package mitm.common.security.crl;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import mitm.common.security.SecurityFactory;
import mitm.common.security.SecurityFactoryFactory;
import mitm.common.security.crlstore.BasicCRLStore;
import mitm.common.security.crlstore.CRLStoreException;
import mitm.common.util.Check;
import mitm.common.util.CloseableIterator;
import mitm.common.util.CloseableIteratorException;
import org.apache.commons.lang.exception.ExceptionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes2.dex */
public class CRLLocator {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) CRLLocator.class);
    private final Set<BasicCRLStore> crlStores;
    private final SecurityFactory securityFactory = SecurityFactoryFactory.getSecurityFactory();

    public CRLLocator(Set<BasicCRLStore> set) {
        Set<BasicCRLStore> synchronizedSet = Collections.synchronizedSet(new HashSet());
        this.crlStores = synchronizedSet;
        Check.notNull(set, "crlStores");
        synchronizedSet.addAll(set);
    }

    public CRLLocator(BasicCRLStore... basicCRLStoreArr) {
        Set<BasicCRLStore> synchronizedSet = Collections.synchronizedSet(new HashSet());
        this.crlStores = synchronizedSet;
        Check.notNull(basicCRLStoreArr, "crlStores");
        synchronizedSet.addAll(Arrays.asList(basicCRLStoreArr));
    }

    private boolean acceptCRL(X509Certificate x509Certificate, X509CRL x509crl) throws NoSuchProviderException {
        try {
            x509crl.verify(x509Certificate.getPublicKey(), this.securityFactory.getNonSensitiveProvider());
            return true;
        } catch (InvalidKeyException e) {
            logger.error("CRL could not be verified.", (Throwable) e);
            return false;
        } catch (NoSuchAlgorithmException e2) {
            logger.error("CRL could not be verified.", (Throwable) e2);
            return false;
        } catch (SignatureException e3) {
            Logger logger2 = logger;
            if (logger2.isDebugEnabled()) {
                logger2.error("CRL could not be verified. Hash not correct", (Throwable) e3);
                return false;
            }
            logger2.error("CRL could not be verified. Hash not correct. Message: " + ExceptionUtils.getRootCauseMessage(e3));
            return false;
        } catch (CRLException e4) {
            logger.error("CRL could not be verified.", (Throwable) e4);
            return false;
        }
    }

    public List<X509CRL> findCRLs(X509Certificate x509Certificate) throws NoSuchProviderException {
        LinkedList linkedList = new LinkedList();
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        x509CRLSelector.addIssuer(x509Certificate.getSubjectX500Principal());
        Iterator<BasicCRLStore> it = this.crlStores.iterator();
        while (it.hasNext()) {
            try {
                CloseableIterator<? extends CRL> cRLIterator = it.next().getCRLIterator(x509CRLSelector);
                while (cRLIterator.hasNext()) {
                    try {
                        CRL next = cRLIterator.next();
                        if (next instanceof X509CRL) {
                            X509CRL x509crl = (X509CRL) next;
                            if (acceptCRL(x509Certificate, x509crl)) {
                                linkedList.add(x509crl);
                            }
                        } else {
                            logger.warn("Only X509CRLs are supported. Skipping this CRL.");
                        }
                    } catch (Throwable th) {
                        cRLIterator.close();
                        throw th;
                        break;
                    }
                }
                cRLIterator.close();
            } catch (CRLStoreException e) {
                logger.error("Error getting CRLs. Skipping this store.", (Throwable) e);
            } catch (CloseableIteratorException e2) {
                logger.error("Error stepping through the CRL store. Skipping this store.", (Throwable) e2);
            }
        }
        return linkedList;
    }
}
