package eu.europa.esig.dss.x509.crl;

import eu.europa.esig.dss.DSSUtils;
import eu.europa.esig.dss.DigestAlgorithm;
import eu.europa.esig.dss.crl.CRLUtils;
import eu.europa.esig.dss.crl.CRLValidity;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.x509.CertificateToken;
import eu.europa.esig.dss.x509.RevocationOrigin;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/x509/crl/OfflineCRLSource.class */
public abstract class OfflineCRLSource implements CRLSource {
    private static final Logger LOG = LoggerFactory.getLogger(OfflineCRLSource.class);
    protected Map<String, byte[]> crlsMap = new HashMap();
    private Map<String, CRLValidity> crlValidityMap = new HashMap();
    private Map<CertificateToken, CRLToken> validCRLTokenList = new HashMap();

    @Override // eu.europa.esig.dss.x509.crl.CRLSource
    public final CRLToken findCrl(CertificateToken certificateToken) {
        if (certificateToken == null) {
            throw new NullPointerException();
        }
        CRLToken cRLToken = this.validCRLTokenList.get(certificateToken);
        if (cRLToken != null) {
            cRLToken.setOrigin(RevocationOrigin.SIGNATURE);
            return cRLToken;
        }
        CertificateToken issuerToken = certificateToken.getIssuerToken();
        if (issuerToken == null) {
            throw new NullPointerException();
        }
        CRLValidity bestCrlValidity = getBestCrlValidity(certificateToken, issuerToken);
        if (bestCrlValidity == null) {
            return null;
        }
        CRLToken cRLToken2 = new CRLToken(certificateToken, bestCrlValidity);
        cRLToken2.setOrigin(RevocationOrigin.SIGNATURE);
        this.validCRLTokenList.put(certificateToken, cRLToken2);
        return cRLToken2;
    }

    private CRLValidity getBestCrlValidity(CertificateToken certificateToken, CertificateToken certificateToken2) {
        CRLValidity cRLValidity = null;
        Date date = null;
        for (Map.Entry<String, byte[]> entry : this.crlsMap.entrySet()) {
            CRLValidity crlValidity = getCrlValidity(entry.getKey(), entry.getValue(), certificateToken2);
            if (crlValidity != null && certificateToken2.equals(crlValidity.getIssuerToken()) && crlValidity.isValid()) {
                Date thisUpdate = crlValidity.getThisUpdate();
                Date nextUpdate = crlValidity.getNextUpdate();
                if (!(thisUpdate.before(certificateToken.getNotAfter()) && nextUpdate != null && nextUpdate.after(certificateToken.getNotBefore()))) {
                    LOG.warn("The CRL was not issued during the validity period of the certificate! Certificate: " + certificateToken.getDSSIdAsString());
                } else if (date == null || thisUpdate.after(date)) {
                    cRLValidity = crlValidity;
                    date = thisUpdate;
                }
            }
        }
        return cRLValidity;
    }

    private synchronized CRLValidity getCrlValidity(String str, byte[] bArr, CertificateToken certificateToken) {
        CRLValidity cRLValidity = this.crlValidityMap.get(str);
        if (cRLValidity == null) {
            try {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
                Throwable th = null;
                try {
                    try {
                        cRLValidity = CRLUtils.isValidCRL(byteArrayInputStream, certificateToken);
                        if (cRLValidity.isValid()) {
                            this.crlValidityMap.put(str, cRLValidity);
                        }
                        if (byteArrayInputStream != null) {
                            if (0 != 0) {
                                try {
                                    byteArrayInputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                byteArrayInputStream.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            } catch (IOException e) {
                LOG.error("Unable to parse CRL", e);
            }
        }
        return cRLValidity;
    }

    public Collection<byte[]> getContainedX509CRLs() {
        return Collections.unmodifiableCollection(this.crlsMap.values());
    }

    protected void addCRLBinary(byte[] bArr) {
        addCRLBinary(Utils.toBase64(DSSUtils.digest(DigestAlgorithm.SHA256, bArr)), bArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addCRLBinary(String str, byte[] bArr) {
        if (this.crlsMap.containsKey(str) || this.crlValidityMap.containsKey(str)) {
            return;
        }
        this.crlsMap.put(str, bArr);
    }
}
