package org.eclipse.scada.sec.authz.signature;

import java.io.InputStream;
import java.net.URL;
import java.security.cert.CRL;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedList;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/scada/sec/authz/signature/X509CA.class */
public class X509CA {
    private static final Logger logger = LoggerFactory.getLogger(X509CA.class);
    private volatile X509Certificate[] certificates;
    private volatile X509CRL[] crls;
    private final String certificateUrl;
    private final Collection<String> crlUrls;
    private final CertificateFactory certificateFactory;

    public X509CA(CertificateFactory certificateFactory, String str, Collection<String> collection) {
        this.certificateFactory = certificateFactory;
        this.certificateUrl = str;
        this.crlUrls = collection != null ? new ArrayList(collection) : null;
        this.certificates = new X509Certificate[0];
        this.crls = new X509CRL[0];
    }

    public void load() throws Exception {
        Collection<X509Certificate> loadCert = loadCert(this.certificateUrl);
        Collection<X509CRL> loadCrl = loadCrl(this.crlUrls);
        this.certificates = (X509Certificate[]) loadCert.toArray(new X509Certificate[loadCert.size()]);
        this.crls = (X509CRL[]) loadCrl.toArray(new X509CRL[loadCrl.size()]);
    }

    private Collection<X509CRL> loadCrl(Collection<String> collection) throws Exception {
        if (collection == null || collection.isEmpty()) {
            return Collections.emptyList();
        }
        LinkedList linkedList = new LinkedList();
        for (String str : collection) {
            logger.info("Loading CA CRL from : {}", str);
            InputStream openStream = new URL(str).openStream();
            try {
                Collection<? extends CRL> generateCRLs = this.certificateFactory.generateCRLs(openStream);
                logger.debug("Loaded {} entries", generateCRLs);
                linkedList.addAll(generateCRLs);
            } finally {
                openStream.close();
            }
        }
        logger.info("Finished loading CRLs - {} found", Integer.valueOf(linkedList.size()));
        return linkedList;
    }

    private Collection<X509Certificate> loadCert(String str) throws Exception {
        logger.info("Loading CA cert from : {}", str);
        InputStream openStream = new URL(str).openStream();
        try {
            Collection generateCertificates = this.certificateFactory.generateCertificates(openStream);
            logger.info("Finished loading CA certs - {} found", Integer.valueOf(generateCertificates.size()));
            return generateCertificates;
        } finally {
            openStream.close();
        }
    }

    public X509Certificate[] getCertificates() {
        return this.certificates;
    }

    public X509CRL[] getCrls() {
        return this.crls;
    }

    public boolean isRevoked(X509Certificate x509Certificate) {
        for (X509CRL x509crl : this.crls) {
            if (x509crl.isRevoked(x509Certificate)) {
                return true;
            }
        }
        return false;
    }

    public boolean isValid() {
        for (X509Certificate x509Certificate : this.certificates) {
            try {
                x509Certificate.checkValidity();
                return true;
            } catch (Exception unused) {
            }
        }
        return false;
    }

    public String toString() {
        return String.format("[CA - cert: {}, crls: {}]", this.certificateUrl, this.crlUrls);
    }
}
