package ru.CryptoPro.AdES.evidence;

import java.security.cert.CertStore;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.LinkedList;
import java.util.Set;
import org.bouncycastle.jcajce.PKIXExtendedBuilderParameters;
import org.bouncycastle.jcajce.PKIXExtendedParameters;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import ru.CryptoPro.AdES.BaseParameterValidator;
import ru.CryptoPro.AdES.evidence.Evidence;
import ru.CryptoPro.AdES.evidence.crl.CRLEvidenceImpl;
import ru.CryptoPro.AdES.evidence.crl.rfc3280.CRLVerifierEx;
import ru.CryptoPro.AdES.exception.AdESException;
import ru.CryptoPro.JCP.tools.JCPLogger;

/* loaded from: classes3.dex */
public class EvidenceParameterValidatorImpl implements BaseParameterValidator<Evidence<?>> {
    private final X509Certificate rootCert;
    private final Date validationDate;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: ru.CryptoPro.AdES.evidence.EvidenceParameterValidatorImpl$1, reason: invalid class name */
    /* loaded from: classes3.dex */
    public /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$ru$CryptoPro$AdES$evidence$Evidence$EvidenceType;

        static {
            int[] iArr = new int[Evidence.EvidenceType.values().length];
            $SwitchMap$ru$CryptoPro$AdES$evidence$Evidence$EvidenceType = iArr;
            try {
                iArr[Evidence.EvidenceType.etCRL.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
        }
    }

    public EvidenceParameterValidatorImpl(X509Certificate x509Certificate, Date date) {
        this.rootCert = x509Certificate;
        this.validationDate = date;
    }

    private void checkIfCRLAcceptedForCertificate(X509CRL x509crl, X509Certificate x509Certificate, X509Certificate x509Certificate2) throws AdESException {
        JCPLogger.subEnter();
        JCPLogger.fineFormat("Check if CRL is suitable for certificate\n\tsn: {0}\n\tsubject: {1}\n\tissuer: {2}", x509Certificate.getSerialNumber().toString(16), x509Certificate.getSubjectDN(), x509Certificate.getIssuerDN());
        try {
            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) Collections.singleton(new TrustAnchor(this.rootCert, null)));
            pKIXParameters.setDate(this.validationDate);
            LinkedList linkedList = new LinkedList();
            linkedList.add(x509Certificate);
            linkedList.add(x509Certificate2);
            linkedList.remove(this.rootCert);
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(linkedList);
            arrayList.addAll(Collections.singletonList(x509crl));
            pKIXParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), BouncyCastleProvider.PROVIDER_NAME));
            boolean checkCRL = new CRLVerifierEx(x509Certificate, x509Certificate2, new PKIXExtendedBuilderParameters.Builder(new PKIXExtendedParameters.Builder(pKIXParameters).build()).build().getBaseParameters()).checkCRL();
            JCPLogger.fine("CRL accepted:", Boolean.valueOf(checkCRL));
            if (!checkCRL) {
                throw new AdESException("CRL is not suitable for certificate: sn" + x509Certificate.getSerialNumber().toString(16) + ", subject " + x509Certificate.getSubjectDN() + ", issuer  " + x509Certificate.getIssuerDN(), AdESException.ecRevocationCRLNotSuitable);
            }
            JCPLogger.subExit();
        } catch (Exception e) {
            throw new AdESException(e, AdESException.ecRevocationCRLNotSuitable);
        }
    }

    @Override // ru.CryptoPro.AdES.BaseParameterValidator
    public void validate(Evidence<?> evidence) throws AdESException {
        JCPLogger.subEnter();
        if (AnonymousClass1.$SwitchMap$ru$CryptoPro$AdES$evidence$Evidence$EvidenceType[evidence.getType().ordinal()] == 1) {
            CRLEvidenceImpl cRLEvidenceImpl = (CRLEvidenceImpl) evidence;
            checkIfCRLAcceptedForCertificate(cRLEvidenceImpl.getEvidence(), cRLEvidenceImpl.getCheckableCertificate(), cRLEvidenceImpl.getIssuerCertificate());
        }
        JCPLogger.subExit();
    }
}
