package cn.org.bjca.gaia.cert.path.validations;

import cn.org.bjca.gaia.asn1.x500.X500Name;
import cn.org.bjca.gaia.cert.X509CRLHolder;
import cn.org.bjca.gaia.cert.X509CertificateHolder;
import cn.org.bjca.gaia.cert.path.CertPathValidation;
import cn.org.bjca.gaia.cert.path.CertPathValidationContext;
import cn.org.bjca.gaia.cert.path.CertPathValidationException;
import cn.org.bjca.gaia.util.Memoable;
import cn.org.bjca.gaia.util.Selector;
import cn.org.bjca.gaia.util.Store;
import java.util.Collection;
import java.util.Iterator;

/* loaded from: classes.dex */
public class CRLValidation implements CertPathValidation {
    private Store crls;
    private X500Name workingIssuerName;

    public CRLValidation(X500Name x500Name, Store store) {
        this.workingIssuerName = x500Name;
        this.crls = store;
    }

    @Override // cn.org.bjca.gaia.util.Memoable
    public Memoable copy() {
        return new CRLValidation(this.workingIssuerName, this.crls);
    }

    @Override // cn.org.bjca.gaia.util.Memoable
    public void reset(Memoable memoable) {
        CRLValidation cRLValidation = (CRLValidation) memoable;
        this.workingIssuerName = cRLValidation.workingIssuerName;
        this.crls = cRLValidation.crls;
    }

    @Override // cn.org.bjca.gaia.cert.path.CertPathValidation
    public void validate(CertPathValidationContext certPathValidationContext, X509CertificateHolder x509CertificateHolder) {
        Collection matches = this.crls.getMatches(new Selector() { // from class: cn.org.bjca.gaia.cert.path.validations.CRLValidation.1
            @Override // cn.org.bjca.gaia.util.Selector
            public Object clone() {
                return this;
            }

            @Override // cn.org.bjca.gaia.util.Selector
            public boolean match(Object obj) {
                return ((X509CRLHolder) obj).getIssuer().equals(CRLValidation.this.workingIssuerName);
            }
        });
        if (matches.isEmpty()) {
            throw new CertPathValidationException("CRL for " + this.workingIssuerName + " not found");
        }
        Iterator it = matches.iterator();
        while (it.hasNext()) {
            if (((X509CRLHolder) it.next()).getRevokedCertificate(x509CertificateHolder.getSerialNumber()) != null) {
                throw new CertPathValidationException("Certificate revoked");
            }
        }
        this.workingIssuerName = x509CertificateHolder.getSubject();
    }
}
