package nl.nn.adapterframework.pipes;

import java.io.IOException;
import java.io.InputStream;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import nl.nn.adapterframework.core.IPipeLineSession;
import nl.nn.adapterframework.core.PipeRunException;
import nl.nn.adapterframework.core.PipeRunResult;
import nl.nn.adapterframework.util.XmlBuilder;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;

/* loaded from: input_file:WEB-INF/lib/ibis-adapterframework-core-7.1-B3.jar:nl/nn/adapterframework/pipes/CrlPipe.class */
public class CrlPipe extends FixedForwardPipe {
    private String issuerSessionKey;

    @Override // nl.nn.adapterframework.pipes.AbstractPipe, nl.nn.adapterframework.core.IPipe
    public PipeRunResult doPipe(Object obj, IPipeLineSession iPipeLineSession) throws PipeRunException {
        InputStream inputStream = (InputStream) obj;
        try {
            try {
                X509CRL x509crl = (X509CRL) CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID).generateCRL(inputStream);
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e) {
                        this.log.warn("Could not close CRL input stream", e);
                    }
                }
                String str = null;
                if (isCRLOK(x509crl, (InputStream) iPipeLineSession.get(getIssuerSessionKey()))) {
                    XmlBuilder xmlBuilder = new XmlBuilder("SerialNumbers");
                    for (X509CRLEntry x509CRLEntry : x509crl.getRevokedCertificates()) {
                        XmlBuilder xmlBuilder2 = new XmlBuilder("SerialNumber");
                        xmlBuilder2.setValue(x509CRLEntry.getSerialNumber().toString(16));
                        xmlBuilder.addSubElement(xmlBuilder2);
                    }
                    str = xmlBuilder.toXML();
                }
                return new PipeRunResult(getForward(), str);
            } catch (Throwable th) {
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e2) {
                        this.log.warn("Could not close CRL input stream", e2);
                    }
                }
                throw th;
            }
        } catch (CRLException e3) {
            throw new PipeRunException(this, "Could not read CRL", e3);
        } catch (CertificateException e4) {
            throw new PipeRunException(this, "Could not read CRL", e4);
        }
    }

    private boolean isCRLOK(X509CRL x509crl, InputStream inputStream) throws PipeRunException {
        try {
            try {
                if (x509crl.getIssuerX500Principal().equals(((X509Certificate) CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID).generateCertificate(inputStream)).getSubjectX500Principal())) {
                    return true;
                }
                if (inputStream == null) {
                    return false;
                }
                try {
                    inputStream.close();
                    return false;
                } catch (IOException e) {
                    this.log.warn("Could not close issuer input stream", e);
                    return false;
                }
            } catch (CertificateException e2) {
                throw new PipeRunException(this, "Could not read issuer certificate", e2);
            }
        } finally {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e3) {
                    this.log.warn("Could not close issuer input stream", e3);
                }
            }
        }
    }

    public String getIssuerSessionKey() {
        return this.issuerSessionKey;
    }

    public void setIssuerSessionKey(String str) {
        this.issuerSessionKey = str;
    }
}
