package org.mule.runtime.module.tls.internal.revocation;

import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Set;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.ManagerFactoryParameters;
import org.mule.runtime.api.component.AbstractComponent;
import org.mule.runtime.api.util.Preconditions;
import org.mule.runtime.core.api.util.IOUtils;

/* loaded from: input_file:org/mule/runtime/module/tls/internal/revocation/CrlFile.class */
public class CrlFile extends AbstractComponent implements RevocationCheck {
    private String path;

    public void setPath(String str) {
        this.path = str;
    }

    @Override // org.mule.runtime.module.tls.internal.revocation.RevocationCheck
    public ManagerFactoryParameters configFor(KeyStore keyStore, Set<TrustAnchor> set) {
        Preconditions.checkArgument(this.path != null, "tls:crl-file requires the 'path' attribute");
        Preconditions.checkArgument(keyStore != null, "tls:crl-file requires a trust store");
        try {
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(getTrustAnchorsFromKeyStore(keyStore), new X509CertSelector());
            pKIXBuilderParameters.setRevocationEnabled(true);
            Collection<? extends CRL> loadCRL = loadCRL(this.path);
            if (loadCRL != null && !loadCRL.isEmpty()) {
                pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(loadCRL)));
            }
            return new CertPathTrustManagerParameters(pKIXBuilderParameters);
        } catch (IOException | GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    private Collection<? extends CRL> loadCRL(String str) throws CertificateException, IOException, CRLException {
        Collection<? extends CRL> collection = null;
        if (str != null) {
            InputStream inputStream = null;
            try {
                inputStream = IOUtils.getResourceAsStream(str, getClass());
                collection = CertificateFactory.getInstance("X.509").generateCRLs(inputStream);
                if (inputStream != null) {
                    inputStream.close();
                }
            } catch (Throwable th) {
                if (inputStream != null) {
                    inputStream.close();
                }
                throw th;
            }
        }
        return collection;
    }

    private static Set<TrustAnchor> getTrustAnchorsFromKeyStore(KeyStore keyStore) throws GeneralSecurityException {
        Enumeration<String> aliases = keyStore.aliases();
        HashSet hashSet = new HashSet();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isCertificateEntry(nextElement)) {
                hashSet.add(new TrustAnchor((X509Certificate) keyStore.getCertificate(nextElement), null));
            }
        }
        return hashSet;
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        CrlFile crlFile = (CrlFile) obj;
        return this.path != null ? this.path.equals(crlFile.path) : crlFile.path == null;
    }

    public int hashCode() {
        if (this.path != null) {
            return this.path.hashCode();
        }
        return 0;
    }
}
