package eu.europa.esig.dss.service.crl;

import eu.europa.esig.dss.crl.CRLBinary;
import eu.europa.esig.dss.crl.CRLUtils;
import eu.europa.esig.dss.enumerations.RevocationOrigin;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.model.x509.revocation.crl.CRL;
import eu.europa.esig.dss.service.http.commons.CommonsDataLoader;
import eu.europa.esig.dss.spi.CertificateExtensionsUtils;
import eu.europa.esig.dss.spi.client.http.DataLoader;
import eu.europa.esig.dss.spi.client.http.Protocol;
import eu.europa.esig.dss.spi.exception.DSSExternalResourceException;
import eu.europa.esig.dss.spi.x509.revocation.OnlineRevocationSource;
import eu.europa.esig.dss.spi.x509.revocation.RevocationSourceAlternateUrlsSupport;
import eu.europa.esig.dss.spi.x509.revocation.RevocationToken;
import eu.europa.esig.dss.spi.x509.revocation.crl.CRLSource;
import eu.europa.esig.dss.spi.x509.revocation.crl.CRLToken;
import eu.europa.esig.dss.utils.Utils;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/service/crl/OnlineCRLSource.class */
public class OnlineCRLSource implements CRLSource, RevocationSourceAlternateUrlsSupport<CRL> {
    private static final long serialVersionUID = 6912729291417315212L;
    private static final Logger LOG = LoggerFactory.getLogger(OnlineCRLSource.class);
    private Protocol preferredProtocol;
    private DataLoader dataLoader;

    public OnlineCRLSource() {
        this.dataLoader = new CommonsDataLoader();
        LOG.trace("+OnlineCRLSource with the default data loader.");
    }

    public OnlineCRLSource(DataLoader dataLoader) {
        this.dataLoader = dataLoader;
        LOG.trace("+OnlineCRLSource with the specific data loader.");
    }

    public void setPreferredProtocol(Protocol protocol) {
        this.preferredProtocol = protocol;
    }

    public void setDataLoader(DataLoader dataLoader) {
        this.dataLoader = dataLoader;
    }

    /* renamed from: getRevocationToken, reason: merged with bridge method [inline-methods] */
    public CRLToken m5getRevocationToken(CertificateToken certificateToken, CertificateToken certificateToken2) {
        return getRevocationToken(certificateToken, certificateToken2, Collections.emptyList());
    }

    public CRLToken getRevocationToken(CertificateToken certificateToken, CertificateToken certificateToken2, List<String> list) {
        Objects.requireNonNull(certificateToken, "CertificateToken cannot be null!");
        Objects.requireNonNull(certificateToken2, "Issuer CertificateToken cannot be null!");
        Objects.requireNonNull(this.dataLoader, "DataLoader is not provided !");
        LOG.trace("--> OnlineCRLSource queried for {}", certificateToken.getDSSIdAsString());
        List<String> cRLAccessURLs = getCRLAccessURLs(certificateToken, list);
        if (Utils.isCollectionEmpty(cRLAccessURLs)) {
            throw new DSSExternalResourceException(String.format("No CRL location found for certificate with Id '%s'", certificateToken.getDSSIdAsString()));
        }
        int size = cRLAccessURLs.size();
        for (String str : cRLAccessURLs) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Trying to retrieve a CRL from URL '{}'...", str);
            }
            size--;
            try {
                CRLToken cRLToken = new CRLToken(certificateToken, CRLUtils.buildCRLValidity(executeCRLRequest(str), certificateToken2));
                cRLToken.setExternalOrigin(RevocationOrigin.EXTERNAL);
                cRLToken.setSourceURL(str);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("CRL '{}' has been retrieved from a source with URL '{}'.", cRLToken.getDSSIdAsString(), str);
                }
                return cRLToken;
            } catch (Exception e) {
                if (size == 0) {
                    throw new DSSExternalResourceException(String.format("Unable to retrieve CRL for certificate with Id '%s' from URL '%s'. Reason : %s", certificateToken.getDSSIdAsString(), str, e.getMessage()), e);
                }
                LOG.warn("Unable to retrieve CRL with URL '{}' : {}", str, e.getMessage());
            }
        }
        throw new IllegalStateException(String.format("Invalid state within OnlineCRLSource for a certificate call with id '%s'", certificateToken.getDSSIdAsString()));
    }

    protected List<String> getCRLAccessURLs(CertificateToken certificateToken, List<String> list) {
        if (Utils.isCollectionNotEmpty(list)) {
            LOG.info("CRL alternative urls : {}", list);
        }
        List cRLAccessUrls = CertificateExtensionsUtils.getCRLAccessUrls(certificateToken);
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(cRLAccessUrls);
        arrayList.addAll(list);
        prioritize(arrayList);
        return arrayList;
    }

    @Deprecated
    public OnlineRevocationSource.RevocationTokenAndUrl<CRL> getRevocationTokenAndUrl(CertificateToken certificateToken, CertificateToken certificateToken2) {
        CRLToken m5getRevocationToken = m5getRevocationToken(certificateToken, certificateToken2);
        if (m5getRevocationToken != null) {
            return new OnlineRevocationSource.RevocationTokenAndUrl<>(m5getRevocationToken.getSourceURL(), m5getRevocationToken);
        }
        return null;
    }

    @Deprecated
    protected OnlineRevocationSource.RevocationTokenAndUrl<CRL> getRevocationTokenAndUrl(CertificateToken certificateToken, CertificateToken certificateToken2, List<String> list) {
        CRLToken revocationToken = getRevocationToken(certificateToken, certificateToken2, list);
        if (revocationToken != null) {
            return new OnlineRevocationSource.RevocationTokenAndUrl<>(revocationToken.getSourceURL(), revocationToken);
        }
        return null;
    }

    protected CRLBinary executeCRLRequest(String str) {
        byte[] bArr = this.dataLoader.get(str);
        if (Utils.isArrayNotEmpty(bArr)) {
            return CRLUtils.buildCRLBinary(bArr);
        }
        throw new DSSExternalResourceException(String.format("CRL DataLoader for certificate with url '%s' responded with an empty byte array!", str));
    }

    private void prioritize(List<String> list) {
        if (this.preferredProtocol != null) {
            ArrayList arrayList = new ArrayList();
            for (String str : list) {
                if (this.preferredProtocol.isTheSame(str)) {
                    arrayList.add(str);
                }
            }
            list.removeAll(arrayList);
            for (int size = arrayList.size() - 1; size >= 0; size--) {
                list.add(0, (String) arrayList.get(size));
            }
        }
    }

    /* renamed from: getRevocationToken, reason: collision with other method in class */
    public /* bridge */ /* synthetic */ RevocationToken m6getRevocationToken(CertificateToken certificateToken, CertificateToken certificateToken2, List list) {
        return getRevocationToken(certificateToken, certificateToken2, (List<String>) list);
    }
}
