package com.pcbsys.foundation.drivers;

import com.pcbsys.foundation.fConstants;
import com.pcbsys.foundation.security.fConnectionValidator;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.SocketAddress;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.util.Set;

/* loaded from: input_file:com/pcbsys/foundation/drivers/fCRLHandler.class */
public class fCRLHandler implements fConnectionValidator {
    private File myCRLFile;
    private X509CRL myCRL;
    private long myLoadTime;
    private long mySize;

    public fCRLHandler(String str) throws Exception {
        if (str.length() > 0) {
            this.myCRLFile = new File(str);
            if (this.myCRLFile.exists()) {
                loadCRL();
            } else {
                fConstants.logger.log("CRL file " + str + " could not be located");
                throw new IOException("CRL File not found " + str);
            }
        }
    }

    protected void loadCRL() throws Exception {
        if (this.myLoadTime == this.myCRLFile.lastModified() && this.mySize == this.myCRLFile.length()) {
            return;
        }
        this.myLoadTime = this.myCRLFile.lastModified();
        this.mySize = this.myCRLFile.length();
        if (this.myCRLFile.length() <= 0) {
            fConstants.logger.log("Certificate revocation list is empty");
            this.myCRL = null;
            return;
        }
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        FileInputStream fileInputStream = new FileInputStream(this.myCRLFile);
        try {
            this.myCRL = (X509CRL) certificateFactory.generateCRL(fileInputStream);
            if (this.myCRL.getRevokedCertificates() != null) {
                fConstants.logger.log("Loaded " + this.myCRL.getRevokedCertificates().size() + " revoked certificates from " + this.myCRLFile.getName());
            } else {
                fConstants.logger.log("Certificate revocation list is empty");
            }
            displayCRL();
        } finally {
            fileInputStream.close();
        }
    }

    protected void displayCRL() {
        fConstants.logger.info("---CRL---");
        fConstants.logger.info("type = " + this.myCRL.getType());
        fConstants.logger.info("version = " + this.myCRL.getVersion());
        fConstants.logger.info("issuer = " + this.myCRL.getIssuerDN().getName());
        fConstants.logger.info("signing algorithm = " + this.myCRL.getSigAlgName());
        fConstants.logger.info("signing OID = " + this.myCRL.getSigAlgOID());
        fConstants.logger.info("this update = " + this.myCRL.getThisUpdate());
        fConstants.logger.info("next update = " + this.myCRL.getNextUpdate());
        fConstants.logger.info("---Entries---");
        Set<? extends X509CRLEntry> revokedCertificates = this.myCRL.getRevokedCertificates();
        if (revokedCertificates == null || revokedCertificates.isEmpty()) {
            return;
        }
        for (X509CRLEntry x509CRLEntry : revokedCertificates) {
            fConstants.logger.info("serial number = " + x509CRLEntry.getSerialNumber());
            fConstants.logger.info("revocation date = " + x509CRLEntry.getRevocationDate());
            fConstants.logger.info("extensions = " + x509CRLEntry.hasExtensions());
        }
    }

    public boolean isValid(SocketAddress socketAddress, Certificate[] certificateArr) {
        try {
            loadCRL();
        } catch (Exception e) {
        }
        if (this.myCRL == null) {
            return true;
        }
        for (int i = 0; i < certificateArr.length; i++) {
            if (this.myCRL.isRevoked(certificateArr[i])) {
                fConstants.logger.info("Certificate [" + i + "] validation requested for " + certificateArr[i].toString() + " from " + socketAddress.toString() + " has been revoked");
                return false;
            }
        }
        return true;
    }

    @Override // com.pcbsys.foundation.security.fConnectionValidator
    public boolean isValid(String str, SocketAddress socketAddress, Certificate[] certificateArr) {
        return isValid(socketAddress, certificateArr);
    }
}
