) {
            return this.crlValidity.getIssuerToken().getSubject().getPrincipal();
        }
        return null;
    }

    @Override // eu.europa.esig.dss.spi.x509.revocation.RevocationToken
    public CertificateToken getIssuerCertificateToken() {
        return this.crlValidity.getIssuerToken();
    }

    @Override // eu.europa.esig.dss.model.x509.Token
    public byte[] getEncoded() {
        return this.crlValidity.getDerEncoded();
    }

    public InputStream getCRLStream() {
        return this.crlValidity.toCRLInputStream();
    }

    @Override // eu.europa.esig.dss.model.x509.Token
    public boolean isValid() {
        return this.crlValidity.isValid();
    }

    @Override // eu.europa.esig.dss.spi.x509.revocation.RevocationToken
    public RevocationType getRevocationType() {
        return RevocationType.CRL;
    }

    @Override // eu.europa.esig.dss.model.x509.Token
    public String getAbbreviation() {
        return "CRLToken[" + (this.productionDate == null ? "?" : DSSUtils.formatDateToRFC(this.productionDate)) + ", signedBy=" + getIssuerX500Principal() + "]";
    }

    @Override // eu.europa.esig.dss.model.x509.Token
    public String toString(String str) {
        StringBuilder sb = new StringBuilder();
        sb.append(str).append("CRLToken[\n");
        String str2 = str + "\t";
        sb.append(str2).append("Id: ").append(getDSSIdAsString()).append('\n');
        sb.append(str2).append("Production time: ").append(this.productionDate == null ? "?" : DSSUtils.formatDateToRFC(this.productionDate)).append('\n');
        sb.append(str2).append("NextUpdate time: ").append(this.nextUpdate == null ? "?" : DSSUtils.formatDateToRFC(this.nextUpdate)).append('\n');
        sb.append(str2).append("Signature algorithm: ").append(this.signatureAlgorithm == null ? "?" : this.signatureAlgorithm).append('\n');
        sb.append(str2).append("Status: ").append(getStatus()).append('\n');
        sb.append(str2).append("Issuer's certificate: ").append(getIssuerX500Principal()).append('\n');
        if (getRelatedCertificateId() != null) {
            sb.append(str2).append("Related certificate: ").append(getRelatedCertificateId()).append('\n');
        }
        sb.append(str2.substring(1)).append(']');
        return sb.toString();
    }
}
