package net.fabricmc.loom.configuration.providers.minecraft.verify;

import java.io.IOException;
import java.io.InputStream;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import net.fabricmc.loom.LoomGradleExtension;
import net.fabricmc.loom.util.download.DownloadException;
import org.gradle.api.Project;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/fabricmc/loom/configuration/providers/minecraft/verify/CertificateRevocationList.class */
public final class CertificateRevocationList extends Record {
    private final Collection<X509CRL> crls;
    private final boolean downloadFailure;
    public static final List<String> CSC3_2010 = List.of("http://crl.verisign.com/pca3-g5.crl", "http://crl.verisign.com/pca3.crl", "http://csc3-2010-crl.verisign.com/CSC3-2010.crl");
    private static final Logger LOGGER = LoggerFactory.getLogger(CertificateRevocationList.class);

    public CertificateRevocationList(Collection<X509CRL> collection, boolean z) {
        this.crls = collection;
        this.downloadFailure = z;
    }

    public static CertificateRevocationList create(Project project, List<String> list) throws IOException {
        ArrayList arrayList = new ArrayList();
        boolean z = false;
        for (String str : list) {
            try {
                arrayList.add(download(project, str));
            } catch (DownloadException e) {
                LOGGER.info("Failed to download CRL from {}: {}", str, e.getMessage());
                LOGGER.info("Loom will not be able to verify the integrity of the minecraft jar signature");
                z = true;
            }
        }
        return new CertificateRevocationList(arrayList, z);
    }

    static X509CRL download(Project project, String str) throws IOException {
        LoomGradleExtension loomGradleExtension = LoomGradleExtension.get(project);
        Path resolve = loomGradleExtension.getFiles().getUserCache().toPath().resolve("crl").resolve(str.substring(str.lastIndexOf(47) + 1));
        LOGGER.info("Downloading CRL from {} to {}", str, resolve);
        loomGradleExtension.download(str).allowInsecureProtocol().maxAge(Duration.ofDays(7L)).downloadPath(resolve);
        return parse(resolve);
    }

    static X509CRL parse(Path path) throws IOException {
        try {
            InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
            try {
                X509CRL x509crl = (X509CRL) CertificateFactory.getInstance("X.509").generateCRL(newInputStream);
                if (newInputStream != null) {
                    newInputStream.close();
                }
                return x509crl;
            } catch (Throwable th) {
                if (newInputStream != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (CRLException | CertificateException e) {
            throw new RuntimeException(e);
        }
    }

    public void verify(CertificateChain certificateChain) throws SignatureVerificationFailure {
        CertificateChain.visitAll(certificateChain, this::verify);
    }

    private void verify(X509Certificate x509Certificate) throws SignatureVerificationFailure {
        Iterator<X509CRL> it = this.crls.iterator();
        while (it.hasNext()) {
            if (it.next().isRevoked(x509Certificate)) {
                throw new SignatureVerificationFailure("Certificate " + x509Certificate.getSubjectX500Principal().getName() + " is revoked");
            }
        }
    }

    @Override // java.lang.Record
    public final String toString() {
        return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, CertificateRevocationList.class), CertificateRevocationList.class, "crls;downloadFailure", "FIELD:Lnet/fabricmc/loom/configuration/providers/minecraft/verify/CertificateRevocationList;->crls:Ljava/util/Collection;", "FIELD:Lnet/fabricmc/loom/configuration/providers/minecraft/verify/CertificateRevocationList;->downloadFailure:Z").dynamicInvoker().invoke(this) /* invoke-custom */;
    }

    @Override // java.lang.Record
    public final int hashCode() {
        return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, CertificateRevocationList.class), CertificateRevocationList.class, "crls;downloadFailure", "FIELD:Lnet/fabricmc/loom/configuration/providers/minecraft/verify/CertificateRevocationList;->crls:Ljava/util/Collection;", "FIELD:Lnet/fabricmc/loom/configuration/providers/minecraft/verify/CertificateRevocationList;->downloadFailure:Z").dynamicInvoker().invoke(this) /* invoke-custom */;
    }

    @Override // java.lang.Record
    public final boolean equals(Object obj) {
        return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, CertificateRevocationList.class, Object.class), CertificateRevocationList.class, "crls;downloadFailure", "FIELD:Lnet/fabricmc/loom/configuration/providers/minecraft/verify/CertificateRevocationList;->crls:Ljava/util/Collection;", "FIELD:Lnet/fabricmc/loom/configuration/providers/minecraft/verify/CertificateRevocationList;->downloadFailure:Z").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
    }

    public Collection<X509CRL> crls() {
        return this.crls;
    }

    public boolean downloadFailure() {
        return this.downloadFailure;
    }
}
