package net.corda.nodeapi.internal.protonwrapper.netty.revocation;

import java.security.cert.CRLReason;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateRevokedException;
import java.security.cert.PKIXRevocationChecker;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Date;
import java.util.LinkedHashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import kotlin.Metadata;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import net.corda.core.utilities.KotlinUtilsKt;
import net.corda.nodeapi.internal.protonwrapper.netty.ExternalCrlSource;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x509.Extension;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;

/* compiled from: ExternalSourceRevocationChecker.kt */
@Metadata(mv = {1, 1, 11}, bv = {1, 0, 2}, k = 1, d1 = {"��\\\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u001f\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\"\n\u0002\u0018\u0002\n��\n\u0002\u0010!\n\u0002\u0018\u0002\n��\n\u0002\u0010#\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0002\b\u0003\u0018�� \u001d2\u00020\u0001:\u0001\u001dB\u001b\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\f\u0010\u0004\u001a\b\u0012\u0004\u0012\u00020\u00060\u0005¢\u0006\u0002\u0010\u0007J \u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000b2\u000e\u0010\f\u001a\n\u0012\u0004\u0012\u00020\u000e\u0018\u00010\rH\u0016J\u001e\u0010\u000f\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u00102\f\u0010\u0011\u001a\b\u0012\u0004\u0012\u00020\u00130\u0012H\u0002J\u000e\u0010\u0014\u001a\b\u0012\u0004\u0012\u00020\u00160\u0015H\u0016J\u0010\u0010\u0017\u001a\n\u0012\u0004\u0012\u00020\u000e\u0018\u00010\u0018H\u0016J\u0010\u0010\u0019\u001a\u00020\t2\u0006\u0010\u001a\u001a\u00020\u001bH\u0016J\b\u0010\u001c\u001a\u00020\u001bH\u0016R\u0014\u0010\u0004\u001a\b\u0012\u0004\u0012\u00020\u00060\u0005X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n��¨\u0006\u001e"}, d2 = {"Lnet/corda/nodeapi/internal/protonwrapper/netty/revocation/ExternalSourceRevocationChecker;", "Ljava/security/cert/PKIXRevocationChecker;", "externalCrlSource", "Lnet/corda/nodeapi/internal/protonwrapper/netty/ExternalCrlSource;", "dateSource", "Lkotlin/Function0;", "Ljava/util/Date;", "(Lnet/corda/nodeapi/internal/protonwrapper/netty/ExternalCrlSource;Lkotlin/jvm/functions/Function0;)V", "check", "", "cert", "Ljava/security/cert/Certificate;", "unresolvedCritExts", "", "", "checkApprovedCRLs", "Ljava/security/cert/X509Certificate;", "approvedCRLs", "", "Ljava/security/cert/X509CRL;", "getSoftFailExceptions", "", "Ljava/security/cert/CertPathValidatorException;", "getSupportedExtensions", "", "init", "forward", "", "isForwardCheckingSupported", "Companion", "node-api"})
/* loaded from: input_file:corda-node-api-4.9.3.jar:net/corda/nodeapi/internal/protonwrapper/netty/revocation/ExternalSourceRevocationChecker.class */
public final class ExternalSourceRevocationChecker extends PKIXRevocationChecker {
    private final ExternalCrlSource externalCrlSource;
    private final Function0<Date> dateSource;
    public static final Companion Companion = new Companion(null);
    private static final Logger logger = KotlinUtilsKt.contextLogger(Companion);

    /* compiled from: ExternalSourceRevocationChecker.kt */
    @Metadata(mv = {1, 1, 11}, bv = {1, 0, 2}, k = 1, d1 = {"��\u0012\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082\u0004¢\u0006\u0002\n��¨\u0006\u0005"}, d2 = {"Lnet/corda/nodeapi/internal/protonwrapper/netty/revocation/ExternalSourceRevocationChecker$Companion;", "", "()V", "logger", "Lorg/slf4j/Logger;", "node-api"})
    /* loaded from: input_file:corda-node-api-4.9.3.jar:net/corda/nodeapi/internal/protonwrapper/netty/revocation/ExternalSourceRevocationChecker$Companion.class */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(@NotNull Certificate cert, @Nullable Collection<String> collection) {
        Intrinsics.checkParameterIsNotNull(cert, "cert");
        X509Certificate x509Certificate = (X509Certificate) cert;
        checkApprovedCRLs(x509Certificate, this.externalCrlSource.fetch(x509Certificate));
    }

    private final void checkApprovedCRLs(X509Certificate x509Certificate, Set<? extends X509CRL> set) throws CertPathValidatorException {
        logger.debug("ExternalSourceRevocationChecker.checkApprovedCRLs() cert SN: " + x509Certificate.getSerialNumber());
        for (X509CRL x509crl : set) {
            X509CRLEntry revokedCertificate = x509crl.getRevokedCertificate(x509Certificate);
            if (revokedCertificate != null) {
                logger.debug("ExternalSourceRevocationChecker.checkApprovedCRLs() CRL entry: " + revokedCertificate);
                Set<String> criticalExtensionOIDs = revokedCertificate.getCriticalExtensionOIDs();
                if (criticalExtensionOIDs != null && !criticalExtensionOIDs.isEmpty()) {
                    ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.cRLDistributionPoints;
                    Intrinsics.checkExpressionValueIsNotNull(aSN1ObjectIdentifier, "Extension.cRLDistributionPoints");
                    criticalExtensionOIDs.remove(aSN1ObjectIdentifier.getId());
                    ASN1ObjectIdentifier aSN1ObjectIdentifier2 = Extension.certificateIssuer;
                    Intrinsics.checkExpressionValueIsNotNull(aSN1ObjectIdentifier2, "Extension.certificateIssuer");
                    criticalExtensionOIDs.remove(aSN1ObjectIdentifier2.getId());
                    if (!criticalExtensionOIDs.isEmpty()) {
                        throw new CertPathValidatorException("Unrecognized critical extension(s) in revoked CRL entry: " + criticalExtensionOIDs);
                    }
                }
                CRLReason revocationReason = revokedCertificate.getRevocationReason();
                if (revocationReason == null) {
                    revocationReason = CRLReason.UNSPECIFIED;
                }
                CRLReason cRLReason = revocationReason;
                Date revocationDate = revokedCertificate.getRevocationDate();
                if (revocationDate.before(this.dateSource.invoke())) {
                    CertificateRevokedException certificateRevokedException = new CertificateRevokedException(revocationDate, cRLReason, x509crl.getIssuerX500Principal(), new LinkedHashMap());
                    throw new CertPathValidatorException(certificateRevokedException.getMessage(), certificateRevokedException, null, -1, CertPathValidatorException.BasicReason.REVOKED);
                }
            }
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return true;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    @Nullable
    public Set<String> getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z) {
    }

    @Override // java.security.cert.PKIXRevocationChecker
    @NotNull
    public List<CertPathValidatorException> getSoftFailExceptions() {
        return new LinkedList();
    }

    /* JADX WARN: Multi-variable type inference failed */
    public ExternalSourceRevocationChecker(@NotNull ExternalCrlSource externalCrlSource, @NotNull Function0<? extends Date> dateSource) {
        Intrinsics.checkParameterIsNotNull(externalCrlSource, "externalCrlSource");
        Intrinsics.checkParameterIsNotNull(dateSource, "dateSource");
        this.externalCrlSource = externalCrlSource;
        this.dateSource = dateSource;
    }
}
