package dev.fitko.fitconnect.jwkvalidator.x5c.crl;

import dev.fitko.fitconnect.jwkvalidator.x5c.net.RevocationDownloadRequest;
import dev.fitko.fitconnect.jwkvalidator.x5c.net.ValidResponseCodes;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.Proxy;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:dev/fitko/fitconnect/jwkvalidator/x5c/crl/CRLDownloadRequest.class */
public class CRLDownloadRequest extends RevocationDownloadRequest<X509CRL> {
    private static final Logger log = LoggerFactory.getLogger(CRLDownloadRequest.class);

    public CRLDownloadRequest(Proxy proxy) {
        super(proxy);
    }

    public Optional<X509CRL> downloadResponse(X509Certificate x509Certificate, String str) {
        if (isHttpURL(str) || isHttpsURL(str)) {
            return downloadFromWeb(x509Certificate, str, ValidResponseCodes.HTTP);
        }
        if (isFtpURL(str)) {
            return downloadFromWeb(x509Certificate, str, ValidResponseCodes.FTP);
        }
        if (isLdapURL(str)) {
            log.debug("Cannot download CRL from source {} for certificate {} - LDAP not supported", str, x509Certificate.getSerialNumber());
            return Optional.empty();
        }
        log.error("Cannot download CRL from source {} for certificate {} - Unknown source", str, x509Certificate.getSerialNumber());
        return Optional.empty();
    }

    private Optional<X509CRL> downloadFromWeb(X509Certificate x509Certificate, String str, ValidResponseCodes validResponseCodes) {
        Optional<U> flatMap = createHttpConnection(x509Certificate, str).flatMap(httpURLConnection -> {
            return validateHttpConnectionResponseCode(validResponseCodes, httpURLConnection, x509Certificate, str);
        });
        return flatMap.isEmpty() ? Optional.empty() : readResponseFromHttpConnection((HttpURLConnection) flatMap.get(), x509Certificate, str);
    }

    @Override // dev.fitko.fitconnect.jwkvalidator.x5c.net.RevocationDownloadRequest
    protected Optional<X509CRL> buildResponseObject(InputStream inputStream, X509Certificate x509Certificate, String str) {
        try {
            return Optional.of((X509CRL) CertificateFactory.getInstance("X.509").generateCRL(inputStream));
        } catch (CRLException e) {
            log.error("Failed reading CRL response from source {} for certificate {}", new Object[]{str, x509Certificate, e});
            return Optional.empty();
        } catch (CertificateException e2) {
            log.error("Failed reading CRL response from source {} for certificate {} - no provider for X.509", new Object[]{str, x509Certificate, e2});
            return Optional.empty();
        }
    }
}
