package es.gob.afirma.cert.certvalidation;

import es.gob.afirma.core.misc.AOUtil;
import es.gob.afirma.ui.utils.Constants;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Properties;
import java.util.logging.Logger;

/* loaded from: input_file:es/gob/afirma/cert/certvalidation/CertificateVerifier.class */
public abstract class CertificateVerifier implements CertificateVerificable {
    protected static final Logger LOGGER = Logger.getLogger(Constants.OUR_NODE_NAME);
    private X509Certificate certificate = null;
    private Properties conf = new Properties();
    private X509Certificate issuerCert;

    @Override // es.gob.afirma.cert.certvalidation.CertificateVerificable
    public void setSubjectCert(X509Certificate x509Certificate) {
        this.certificate = x509Certificate;
    }

    protected X509Certificate getCertificate() {
        return this.certificate;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Properties getValidationProperties() {
        return this.conf;
    }

    @Override // es.gob.afirma.cert.certvalidation.CertificateVerificable
    public void setValidationProperties(String str) {
        try {
            this.conf.load(CertificateVerifier.class.getResourceAsStream(str));
            String property = this.conf.getProperty("issuerCertFile");
            if (property != null) {
                try {
                    setIssuerCert((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(CertificateVerifier.class.getResourceAsStream(property)));
                } catch (CertificateException e) {
                    throw new IllegalArgumentException("No se ha podido cargar el certificado raiz del emisor (" + property + "): " + e, e);
                }
            }
        } catch (Exception e2) {
            throw new IllegalArgumentException("No se ha podido cargar la configuracion del servidor (" + str + ": " + e2, e2);
        }
    }

    @Override // es.gob.afirma.cert.certvalidation.CertificateVerificable
    public void setIssuerCert(X509Certificate x509Certificate) {
        this.issuerCert = x509Certificate;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public X509Certificate getIssuerCert() {
        return this.issuerCert;
    }

    @Override // es.gob.afirma.cert.certvalidation.CertificateVerificable
    public ValidationResult validateCertificate() {
        return validateCertificate(this.certificate);
    }

    @Override // es.gob.afirma.cert.certvalidation.CertificateVerificable
    public abstract ValidationResult verifyRevocation(X509Certificate x509Certificate);

    @Override // es.gob.afirma.cert.certvalidation.CertificateVerificable
    public void verifyIssuer(X509Certificate x509Certificate) throws CertificateException, SignatureException {
        if (x509Certificate == null) {
            throw new CertificateException("Se ha proporcionado un certificado nulo");
        }
        if (!this.issuerCert.getSubjectX500Principal().toString().equals(x509Certificate.getIssuerX500Principal().toString())) {
            LOGGER.info("El certificado proporcionado no esta emitido por '" + this.issuerCert.getSubjectX500Principal() + "', sino por '" + x509Certificate.getIssuerX500Principal() + "'");
            throw new SignatureException("El certificado proporcionado no esta emitido por '" + this.issuerCert.getSubjectX500Principal() + "', sino por '" + x509Certificate.getIssuerX500Principal() + "'");
        }
        LOGGER.info("El certificado a validar ha sido emitido por: " + AOUtil.getCN(x509Certificate.getIssuerX500Principal().toString()));
        try {
            x509Certificate.verify(this.issuerCert.getPublicKey());
        } catch (InvalidKeyException e) {
            throw new CertificateException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new CertificateException(e2);
        } catch (NoSuchProviderException e3) {
            throw new CertificateException(e3);
        }
    }

    @Override // es.gob.afirma.cert.certvalidation.CertificateVerificable
    public ValidationResult validateCertificate(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            LOGGER.warning("Se ha proporcionado un certificado a validar nulo");
            return ValidationResult.CORRUPT;
        }
        if (new Date().after(x509Certificate.getNotAfter())) {
            LOGGER.info("Se ha proporcionado un certificado que caduco en: " + x509Certificate.getNotAfter());
            return ValidationResult.EXPIRED;
        }
        if (new Date().before(x509Certificate.getNotBefore())) {
            LOGGER.info("Se ha proporcionado un certificado que aun no es valido, lo sera a partir de: " + x509Certificate.getNotBefore());
            return ValidationResult.NOT_YET_VALID;
        }
        if (this.issuerCert != null) {
            try {
                verifyIssuer(x509Certificate);
            } catch (SignatureException e) {
                return ValidationResult.CA_NOT_SUPPORTED;
            } catch (Exception e2) {
                LOGGER.severe("Error durante la verificacion del emisor del certificado: " + e2);
                return ValidationResult.SERVER_ERROR;
            }
        }
        return verifyRevocation(x509Certificate);
    }
}
