package org.jasig.cas.adaptors.x509.authentication.handler.support;

import java.security.GeneralSecurityException;
import java.security.cert.X509CRL;
import java.util.Calendar;
import javax.validation.constraints.Min;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jasig.cas.adaptors.x509.util.CertUtils;

/* loaded from: input_file:org/jasig/cas/adaptors/x509/authentication/handler/support/ThresholdExpiredCRLRevocationPolicy.class */
public final class ThresholdExpiredCRLRevocationPolicy implements RevocationPolicy<X509CRL> {
    private static final int DEFAULT_THRESHOLD = 172800;
    private final Log log = LogFactory.getLog(getClass());

    @Min(0)
    private int threshold = DEFAULT_THRESHOLD;

    @Override // org.jasig.cas.adaptors.x509.authentication.handler.support.RevocationPolicy
    public void apply(X509CRL x509crl) throws GeneralSecurityException {
        Calendar calendar = Calendar.getInstance();
        if (CertUtils.isExpired(x509crl, calendar.getTime())) {
            calendar.add(13, -this.threshold);
            if (CertUtils.isExpired(x509crl, calendar.getTime())) {
                throw new ExpiredCRLException(x509crl.toString(), calendar.getTime(), this.threshold);
            }
            this.log.info(String.format("CRL expired on %s but is within threshold period, %s seconds.", x509crl.getNextUpdate(), Integer.valueOf(this.threshold)));
        }
    }

    public void setThreshold(int i) {
        this.threshold = i;
    }
}
