package eu.europa.esig.dss.crl.stream.impl;

import eu.europa.esig.dss.crl.AbstractCRLUtils;
import eu.europa.esig.dss.crl.CRLBinary;
import eu.europa.esig.dss.crl.CRLValidity;
import eu.europa.esig.dss.crl.ICRLUtils;
import eu.europa.esig.dss.enumerations.KeyUsageBit;
import eu.europa.esig.dss.enumerations.SignatureAlgorithm;
import eu.europa.esig.dss.model.x509.CertificateToken;
import java.io.BufferedInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.Signature;
import java.security.cert.X509CRLEntry;
import org.bouncycastle.asn1.x509.Extension;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/crl/stream/impl/CRLUtilsStreamImpl.class */
public class CRLUtilsStreamImpl extends AbstractCRLUtils implements ICRLUtils {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) CRLUtilsStreamImpl.class);

    @Override // eu.europa.esig.dss.crl.ICRLUtils
    public CRLValidity buildCRLValidity(CRLBinary cRLBinary, CertificateToken certificateToken) throws IOException {
        CRLValidity cRLValidity = new CRLValidity(cRLBinary);
        CRLInfo crlInfo = getCrlInfo(cRLValidity);
        SignatureAlgorithm forOidAndParams = SignatureAlgorithm.forOidAndParams(crlInfo.getCertificateListSignatureAlgorithmOid(), crlInfo.getCertificateListSignatureAlgorithmParams());
        cRLValidity.setSignatureAlgorithm(forOidAndParams);
        cRLValidity.setThisUpdate(crlInfo.getThisUpdate());
        cRLValidity.setNextUpdate(crlInfo.getNextUpdate());
        cRLValidity.setCriticalExtensionsOid(crlInfo.getCriticalExtensions().keySet());
        extractIssuingDistributionPointBinary(cRLValidity, crlInfo.getCriticalExtension(Extension.issuingDistributionPoint.getId()));
        extractExpiredCertsOnCRL(cRLValidity, crlInfo.getNonCriticalExtension(Extension.expiredCertsOnCRL.getId()));
        if (crlInfo.getIssuer().equals(certificateToken.getSubject().getPrincipal())) {
            cRLValidity.setIssuerX509PrincipalMatches(true);
        }
        checkSignatureValue(cRLValidity, crlInfo.getSignatureValue(), forOidAndParams, getSignedData(cRLValidity), certificateToken);
        return cRLValidity;
    }

    private byte[] getSignedData(CRLValidity cRLValidity) throws IOException {
        InputStream cRLInputStream = cRLValidity.toCRLInputStream();
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                BinaryFilteringInputStream binaryFilteringInputStream = new BinaryFilteringInputStream(cRLInputStream, byteArrayOutputStream);
                try {
                    new CRLParser().getSignedData(binaryFilteringInputStream);
                    byte[] byteArray = byteArrayOutputStream.toByteArray();
                    binaryFilteringInputStream.close();
                    byteArrayOutputStream.close();
                    if (cRLInputStream != null) {
                        cRLInputStream.close();
                    }
                    return byteArray;
                } catch (Throwable th) {
                    try {
                        binaryFilteringInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } finally {
            }
        } catch (Throwable th3) {
            if (cRLInputStream != null) {
                try {
                    cRLInputStream.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }

    @Override // eu.europa.esig.dss.crl.ICRLUtils
    public X509CRLEntry getRevocationInfo(CRLValidity cRLValidity, BigInteger bigInteger) {
        CRLParser cRLParser = new CRLParser();
        X509CRLEntry x509CRLEntry = null;
        try {
            InputStream cRLInputStream = cRLValidity.toCRLInputStream();
            try {
                x509CRLEntry = cRLParser.retrieveRevocationInfo(cRLInputStream, bigInteger);
                if (cRLInputStream != null) {
                    cRLInputStream.close();
                }
            } finally {
            }
        } catch (IOException e) {
            LOG.error("Unable to retrieve the revocation status", (Throwable) e);
        }
        return x509CRLEntry;
    }

    private void checkSignatureValue(CRLValidity cRLValidity, byte[] bArr, SignatureAlgorithm signatureAlgorithm, byte[] bArr2, CertificateToken certificateToken) {
        try {
            Signature signature = Signature.getInstance(signatureAlgorithm.getJCEId());
            signature.initVerify(certificateToken.getPublicKey());
            signature.update(bArr2);
            if (signature.verify(bArr)) {
                cRLValidity.setSignatureIntact(true);
                cRLValidity.setIssuerToken(certificateToken);
                cRLValidity.setCrlSignKeyUsage(certificateToken.checkKeyUsage(KeyUsageBit.CRL_SIGN));
            } else {
                cRLValidity.setSignatureInvalidityReason("Signature value not correct");
            }
        } catch (GeneralSecurityException e) {
            String format = String.format("CRL Signature cannot be validated : %s", e.getMessage());
            if (LOG.isTraceEnabled()) {
                LOG.trace(format, (Throwable) e);
            } else {
                LOG.warn(format);
            }
            cRLValidity.setSignatureInvalidityReason(format);
        }
    }

    private CRLInfo getCrlInfo(CRLValidity cRLValidity) throws IOException {
        InputStream cRLInputStream = cRLValidity.toCRLInputStream();
        try {
            BufferedInputStream bufferedInputStream = new BufferedInputStream(cRLInputStream);
            try {
                CRLInfo retrieveInfo = new CRLParser().retrieveInfo(bufferedInputStream);
                bufferedInputStream.close();
                if (cRLInputStream != null) {
                    cRLInputStream.close();
                }
                return retrieveInfo;
            } finally {
            }
        } catch (Throwable th) {
            if (cRLInputStream != null) {
                try {
                    cRLInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
