package org.glite.security.trustmanager;

import java.math.BigInteger;
import java.security.Principal;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Iterator;
import java.util.Set;
import java.util.Vector;
import org.apache.log4j.Logger;

/* loaded from: input_file:glite-security-trustmanager.jar:org/glite/security/trustmanager/CRLCertChecker.class */
public class CRLCertChecker extends PKIXCertPathChecker {
    static Logger logger;
    private Vector crls;
    private boolean crlRequired;
    static Class class$org$glite$security$trustmanager$CRLCertChecker;

    public CRLCertChecker(Vector vector, boolean z) {
        this.crlRequired = false;
        this.crls = vector;
        this.crlRequired = z;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection collection) throws CertPathValidatorException {
        Iterator it = this.crls.iterator();
        if (!(certificate instanceof X509Certificate)) {
            logger.error("Error: non-X509 certificate given as an argument");
            throw new CertPathValidatorException("Error: non-X509 certificate given as an argument");
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        Principal issuerDN = x509Certificate.getIssuerDN();
        BigInteger serialNumber = x509Certificate.getSerialNumber();
        try {
            logger.debug(new StringBuffer().append("Checking certificate ").append(x509Certificate.getSubjectDN().getName()).append(" with serial ").append(serialNumber).toString());
            while (it.hasNext()) {
                X509CRL x509crl = (X509CRL) it.next();
                if (x509crl.getIssuerDN().equals(issuerDN)) {
                    logger.debug(new StringBuffer().append("CRL found from ").append(issuerDN.getName()).toString());
                    if (x509crl.getRevokedCertificate(serialNumber) != null) {
                        logger.info(new StringBuffer().append("The certificate is revoked by ").append(issuerDN.getName()).toString());
                        throw new CertPathValidatorException(new StringBuffer().append("The certificate ").append(x509Certificate.getSubjectDN().getName()).append(" is revoked by ").append(issuerDN.getName()).toString());
                    }
                    logger.debug("CRLCertChecker.check: certificate OK, cheked against CRL");
                    return;
                }
            }
            if (this.crlRequired) {
                logger.warn(new StringBuffer().append("No crl (even though it is required) found for the CA ").append(issuerDN.toString()).toString());
                throw new CertPathValidatorException(new StringBuffer().append("No crl (even though it is required) found for the CA ").append(issuerDN.toString()).toString());
            }
            logger.debug("CRLCertChecker.check: certificate OK");
        } catch (Exception e) {
            logger.debug(new StringBuffer().append("Certificate revocation checking failed: ").append(e.getMessage()).toString());
            throw new CertPathValidatorException(e.getMessage());
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z) throws CertPathValidatorException {
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return true;
    }

    public Vector getCrls() {
        return this.crls;
    }

    public void setCrls(Vector vector) {
        this.crls = vector;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$glite$security$trustmanager$CRLCertChecker == null) {
            cls = class$("org.glite.security.trustmanager.CRLCertChecker");
            class$org$glite$security$trustmanager$CRLCertChecker = cls;
        } else {
            cls = class$org$glite$security$trustmanager$CRLCertChecker;
        }
        logger = Logger.getLogger(cls.getName());
    }
}
