package org.demoiselle.signer.core.validator;

import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Iterator;
import org.demoiselle.signer.core.IValidator;
import org.demoiselle.signer.core.exception.CertificateValidatorCRLException;
import org.demoiselle.signer.core.extension.ICPBR_CRL;
import org.demoiselle.signer.core.repository.CRLRepository;
import org.demoiselle.signer.core.repository.CRLRepositoryFactory;
import org.demoiselle.signer.core.util.MessagesBundle;

/* loaded from: input_file:org/demoiselle/signer/core/validator/CRLValidator.class */
public class CRLValidator implements IValidator {
    private final CRLRepository crlRepository = CRLRepositoryFactory.factoryCRLRepository();
    private static MessagesBundle coreMessagesBundle = new MessagesBundle();

    @Override // org.demoiselle.signer.core.IValidator
    public void validate(X509Certificate x509Certificate) throws CertificateValidatorCRLException {
        if (x509Certificate == null) {
            throw new CertificateValidatorCRLException(coreMessagesBundle.getString("error.invalid.certificate"));
        }
        Collection<ICPBR_CRL> x509crl = this.crlRepository.getX509CRL(x509Certificate);
        if (x509crl == null || x509crl.isEmpty()) {
            throw new CertificateValidatorCRLException(coreMessagesBundle.getString("error.validate.on.crl"));
        }
        Iterator<ICPBR_CRL> it = x509crl.iterator();
        while (it.hasNext()) {
            if (it.next().getCRL().isRevoked(x509Certificate)) {
                throw new CertificateValidatorCRLException(coreMessagesBundle.getString("error.certificate.repelead"));
            }
        }
    }
}
