package asia.dbt.thundercrypt.core.utils;

import asia.dbt.thundercrypt.core.exceptions.CRLDownloadException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.cert.CRLException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import kz.gov.pki.kalkan.asn1.ASN1Object;
import kz.gov.pki.kalkan.asn1.DERSequence;
import kz.gov.pki.kalkan.asn1.DERTaggedObject;
import kz.gov.pki.kalkan.jce.provider.JDKX509CertificateFactory;
import kz.gov.pki.kalkan.jce.provider.X509CRLObject;
import kz.gov.pki.kalkan.util.Strings;

/* loaded from: input_file:asia/dbt/thundercrypt/core/utils/CrlService.class */
public class CrlService {
    private static final String FRESHEST_CRL = "2.5.29.46";
    private static final String CRL_DISTRIBUTION_POINT = "2.5.29.31";
    private static final Map<String, X509CRLObject> cachedCRLs = new ConcurrentHashMap();
    private static String defaultUrlToCrl = null;
    private String urlToCrl;
    private String urlToFreshestCrl;

    public CrlService(String str, String str2) {
        this.urlToCrl = str;
        this.urlToFreshestCrl = str2;
    }

    public CrlService(X509Certificate x509Certificate) throws CRLException {
        this.urlToCrl = getCrlUrlFromCertificate(x509Certificate);
        try {
            this.urlToFreshestCrl = getCrlDeltaUrlFromCertificate(x509Certificate);
        } catch (Exception e) {
            this.urlToFreshestCrl = null;
        }
    }

    public static void setDefaultUrlToCrl(String str) {
        defaultUrlToCrl = str;
    }

    private String getCrlUrlFromCertificate(X509Certificate x509Certificate) throws CRLException {
        return getCrlUrlFromCertificate(x509Certificate, CRL_DISTRIBUTION_POINT);
    }

    private String getCrlDeltaUrlFromCertificate(X509Certificate x509Certificate) throws CRLException {
        return getCrlUrlFromCertificate(x509Certificate, FRESHEST_CRL);
    }

    private String getCrlUrlFromCertificate(X509Certificate x509Certificate, String str) throws CRLException {
        try {
            byte[] extensionValue = x509Certificate.getExtensionValue(str);
            if (extensionValue == null) {
                return defaultUrlToCrl;
            }
            DERTaggedObject object = ASN1Object.fromByteArray(ASN1Object.fromByteArray(extensionValue).getOctets()).getObjectAt(0).getObjectAt(0).getObject();
            if (!(object.getObject() instanceof DERSequence)) {
                return getUrlFromDerTeggetObject((DERTaggedObject) object.getObject());
            }
            DERSequence object2 = object.getObject();
            if (object2.size() == 0) {
                throw new RuntimeException("Could not find CRL url in certificate!");
            }
            return getUrlFromDerTeggetObject((DERTaggedObject) object2.getObjectAt(0));
        } catch (Exception e) {
            throw new CRLException("Could not parse crl address from crt file!");
        }
    }

    private String getUrlFromDerTeggetObject(DERTaggedObject dERTaggedObject) {
        return Strings.fromUTF8ByteArray(dERTaggedObject.getObject().getOctets()).split("\n")[0];
    }

    public String getUrlToCrl() {
        return this.urlToCrl;
    }

    public String getUrlToFreshestCrl() {
        return this.urlToFreshestCrl;
    }

    public X509CRLObject getCRL() throws CRLDownloadException {
        if (this.urlToCrl == null) {
            return null;
        }
        return getCrlByUrl(this.urlToCrl);
    }

    public X509CRLObject getFreshestCRL() throws CRLDownloadException {
        if (this.urlToFreshestCrl == null) {
            return null;
        }
        return getCrlByUrl(this.urlToFreshestCrl);
    }

    private X509CRLObject getCrlByUrl(String str) throws CRLDownloadException {
        X509CRLObject x509CRLObject = cachedCRLs.get(str);
        if (x509CRLObject == null || x509CRLObject.getNextUpdate().before(new Date())) {
            x509CRLObject = downloadCrlByUrl(str);
            cachedCRLs.put(str, x509CRLObject);
        }
        return x509CRLObject;
    }

    private X509CRLObject downloadCrlByUrl(String str) throws CRLDownloadException {
        try {
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
            httpURLConnection.setRequestMethod("GET");
            try {
                InputStream inputStream = httpURLConnection.getInputStream();
                Throwable th = null;
                try {
                    try {
                        X509CRLObject engineGenerateCRL = new JDKX509CertificateFactory().engineGenerateCRL(inputStream);
                        if (inputStream != null) {
                            if (0 != 0) {
                                try {
                                    inputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                inputStream.close();
                            }
                        }
                        return engineGenerateCRL;
                    } finally {
                    }
                } catch (Throwable th3) {
                    if (inputStream != null) {
                        if (th != null) {
                            try {
                                inputStream.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            inputStream.close();
                        }
                    }
                    throw th3;
                }
            } finally {
                httpURLConnection.disconnect();
            }
        } catch (Exception e) {
            throw new CRLDownloadException(e);
        }
    }
}
