package dev.fitko.fitconnect.jwkvalidator.x5c.crl;

import dev.fitko.fitconnect.jwkvalidator.x5c.CertStatus;
import java.net.Proxy;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Optional;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:dev/fitko/fitconnect/jwkvalidator/x5c/crl/CRLVerifier.class */
public class CRLVerifier {
    private static final Logger log = LoggerFactory.getLogger(CRLVerifier.class);
    private final CRLCacheManager crlCacheManager = new CRLCacheManager();
    private final CRLDistributionPointGenerator crlDistributionPointGenerator = new CRLDistributionPointGenerator();
    private final CRLDistributionPointEvaluator crlDistributionPointEvaluator;

    public CRLVerifier(Proxy proxy, List<String> list) {
        this.crlDistributionPointEvaluator = new CRLDistributionPointEvaluator(proxy, this.crlCacheManager, list);
    }

    public CertStatus checkCertStatus(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        return checkCertStatus(x509Certificate, x509Certificate2, true);
    }

    public CertStatus checkCertStatus(X509Certificate x509Certificate, X509Certificate x509Certificate2, boolean z) {
        Optional<CertStatus> checkForEntryInCache = this.crlCacheManager.checkForEntryInCache(x509Certificate);
        if (checkForEntryInCache.isPresent()) {
            return checkForEntryInCache.get();
        }
        try {
            List<DistributionPoint> obtainCRLDistributionPoints = this.crlDistributionPointGenerator.obtainCRLDistributionPoints(x509Certificate);
            return obtainCRLDistributionPoints.isEmpty() ? CertStatus.UNKNOWN : this.crlDistributionPointEvaluator.checkCertStatusForCrlDistPoints(x509Certificate, x509Certificate2, obtainCRLDistributionPoints, z);
        } catch (Exception e) {
            log.error("Failed verifying CRL in certificate {}", x509Certificate.getSerialNumber(), e);
            return CertStatus.UNKNOWN;
        }
    }
}
