package net.corda.nodeapi.internal.revocation;

import com.github.benmanes.caffeine.cache.CacheLoader;
import com.github.benmanes.caffeine.cache.Caffeine;
import com.github.benmanes.caffeine.cache.LoadingCache;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.net.URI;
import java.net.URLConnection;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import net.corda.core.internal.InternalUtils;
import net.corda.core.utilities.KotlinUtilsKt;
import net.corda.nodeapi.internal.crypto.X509CertificateFactory;
import net.corda.nodeapi.internal.crypto.X509UtilitiesKt;
import net.corda.nodeapi.internal.protonwrapper.netty.CrlSource;
import net.corda.nodeapi.internal.protonwrapper.netty.SSLHelperKt;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;

/* compiled from: CertDistPointCrlSource.kt */
@Metadata(mv = {1, 1, 11}, bv = {1, 0, 2}, k = 1, d1 = {"��8\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\"\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0002\b\u0002\u0018�� \u00112\u00020\u0001:\u0001\u0011B\u0005¢\u0006\u0002\u0010\u0002J\u0016\u0010\u0003\u001a\b\u0012\u0004\u0012\u00020\u00050\u00042\u0006\u0010\u0006\u001a\u00020\u0007H\u0016J\u0010\u0010\b\u001a\u00020\u00052\u0006\u0010\t\u001a\u00020\nH\u0002J(\u0010\u000b\u001a\u00020\f2\u0006\u0010\r\u001a\u00020\u00052\u0006\u0010\u0006\u001a\u00020\u00072\u000e\u0010\u000e\u001a\n\u0012\u0004\u0012\u00020\u0010\u0018\u00010\u000fH\u0002¨\u0006\u0012"}, d2 = {"Lnet/corda/nodeapi/internal/revocation/CertDistPointCrlSource;", "Lnet/corda/nodeapi/internal/protonwrapper/netty/CrlSource;", "()V", "fetch", "", "Ljava/security/cert/X509CRL;", "certificate", "Ljava/security/cert/X509Certificate;", "getPossibleCRL", "uri", "Ljava/net/URI;", "verifyCRL", "", "crl", "distPointIssuerNames", "", "Ljavax/security/auth/x500/X500Principal;", "Companion", "node-api"})
/* loaded from: input_file:net/corda/nodeapi/internal/revocation/CertDistPointCrlSource.class */
public final class CertDistPointCrlSource implements CrlSource {
    private static final int DEFAULT_CONNECT_TIMEOUT = 9000;
    private static final int DEFAULT_READ_TIMEOUT = 9000;
    private static final long DEFAULT_CACHE_SIZE = 185;
    private static final long DEFAULT_CACHE_EXPIRY = 300000;
    private static final LoadingCache<URI, X509CRL> cache;
    private static final Integer connectTimeout;
    private static final Integer readTimeout;
    public static final Companion Companion = new Companion(null);
    private static final Logger logger = KotlinUtilsKt.contextLogger(Companion);

    /* compiled from: CertDistPointCrlSource.kt */
    @Metadata(mv = {1, 1, 11}, bv = {1, 0, 2}, k = 1, d1 = {"��4\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010\t\n\u0002\b\u0002\n\u0002\u0010\b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0004\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u0010\u0010\u0013\u001a\u00020\f2\u0006\u0010\u0014\u001a\u00020\u000bH\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n��R\u000e\u0010\u0005\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n��R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082T¢\u0006\u0002\n��R\u000e\u0010\b\u001a\u00020\u0007X\u0082T¢\u0006\u0002\n��R\u001a\u0010\t\u001a\u000e\u0012\u0004\u0012\u00020\u000b\u0012\u0004\u0012\u00020\f0\nX\u0082\u0004¢\u0006\u0002\n��R\u0018\u0010\r\u001a\n \u000e*\u0004\u0018\u00010\u00070\u0007X\u0082\u0004¢\u0006\u0004\n\u0002\u0010\u000fR\u000e\u0010\u0010\u001a\u00020\u0011X\u0082\u0004¢\u0006\u0002\n��R\u0018\u0010\u0012\u001a\n \u000e*\u0004\u0018\u00010\u00070\u0007X\u0082\u0004¢\u0006\u0004\n\u0002\u0010\u000f¨\u0006\u0015"}, d2 = {"Lnet/corda/nodeapi/internal/revocation/CertDistPointCrlSource$Companion;", "", "()V", "DEFAULT_CACHE_EXPIRY", "", "DEFAULT_CACHE_SIZE", "DEFAULT_CONNECT_TIMEOUT", "", "DEFAULT_READ_TIMEOUT", "cache", "Lcom/github/benmanes/caffeine/cache/LoadingCache;", "Ljava/net/URI;", "Ljava/security/cert/X509CRL;", "connectTimeout", "kotlin.jvm.PlatformType", "Ljava/lang/Integer;", "logger", "Lorg/slf4j/Logger;", "readTimeout", "retrieveCRL", "uri", "node-api"})
    /* loaded from: input_file:net/corda/nodeapi/internal/revocation/CertDistPointCrlSource$Companion.class */
    public static final class Companion {
        /* JADX INFO: Access modifiers changed from: private */
        public final X509CRL retrieveCRL(URI uri) {
            long currentTimeMillis = System.currentTimeMillis();
            try {
                URLConnection conn = uri.toURL().openConnection();
                Intrinsics.checkExpressionValueIsNotNull(conn, "conn");
                Integer connectTimeout = CertDistPointCrlSource.connectTimeout;
                Intrinsics.checkExpressionValueIsNotNull(connectTimeout, "connectTimeout");
                conn.setConnectTimeout(connectTimeout.intValue());
                Integer readTimeout = CertDistPointCrlSource.readTimeout;
                Intrinsics.checkExpressionValueIsNotNull(readTimeout, "readTimeout");
                conn.setReadTimeout(readTimeout.intValue());
                InputStream inputStream = conn.getInputStream();
                Intrinsics.checkExpressionValueIsNotNull(inputStream, "conn.getInputStream()");
                byte[] readFully = InternalUtils.readFully(inputStream);
                long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
                try {
                    X509CRL generateCRL = new X509CertificateFactory().generateCRL(new ByteArrayInputStream(readFully));
                    Logger logger = CertDistPointCrlSource.logger;
                    if (logger.isDebugEnabled()) {
                        logger.debug("CRL from " + uri + " (" + currentTimeMillis2 + "ms): " + X509UtilitiesKt.toSimpleString(generateCRL));
                    }
                    return generateCRL;
                } catch (Exception e) {
                    if (CertDistPointCrlSource.logger.isDebugEnabled()) {
                        CertDistPointCrlSource.logger.debug("Invalid CRL from " + uri + " (" + currentTimeMillis2 + "ms)", (Throwable) e);
                    }
                    throw e;
                }
            } catch (Exception e2) {
                if (CertDistPointCrlSource.logger.isDebugEnabled()) {
                    CertDistPointCrlSource.logger.debug("Unable to download CRL from " + uri + " (" + (System.currentTimeMillis() - currentTimeMillis) + "ms)", (Throwable) e2);
                }
                throw e2;
            }
        }

        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    @Override // net.corda.nodeapi.internal.protonwrapper.netty.CrlSource
    @NotNull
    public Set<X509CRL> fetch(@NotNull X509Certificate certificate) {
        Intrinsics.checkParameterIsNotNull(certificate, "certificate");
        HashSet hashSet = new HashSet();
        Exception exc = (Exception) null;
        for (Map.Entry<URI, List<X500Principal>> entry : SSLHelperKt.distributionPoints(certificate).entrySet()) {
            URI key = entry.getKey();
            List<X500Principal> value = entry.getValue();
            try {
                X509CRL possibleCRL = getPossibleCRL(key);
                if (verifyCRL(possibleCRL, certificate, value)) {
                    hashSet.add(possibleCRL);
                }
            } catch (Exception e) {
                if (exc == null) {
                    exc = e;
                } else {
                    exc.addSuppressed(e);
                }
            }
        }
        if (exc == null || !hashSet.isEmpty()) {
            return hashSet;
        }
        throw exc;
    }

    private final X509CRL getPossibleCRL(URI uri) {
        X509CRL x509crl = cache.get(uri);
        if (x509crl == null) {
            Intrinsics.throwNpe();
        }
        return x509crl;
    }

    private final boolean verifyCRL(X509CRL x509crl, X509Certificate x509Certificate, List<X500Principal> list) {
        X500Principal issuerX500Principal = x509crl.getIssuerX500Principal();
        if (list == null) {
            return Intrinsics.areEqual(x509Certificate.getIssuerX500Principal(), issuerX500Principal);
        }
        List<X500Principal> list2 = list;
        if ((list2 instanceof Collection) && list2.isEmpty()) {
            return false;
        }
        Iterator<T> it = list2.iterator();
        while (it.hasNext()) {
            if (Intrinsics.areEqual((X500Principal) it.next(), issuerX500Principal)) {
                return true;
            }
        }
        return false;
    }

    static {
        Caffeine<Object, Object> newBuilder = Caffeine.newBuilder();
        Long l = Long.getLong("net.corda.dpcrl.cache.size", DEFAULT_CACHE_SIZE);
        Intrinsics.checkExpressionValueIsNotNull(l, "java.lang.Long.getLong(\"…ize\", DEFAULT_CACHE_SIZE)");
        Caffeine<Object, Object> maximumSize = newBuilder.maximumSize(l.longValue());
        Long l2 = Long.getLong("net.corda.dpcrl.cache.expiry", DEFAULT_CACHE_EXPIRY);
        Intrinsics.checkExpressionValueIsNotNull(l2, "java.lang.Long.getLong(\"…y\", DEFAULT_CACHE_EXPIRY)");
        Caffeine<Object, Object> expireAfterWrite = maximumSize.expireAfterWrite(l2.longValue(), TimeUnit.MILLISECONDS);
        final CertDistPointCrlSource$Companion$cache$1 certDistPointCrlSource$Companion$cache$1 = new CertDistPointCrlSource$Companion$cache$1(Companion);
        LoadingCache build = expireAfterWrite.build(new CacheLoader() { // from class: net.corda.nodeapi.internal.revocation.CertDistPointCrlSource$sam$com_github_benmanes_caffeine_cache_CacheLoader$0
            @Override // com.github.benmanes.caffeine.cache.CacheLoader
            @Nullable
            public final /* synthetic */ Object load(Object obj) {
                return Function1.this.invoke(obj);
            }
        });
        Intrinsics.checkExpressionValueIsNotNull(build, "Caffeine.newBuilder()\n  …    .build(::retrieveCRL)");
        cache = build;
        connectTimeout = Integer.getInteger("net.corda.dpcrl.connect.timeout", 9000);
        readTimeout = Integer.getInteger("net.corda.dpcrl.read.timeout", 9000);
    }
}
