package de.gematik.pki.certificate;

import de.gematik.pki.error.ErrorCode;
import de.gematik.pki.exception.GemPkiException;
import de.gematik.pki.tsl.TspServiceSubset;
import java.security.GeneralSecurityException;
import java.security.cert.X509Certificate;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import lombok.Generated;
import lombok.NonNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/gematik/pki/certificate/CertificateCommonVerification.class */
public class CertificateCommonVerification {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(CertificateCommonVerification.class);
    public static final String SVCSTATUS_REVOKED = "http://uri.etsi.org/TrstSvc/Svcstatus/revoked";

    @NonNull
    private final String productType;

    @NonNull
    private final TspServiceSubset tspServiceSubset;

    @NonNull
    private final X509Certificate x509EeCert;

    @Generated
    /* loaded from: input_file:de/gematik/pki/certificate/CertificateCommonVerification$CertificateCommonVerificationBuilder.class */
    public static class CertificateCommonVerificationBuilder {

        @Generated
        private String productType;

        @Generated
        private TspServiceSubset tspServiceSubset;

        @Generated
        private X509Certificate x509EeCert;

        @Generated
        CertificateCommonVerificationBuilder() {
        }

        @Generated
        public CertificateCommonVerificationBuilder productType(@NonNull String str) {
            if (str == null) {
                throw new NullPointerException("productType is marked non-null but is null");
            }
            this.productType = str;
            return this;
        }

        @Generated
        public CertificateCommonVerificationBuilder tspServiceSubset(@NonNull TspServiceSubset tspServiceSubset) {
            if (tspServiceSubset == null) {
                throw new NullPointerException("tspServiceSubset is marked non-null but is null");
            }
            this.tspServiceSubset = tspServiceSubset;
            return this;
        }

        @Generated
        public CertificateCommonVerificationBuilder x509EeCert(@NonNull X509Certificate x509Certificate) {
            if (x509Certificate == null) {
                throw new NullPointerException("x509EeCert is marked non-null but is null");
            }
            this.x509EeCert = x509Certificate;
            return this;
        }

        @Generated
        public CertificateCommonVerification build() {
            return new CertificateCommonVerification(this.productType, this.tspServiceSubset, this.x509EeCert);
        }

        @Generated
        public String toString() {
            return "CertificateCommonVerification.CertificateCommonVerificationBuilder(productType=" + this.productType + ", tspServiceSubset=" + this.tspServiceSubset + ", x509EeCert=" + this.x509EeCert + ")";
        }
    }

    public void verifyValidity() throws GemPkiException {
        verifyValidity(ZonedDateTime.now());
    }

    public void verifyValidity(@NonNull ZonedDateTime zonedDateTime) throws GemPkiException {
        if (zonedDateTime == null) {
            throw new NullPointerException("referenceDate is marked non-null but is null");
        }
        if (this.x509EeCert.getNotBefore().toInstant().atZone(ZoneOffset.UTC).isBefore(zonedDateTime) && this.x509EeCert.getNotAfter().toInstant().atZone(ZoneOffset.UTC).isAfter(zonedDateTime)) {
            return;
        }
        log.debug("Das Referenzdatum {} liegt nicht innerhalb des Gültigkeitsbereichs des Zertifikates.", zonedDateTime);
        throw new GemPkiException(this.productType, ErrorCode.SE_1021);
    }

    public void verifySignature(@NonNull X509Certificate x509Certificate) throws GemPkiException {
        if (x509Certificate == null) {
            throw new NullPointerException("x509IssuerCert is marked non-null but is null");
        }
        try {
            this.x509EeCert.verify(x509Certificate.getPublicKey());
            log.debug("Signaturprüfung von {} erfolgreich", this.x509EeCert.getSubjectX500Principal());
        } catch (GeneralSecurityException e) {
            throw new GemPkiException(this.productType, ErrorCode.SE_1024, e);
        }
    }

    public void verifyIssuerServiceStatus() throws GemPkiException {
        if (this.tspServiceSubset.getServiceStatus().equals(SVCSTATUS_REVOKED) && this.tspServiceSubset.getStatusStartingTime().isBefore(this.x509EeCert.getNotBefore().toInstant().atZone(ZoneOffset.UTC))) {
            throw new GemPkiException(this.productType, ErrorCode.SE_1036);
        }
    }

    @Generated
    public static CertificateCommonVerificationBuilder builder() {
        return new CertificateCommonVerificationBuilder();
    }

    @Generated
    private CertificateCommonVerification(@NonNull String str, @NonNull TspServiceSubset tspServiceSubset, @NonNull X509Certificate x509Certificate) {
        if (str == null) {
            throw new NullPointerException("productType is marked non-null but is null");
        }
        if (tspServiceSubset == null) {
            throw new NullPointerException("tspServiceSubset is marked non-null but is null");
        }
        if (x509Certificate == null) {
            throw new NullPointerException("x509EeCert is marked non-null but is null");
        }
        this.productType = str;
        this.tspServiceSubset = tspServiceSubset;
        this.x509EeCert = x509Certificate;
    }
}
