package eu.cec.digit.ecas.client.signature.impl;

import eu.cec.digit.ecas.client.signature.verify.InvalidCertificateException;
import eu.cec.digit.ecas.client.signature.verify.InvalidPublicKeyException;
import eu.cec.digit.ecas.client.signature.verify.PublicKeyValidator;
import eu.cec.digit.ecas.util.NameValuePair;
import eu.cec.digit.ecas.util.NameValuePairIntf;
import eu.cec.digit.ecas.util.SecureURLFactory;
import eu.cec.digit.ecas.util.SecureURLIntf;
import java.io.IOException;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Locale;
import java.util.Set;
import sun.misc.BASE64Encoder;

/* loaded from: input_file:eu/cec/digit/ecas/client/signature/impl/RemoteValidator.class */
public final class RemoteValidator extends AbstractX509CertificateValidator implements PublicKeyValidator {
    private SecureURLIntf secureURL;
    private String keyCertValidationURL;
    private Set cachedCertificates;
    private Set cachedRevokedCertificates;

    @Override // eu.cec.digit.ecas.client.signature.verify.PublicKeyValidator
    public boolean validate(PublicKey publicKey) throws InvalidPublicKeyException {
        return false;
    }

    private synchronized void checkInitialized() {
        if (!isConfigured()) {
            throw new IllegalStateException("signatureConfig must be configured before calling validate()");
        }
        if (null == this.secureURL) {
            if (null == getSignatureConfig()) {
                throw new IllegalArgumentException("signatureConfig must be configured before calling validate()");
            }
            this.secureURL = SecureURLFactory.getSecureURL(getSignatureConfig().getSecureURLConfig());
            this.keyCertValidationURL = getSignatureConfig().getCertificateRevocationUrl();
            this.cachedCertificates = new HashSet();
            this.cachedRevokedCertificates = new HashSet();
        }
    }

    @Override // eu.cec.digit.ecas.client.signature.impl.AbstractX509CertificateValidator, eu.cec.digit.ecas.client.signature.verify.X509CertificateValidator
    public boolean validate(X509Certificate x509Certificate) throws InvalidCertificateException {
        checkInitialized();
        synchronized (this.cachedRevokedCertificates) {
            if (this.cachedRevokedCertificates.contains(x509Certificate)) {
                return false;
            }
            synchronized (this.cachedCertificates) {
                if (this.cachedCertificates.contains(x509Certificate)) {
                    return true;
                }
                try {
                    boolean isValidEcasCertificate = isValidEcasCertificate(x509Certificate);
                    if (isValidEcasCertificate) {
                        synchronized (this.cachedCertificates) {
                            this.cachedCertificates.add(x509Certificate);
                        }
                        return isValidEcasCertificate;
                    }
                    synchronized (this.cachedRevokedCertificates) {
                        this.cachedRevokedCertificates.add(x509Certificate);
                    }
                    return isValidEcasCertificate;
                } catch (IOException e) {
                    throw new InvalidCertificateException(e);
                } catch (CertificateEncodingException e2) {
                    throw new InvalidCertificateException(e2);
                }
            }
        }
    }

    boolean isValidEcasCertificate(X509Certificate x509Certificate) throws CertificateEncodingException, IOException {
        return parseResponse(this.secureURL.doPost(this.keyCertValidationURL, new NameValuePairIntf[]{new NameValuePair("certificate", encodeInPEM(x509Certificate))}));
    }

    String encodeInPEM(X509Certificate x509Certificate) throws CertificateEncodingException {
        StringBuffer stringBuffer = new StringBuffer();
        BASE64Encoder bASE64Encoder = new BASE64Encoder();
        stringBuffer.append("-----BEGIN CERTIFICATE-----").append("\r\n");
        stringBuffer.append(bASE64Encoder.encodeBuffer(x509Certificate.getEncoded()));
        stringBuffer.append("-----END CERTIFICATE-----").append("\r\n");
        return stringBuffer.toString();
    }

    boolean parseResponse(String str) {
        if (null == str) {
            return false;
        }
        return "true".equals(str.trim().toLowerCase(Locale.ENGLISH));
    }
}
