package iaik.pki.store.revocation;

import iaik.asn1.structures.Name;
import iaik.logging.Log;
import iaik.logging.LogFactory;
import iaik.logging.TransactionId;
import iaik.pki.Configurator;
import iaik.pki.revocation.CRLDistributionPointInfo;
import iaik.pki.revocation.RevocationConfiguration;
import iaik.pki.revocation.RevocationSourceTypes;
import iaik.pki.utils.Constants;
import iaik.pki.utils.NameUtils;
import iaik.pki.utils.UtilsException;
import java.util.Collection;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.List;

/* loaded from: classes.dex */
abstract class C implements RevocationSourceStore {
    protected static final long B = 10000;
    public static final String D = "AbstractRevocationSourceStore.TimeTolerance";
    protected static long F;
    protected RevocationConfiguration E;
    protected static Log A = LogFactory.getLog(Constants.MODULE_NAME);
    protected static Date C = new Date();

    static {
        F = B;
        F = Configurator.getPKIPropertyAsLong(D, B);
    }

    protected static int A(long j, long j2) {
        long j3 = j - j2;
        if (Math.abs(j3) <= F) {
            return 0;
        }
        return j3 > 0 ? 1 : -1;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int A(Date date, Date date2) {
        if (date == null) {
            throw new NullPointerException("Argument \"d1\" must not be null.");
        }
        if (date2 == null) {
            throw new NullPointerException("Argument \"d2\" must not be null.");
        }
        return A(date.getTime(), date2.getTime());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static synchronized Date A() {
        Date date;
        synchronized (C.class) {
            C.setTime(System.currentTimeMillis());
            date = C;
        }
        return date;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String A(String str, String str2, Collection collection) {
        String str3;
        List uRLs;
        try {
            str3 = (!str.equals("crl") || collection == null || collection.isEmpty() || (uRLs = ((CRLDistributionPointInfo) collection.iterator().next()).getURLs()) == null || uRLs.isEmpty()) ? null : (String) uRLs.get(0);
        } catch (Exception e) {
            str3 = null;
        }
        return str3 == null ? str2 : str3;
    }

    void A(CRLRevocationSource cRLRevocationSource, TransactionId transactionId) {
        String name;
        Name issuerName = cRLRevocationSource.getIssuerName();
        try {
            name = NameUtils.getNormalizedName(issuerName);
        } catch (UtilsException e) {
            name = issuerName.getName();
        }
        Integer crlRetentionInterval = this.E.getCrlRetentionInterval(name);
        if (A.isDebugEnabled() && crlRetentionInterval != null) {
            A.debug(transactionId, new StringBuffer("CRL retention interval is ").append(crlRetentionInterval).append(" days.").toString(), null);
        }
        try {
            ((CRLRevocationSourceImpl) cRLRevocationSource).A(crlRetentionInterval, transactionId);
        } catch (ClassCastException e2) {
            A.error(transactionId, "Could not set crl archive cutoff time.", null);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean A(RevocationSource revocationSource, Date date, Date date2, long j, TransactionId transactionId) {
        Date archiveCutoff;
        boolean z;
        long j2;
        Date time = revocationSource.getTime();
        long time2 = time.getTime();
        Date A2 = A();
        if (revocationSource.getType().equals("crl")) {
            long lifeCycleTime = revocationSource.getLifeCycleTime();
            if (lifeCycleTime > 0) {
                time2 -= lifeCycleTime;
            }
            if (A(A2, date2) > 0) {
                CRLRevocationSource cRLRevocationSource = (CRLRevocationSource) revocationSource;
                long crlArchiveCutoffTime = cRLRevocationSource.getCrlArchiveCutoffTime();
                if (crlArchiveCutoffTime == -2) {
                    A(cRLRevocationSource, transactionId);
                    j2 = cRLRevocationSource.getCrlArchiveCutoffTime();
                } else {
                    j2 = crlArchiveCutoffTime;
                }
                if (j2 == -1) {
                    A.debug(transactionId, "Expired certs are never removed from crl.", null);
                    z = false;
                } else if (j2 > 0) {
                    if (A.isDebugEnabled()) {
                        GregorianCalendar gregorianCalendar = new GregorianCalendar();
                        gregorianCalendar.setTimeInMillis(j2);
                        A.debug(transactionId, new StringBuffer("Revoked certificates expired before ").append(gregorianCalendar.getTime()).append(" maybe have been removed from crl.").toString(), null);
                    }
                    time2 = j2;
                    z = true;
                }
            }
            z = true;
        } else {
            if (revocationSource.getType().equals(RevocationSourceTypes.OCSP) && (archiveCutoff = ((OCSPRevocationSource) revocationSource).getArchiveCutoff()) != null) {
                A.debug(transactionId, new StringBuffer("Archive Cutoff date included in OCSP response: ").append(archiveCutoff).append(".").toString(), null);
                time2 = archiveCutoff.getTime();
                z = true;
            }
            z = true;
        }
        if (z && A(date2.getTime(), time2) < 0) {
            A.info(transactionId, "Revocation info out of age (issued too long after certificate's validity period).", null);
            return false;
        }
        if (A(date, time) > 0) {
            Date nextUpdate = revocationSource.getNextUpdate();
            if (nextUpdate == null) {
                A.warn(transactionId, "Revocation info maybe out of date, because it does not contain a next update field.", null);
                return true;
            }
            if (A(nextUpdate, date) < 0) {
                if (j <= 0) {
                    A.info(transactionId, "Revocation info is out of age (next update before verification date).", null);
                    return false;
                }
                if (A(new Date(time.getTime() + j), date) < 0) {
                    A.info(transactionId, "Revocation info is out of age (this update + accepted age before verification date).", null);
                    return false;
                }
                A.warn(transactionId, "CRL not up to date, accepting anyway because of max revocation age setting.", null);
            }
        }
        return true;
    }

    @Override // iaik.pki.store.revocation.RevocationSourceStore
    public synchronized void configure(RevocationConfiguration revocationConfiguration) {
        if (revocationConfiguration == null) {
            throw new NullPointerException("Revocationconfig must not be null");
        }
        if (this.E != null) {
            throw new RevocationStoreException("Revocation store already configured", null, new StringBuffer().append(getClass().getName()).append(":5").toString());
        }
        this.E = revocationConfiguration;
    }
}
