package be.fedict.trust.crl;

import be.fedict.trust.Credentials;
import be.fedict.trust.NetworkConfig;
import java.io.IOException;
import java.net.URI;
import java.security.NoSuchProviderException;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
import org.bouncycastle.x509.NoSuchParserException;
import org.bouncycastle.x509.util.StreamParsingException;

/* loaded from: input_file:be/fedict/trust/crl/OnlineCrlRepository.class */
public class OnlineCrlRepository implements CrlRepository {
    private static final Log LOG = LogFactory.getLog(OnlineCrlRepository.class);
    private final NetworkConfig networkConfig;
    private Credentials credentials;

    public OnlineCrlRepository(NetworkConfig networkConfig) {
        this.networkConfig = networkConfig;
    }

    public OnlineCrlRepository() {
        this(null);
    }

    public void setCredentials(Credentials credentials) {
        this.credentials = credentials;
    }

    @Override // be.fedict.trust.crl.CrlRepository
    public X509CRL findCrl(URI uri, X509Certificate x509Certificate, Date date) {
        try {
            return getCrl(uri);
        } catch (CRLException e) {
            LOG.debug("error parsing CRL: " + e.getMessage(), e);
            return null;
        } catch (Exception e2) {
            LOG.error("find CRL error: " + e2.getMessage(), e2);
            return null;
        }
    }

    private X509CRL getCrl(URI uri) throws IOException, CertificateException, CRLException, NoSuchProviderException, NoSuchParserException, StreamParsingException {
        HttpClient httpClient = new HttpClient();
        if (null != this.networkConfig) {
            httpClient.getHostConfiguration().setProxy(this.networkConfig.getProxyHost(), this.networkConfig.getProxyPort());
        }
        if (null != this.credentials) {
            this.credentials.init(httpClient.getState());
        }
        String url = uri.toURL().toString();
        LOG.debug("downloading CRL from: " + url);
        GetMethod getMethod = new GetMethod(url);
        getMethod.addRequestHeader("User-Agent", "jTrust CRL Client");
        int executeMethod = httpClient.executeMethod(getMethod);
        if (200 != executeMethod) {
            LOG.debug("HTTP status code: " + executeMethod);
            return null;
        }
        X509CRL x509crl = (X509CRL) CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID, "BC").generateCRL(getMethod.getResponseBodyAsStream());
        LOG.debug("CRL size: " + x509crl.getEncoded().length + " bytes");
        return x509crl;
    }
}
