package be.ehealth.technicalconnector.service.etee.impl;

import be.ehealth.technicalconnector.service.etee.CryptoFactory;
import be.fgov.ehealth.etee.crypto.cert.CertificateStatus;
import be.fgov.ehealth.etee.crypto.crl.CRLChecker;
import be.fgov.ehealth.etee.crypto.crl.CRLCheckerBuilder;
import be.fgov.ehealth.etee.crypto.crl.CRLData;
import be.fgov.ehealth.etee.crypto.policies.OCSPOption;
import be.fgov.ehealth.etee.crypto.status.CryptoResult;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.joda.time.DateTime;

/* loaded from: input_file:be/ehealth/technicalconnector/service/etee/impl/ConnectorCRLRevocationStatusChecker.class */
public final class ConnectorCRLRevocationStatusChecker extends AbstractRevocationStatusChecker {
    private CRLChecker crlChecker = CRLCheckerBuilder.newBuilder().addCertStore((CertStore) CryptoFactory.getOCSPOptions().get(OCSPOption.CERT_STORE)).build();

    @Override // be.ehealth.technicalconnector.service.etee.impl.AbstractRevocationStatusChecker
    boolean delegateRevoke(X509Certificate x509Certificate, DateTime dateTime) throws CertificateException {
        CryptoResult validate = this.crlChecker.validate(x509Certificate);
        if (validate.getFatal() == null) {
            return ((CRLData) validate.getData()).getCertStatus() == CertificateStatus.REVOKED;
        }
        throw new CertificateException(validate.getFatal().getErrorMessage());
    }
}
