package be.ehealth.technicalconnector.service.etee.impl;

import be.ehealth.technicalconnector.cache.Cache;
import be.ehealth.technicalconnector.cache.CacheFactory;
import be.ehealth.technicalconnector.service.etee.RevocationStatusChecker;
import be.ehealth.technicalconnector.session.Session;
import be.ehealth.technicalconnector.session.SessionServiceWithCache;
import be.fgov.ehealth.technicalconnector.bootstrap.bcp.domain.CacheInformation;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.joda.time.DateTime;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:be/ehealth/technicalconnector/service/etee/impl/AbstractRevocationStatusChecker.class */
public abstract class AbstractRevocationStatusChecker implements RevocationStatusChecker, SessionServiceWithCache {
    private static final Logger LOG = LoggerFactory.getLogger(AbstractRevocationStatusChecker.class);
    private Cache<X509Certificate, Boolean> cache = CacheFactory.newInstance(CacheFactory.CacheType.MEMORY, "revocation-cache", CacheInformation.ExpiryType.NONE, null);

    public AbstractRevocationStatusChecker() {
        Session.getInstance().registerSessionService(this);
    }

    @Override // be.ehealth.technicalconnector.service.etee.RevocationStatusChecker
    public boolean isRevoked(X509Certificate x509Certificate) throws CertificateException {
        return isRevoked(x509Certificate, new DateTime());
    }

    @Override // be.ehealth.technicalconnector.service.etee.RevocationStatusChecker
    public boolean isRevoked(X509Certificate x509Certificate, DateTime dateTime) throws CertificateException {
        if (x509Certificate == null) {
            throw new CertificateException("X509Certificate is empty.");
        }
        if (!this.cache.containsKey(x509Certificate)) {
            LOG.info("Checking revocation status for cert from subject : " + x509Certificate.getSubjectX500Principal().toString());
            boolean z = false;
            if (isSelfSigned(x509Certificate)) {
                LOG.info("Selfsigned certificate detected, skipping delegateRevoke.");
            } else {
                z = delegateRevoke(x509Certificate, dateTime);
            }
            this.cache.put(x509Certificate, Boolean.valueOf(z));
        }
        return this.cache.get(x509Certificate).booleanValue();
    }

    abstract boolean delegateRevoke(X509Certificate x509Certificate, DateTime dateTime) throws CertificateException;

    private boolean isSelfSigned(X509Certificate x509Certificate) {
        try {
            x509Certificate.verify(x509Certificate.getPublicKey());
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    @Override // be.ehealth.technicalconnector.session.SessionServiceWithCache
    public void flushCache() {
        this.cache.clear();
    }
}
