package org.jruby.ext.openssl;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.cert.CRLException;
import java.security.cert.X509CRLEntry;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Comparator;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.cert.X509CRLHolder;
import org.bouncycastle.cert.X509v2CRLBuilder;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.joda.time.DateTime;
import org.jruby.Ruby;
import org.jruby.RubyArray;
import org.jruby.RubyClass;
import org.jruby.RubyFixnum;
import org.jruby.RubyInteger;
import org.jruby.RubyModule;
import org.jruby.RubyNumeric;
import org.jruby.RubyObject;
import org.jruby.RubyString;
import org.jruby.RubyTime;
import org.jruby.anno.JRubyMethod;
import org.jruby.exceptions.RaiseException;
import org.jruby.ext.openssl.impl.ASN1Registry;
import org.jruby.ext.openssl.x509store.PEMInputOutput;
import org.jruby.runtime.Arity;
import org.jruby.runtime.Block;
import org.jruby.runtime.ObjectAllocator;
import org.jruby.runtime.ThreadContext;
import org.jruby.runtime.Visibility;
import org.jruby.runtime.builtin.IRubyObject;
import org.jruby.runtime.builtin.Variable;
import org.jruby.util.ByteList;

/* loaded from: input_file:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/X509CRL.class */
public class X509CRL extends RubyObject {
    private static final long serialVersionUID = -2463300006179688577L;
    private RubyInteger version;
    private IRubyObject issuer;
    private RubyTime last_update;
    private RubyTime next_update;
    private RubyArray revoked;
    private RubyArray extensions;
    private IRubyObject signature_algorithm;
    private boolean changed;
    private java.security.cert.X509CRL crl;
    private transient X509CRLHolder crlHolder;
    private transient ASN1Primitive crlValue;
    private static ObjectAllocator X509CRL_ALLOCATOR = new ObjectAllocator() { // from class: org.jruby.ext.openssl.X509CRL.1
        public IRubyObject allocate(Ruby ruby, RubyClass rubyClass) {
            return new X509CRL(ruby, rubyClass);
        }
    };
    private static boolean avoidJavaSecurity = false;

    public static void createX509CRL(Ruby ruby, RubyModule rubyModule) {
        RubyClass defineClassUnder = rubyModule.defineClassUnder("CRL", ruby.getObject(), X509CRL_ALLOCATOR);
        RubyClass rubyClass = ruby.getModule("OpenSSL").getClass("OpenSSLError");
        rubyModule.defineClassUnder("CRLError", rubyClass, rubyClass.getAllocator());
        defineClassUnder.defineAnnotatedMethods(X509CRL.class);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static RubyClass _CRL(Ruby ruby) {
        return X509._X509(ruby).getClass("CRL");
    }

    public X509CRL(Ruby ruby, RubyClass rubyClass) {
        super(ruby, rubyClass);
        this.changed = true;
        this.crl = null;
    }

    private X509CRL(Ruby ruby) {
        super(ruby, _CRL(ruby));
        this.changed = true;
        this.crl = null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public java.security.cert.X509CRL getCRL() {
        if (this.crl != null) {
            return this.crl;
        }
        try {
            if (this.crlHolder == null) {
                throw new IllegalStateException("no crl holder");
            }
            byte[] encoded = this.crlHolder.getEncoded();
            java.security.cert.X509CRL generateCRL = generateCRL(encoded, 0, encoded.length);
            this.crl = generateCRL;
            return generateCRL;
        } catch (IOException e) {
            throw newCRLError(getRuntime(), e);
        } catch (GeneralSecurityException e2) {
            throw newCRLError(getRuntime(), e2);
        }
    }

    private X509CRLHolder getCRLHolder(boolean z) {
        if (this.crlHolder != null) {
            return this.crlHolder;
        }
        try {
            if (this.crl == null) {
                if (z) {
                    return null;
                }
                throw new IllegalStateException("no crl");
            }
            X509CRLHolder x509CRLHolder = new X509CRLHolder(this.crl.getEncoded());
            this.crlHolder = x509CRLHolder;
            return x509CRLHolder;
        } catch (IOException e) {
            throw newCRLError(getRuntime(), e);
        } catch (CRLException e2) {
            throw newCRLError(getRuntime(), e2);
        }
    }

    final byte[] getEncoded() throws IOException, CRLException {
        return this.crlHolder != null ? this.crlHolder.getEncoded() : getCRL().getEncoded();
    }

    private byte[] getSignature() {
        return getCRL().getSignature();
    }

    private static java.security.cert.X509CRL generateCRL(byte[] bArr, int i, int i2) throws GeneralSecurityException {
        return (java.security.cert.X509CRL) SecurityHelper.getCertificateFactory("X.509").generateCRL(new ByteArrayInputStream(bArr, i, i2));
    }

    private static X509CRLHolder parseCRLHolder(byte[] bArr, int i, int i2) throws IOException {
        return new X509CRLHolder(new ByteArrayInputStream(bArr, i, i2));
    }

    @JRubyMethod(name = {"initialize"}, rest = true, visibility = Visibility.PRIVATE)
    public IRubyObject initialize(ThreadContext threadContext, IRubyObject[] iRubyObjectArr, Block block) {
        Ruby ruby = threadContext.runtime;
        this.extensions = ruby.newArray(8);
        if (Arity.checkArgumentCount(ruby, iRubyObjectArr, 0, 1) == 0) {
            return this;
        }
        ByteList byteList = iRubyObjectArr[0].asString().getByteList();
        byte[] unsafeBytes = byteList.unsafeBytes();
        int begin = byteList.getBegin();
        int realSize = byteList.getRealSize();
        try {
            if (avoidJavaSecurity) {
                this.crlHolder = parseCRLHolder(unsafeBytes, begin, realSize);
            } else {
                this.crl = generateCRL(unsafeBytes, begin, realSize);
            }
            set_last_update(threadContext, RubyTime.newTime(ruby, this.crl.getThisUpdate().getTime()));
            set_next_update(threadContext, RubyTime.newTime(ruby, this.crl.getNextUpdate().getTime()));
            set_issuer(X509Name.newName(ruby, this.crl.getIssuerX500Principal()));
            int version = this.crl.getVersion();
            this.version = ruby.newFixnum(version > 0 ? version - 1 : 2);
            extractExtensions(threadContext);
            Set<? extends X509CRLEntry> revokedCertificates = this.crl.getRevokedCertificates();
            if (revokedCertificates != null && !revokedCertificates.isEmpty()) {
                X509CRLEntry[] x509CRLEntryArr = (X509CRLEntry[]) revokedCertificates.toArray(new X509CRLEntry[revokedCertificates.size()]);
                Arrays.sort(x509CRLEntryArr, 0, x509CRLEntryArr.length, new Comparator<X509CRLEntry>() { // from class: org.jruby.ext.openssl.X509CRL.2
                    @Override // java.util.Comparator
                    public int compare(X509CRLEntry x509CRLEntry, X509CRLEntry x509CRLEntry2) {
                        return x509CRLEntry.getRevocationDate().compareTo(x509CRLEntry2.getRevocationDate());
                    }
                });
                for (X509CRLEntry x509CRLEntry : x509CRLEntryArr) {
                    revoked().append(X509Revoked.newInstance(threadContext, x509CRLEntry));
                }
            }
            this.changed = false;
            return this;
        } catch (IOException e) {
            OpenSSL.debugStackTrace(ruby, e);
            throw newCRLError(ruby, e);
        } catch (GeneralSecurityException e2) {
            OpenSSL.debugStackTrace(ruby, e2);
            throw newCRLError(ruby, e2);
        }
    }

    private void extractExtensions(ThreadContext threadContext) {
        if (this.crlHolder != null) {
            extractExtensions(threadContext, this.crlHolder);
        } else {
            extractExtensionsCRL(threadContext, getCRL());
        }
    }

    private void extractExtensions(ThreadContext threadContext, X509CRLHolder x509CRLHolder) {
        if (this.crlHolder.hasExtensions()) {
            Iterator it = x509CRLHolder.getExtensionOIDs().iterator();
            while (it.hasNext()) {
                addExtension(threadContext, (ASN1ObjectIdentifier) it.next(), x509CRLHolder);
            }
        }
    }

    private void addExtension(ThreadContext threadContext, ASN1ObjectIdentifier aSN1ObjectIdentifier, X509CRLHolder x509CRLHolder) {
        this.extensions.append(X509Extension.newExtension(threadContext.runtime, aSN1ObjectIdentifier, x509CRLHolder.getExtension(aSN1ObjectIdentifier)));
    }

    private void extractExtensionsCRL(ThreadContext threadContext, java.security.cert.X509Extension x509Extension) {
        Set<String> criticalExtensionOIDs = x509Extension.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs != null) {
            Iterator<String> it = criticalExtensionOIDs.iterator();
            while (it.hasNext()) {
                addExtensionCRL(threadContext, it.next(), x509Extension, true);
            }
        }
        Set<String> nonCriticalExtensionOIDs = x509Extension.getNonCriticalExtensionOIDs();
        if (nonCriticalExtensionOIDs != null) {
            Iterator<String> it2 = nonCriticalExtensionOIDs.iterator();
            while (it2.hasNext()) {
                addExtensionCRL(threadContext, it2.next(), x509Extension, false);
            }
        }
    }

    private void addExtensionCRL(ThreadContext threadContext, String str, java.security.cert.X509Extension x509Extension, boolean z) {
        try {
            X509Extension newExtension = X509Extension.newExtension(threadContext, str, x509Extension, z);
            if (newExtension != null) {
                this.extensions.append(newExtension);
            }
        } catch (IOException e) {
            throw newCRLError(threadContext.runtime, e);
        }
    }

    @JRubyMethod(visibility = Visibility.PRIVATE)
    public IRubyObject initialize_copy(IRubyObject iRubyObject) {
        return this == iRubyObject ? this : super.initialize_copy(iRubyObject);
    }

    @JRubyMethod(name = {"to_pem", "to_s"})
    public IRubyObject to_pem(ThreadContext threadContext) {
        StringWriter stringWriter = new StringWriter();
        try {
            PEMInputOutput.writeX509CRL(stringWriter, this.crl);
            return RubyString.newString(threadContext.runtime, stringWriter.getBuffer());
        } catch (IOException e) {
            throw newCRLError(threadContext.runtime, e);
        }
    }

    @JRubyMethod
    public IRubyObject to_der(ThreadContext threadContext) {
        try {
            return StringHelper.newString(threadContext.runtime, getEncoded());
        } catch (IOException e) {
            throw newCRLError(threadContext.runtime, e);
        } catch (CRLException e2) {
            throw newCRLError(threadContext.runtime, e2);
        }
    }

    @JRubyMethod
    public IRubyObject to_text(ThreadContext threadContext) {
        Ruby ruby = threadContext.runtime;
        char[] cArr = StringHelper.S20;
        StringBuilder sb = new StringBuilder(160);
        sb.append("Certificate Revocation List (CRL):\n");
        int fix2int = RubyNumeric.fix2int(this.version);
        sb.append(cArr, 0, 8).append("Version ").append(fix2int + 1).append(" (0x").append(Integer.toString(fix2int, 16)).append(")\n");
        sb.append(cArr, 0, 4).append("Signature Algorithm: ").append(signature_algorithm()).append('\n');
        sb.append(cArr, 0, 8).append("Issuer: ").append(issuer()).append('\n');
        sb.append(cArr, 0, 8).append("Last Update: ");
        StringHelper.appendGMTDateTime(sb, getLastUpdate()).append('\n');
        if (next_update().isNil()) {
            sb.append(cArr, 0, 8).append("Next Update: NONE\n");
        } else {
            sb.append(cArr, 0, 8).append("Next Update: ");
            StringHelper.appendGMTDateTime(sb, getNextUpdate()).append('\n');
        }
        if (this.extensions != null && this.extensions.size() > 0) {
            sb.append(cArr, 0, 8).append("CRL extensions:\n");
            extensions_to_text(threadContext, this.extensions, sb, 12);
        }
        if (this.revoked == null || this.revoked.size() <= 0) {
            sb.append("No Revoked Certificates.\n");
        } else {
            sb.append("\nRevoked Certificates:\n");
            for (int i = 0; i < this.revoked.size(); i++) {
                X509Revoked entry = this.revoked.entry(i);
                String bn = entry.serial.toString(16);
                sb.append(cArr, 0, 4).append("Serial Number: ");
                if (bn.length() % 2 == 0) {
                    sb.append(bn).append('\n');
                } else {
                    sb.append('0').append(bn).append('\n');
                }
                sb.append(cArr, 0, 8).append("Revocation Date: ");
                StringHelper.appendGMTDateTime(sb, entry.getTime()).append('\n');
                if (entry.hasExtensions()) {
                    sb.append(cArr, 0, 8).append("CRL entry extensions:\n");
                    extensions_to_text(threadContext, this.extensions, sb, 12);
                }
            }
        }
        sb.append(cArr, 0, 4).append("Signature Algorithm: ").append(signature_algorithm()).append('\n');
        StringHelper.appendLowerHexValue(sb, getSignature(), 9, 54);
        return RubyString.newString(ruby, sb);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void extensions_to_text(ThreadContext threadContext, List<X509Extension> list, StringBuilder sb, int i) {
        char[] cArr = StringHelper.S20;
        for (int i2 = 0; i2 < list.size(); i2++) {
            X509Extension x509Extension = list.get(i2);
            sb.append(cArr, 0, i).append(ASN1.o2a(threadContext.runtime, x509Extension.getRealObjectID())).append(": ");
            if (x509Extension.isRealCritical()) {
                sb.append("critical");
            }
            sb.append('\n');
            for (String str : x509Extension.value(threadContext).toString().split("\n")) {
                sb.append(cArr, 0, 16).append(str).append('\n');
            }
        }
    }

    @JRubyMethod
    public IRubyObject inspect() {
        return ObjectSupport.inspect(this, getInstanceVariableList());
    }

    public List<Variable<IRubyObject>> getInstanceVariableList() {
        return new ArrayList(6);
    }

    @JRubyMethod
    public IRubyObject version() {
        if (this.version != null) {
            return this.version;
        }
        RubyFixnum newFixnum = getRuntime().newFixnum(0);
        this.version = newFixnum;
        return newFixnum;
    }

    @JRubyMethod(name = {"version="})
    public IRubyObject set_version(IRubyObject iRubyObject) {
        if (!iRubyObject.equals(this.version)) {
            this.changed = true;
        }
        RubyInteger convertToInteger = iRubyObject.convertToInteger("to_i");
        this.version = convertToInteger;
        return convertToInteger;
    }

    @JRubyMethod
    public IRubyObject signature_algorithm() {
        if (this.signature_algorithm != null) {
            return this.signature_algorithm;
        }
        RubyString signature_algorithm = signature_algorithm(getRuntime());
        this.signature_algorithm = signature_algorithm;
        return signature_algorithm;
    }

    private RubyString signature_algorithm(Ruby ruby) {
        return RubyString.newString(ruby, getSignatureAlgorithm(ruby, ASN1Registry.LN_itu_t));
    }

    private String getSignatureAlgorithm(Ruby ruby, String str) {
        X509CRLHolder cRLHolder = getCRLHolder(true);
        if (cRLHolder == null) {
            return str;
        }
        ASN1ObjectIdentifier algorithm = cRLHolder.toASN1Structure().getSignatureAlgorithm().getAlgorithm();
        String o2a = algorithm != null ? ASN1.o2a(ruby, algorithm, true) : null;
        return o2a == null ? str : o2a;
    }

    @JRubyMethod
    public IRubyObject issuer() {
        if (this.issuer != null) {
            return this.issuer;
        }
        X509Name newName = X509Name.newName(getRuntime());
        this.issuer = newName;
        return newName;
    }

    @JRubyMethod(name = {"issuer="})
    public IRubyObject set_issuer(IRubyObject iRubyObject) {
        if (!iRubyObject.equals(this.issuer)) {
            this.changed = true;
        }
        this.issuer = iRubyObject;
        return iRubyObject;
    }

    DateTime getLastUpdate() {
        if (this.last_update == null) {
            return null;
        }
        return this.last_update.getDateTime();
    }

    @JRubyMethod
    public IRubyObject last_update() {
        return this.last_update == null ? getRuntime().getNil() : this.last_update;
    }

    @JRubyMethod(name = {"last_update="})
    public IRubyObject set_last_update(ThreadContext threadContext, IRubyObject iRubyObject) {
        this.changed = true;
        RubyTime callMethod = iRubyObject.callMethod(threadContext, "getutc");
        callMethod.setMicroseconds(0L);
        this.last_update = callMethod;
        return callMethod;
    }

    DateTime getNextUpdate() {
        if (this.next_update == null) {
            return null;
        }
        return this.next_update.getDateTime();
    }

    @JRubyMethod
    public IRubyObject next_update() {
        return this.next_update == null ? getRuntime().getNil() : this.next_update;
    }

    @JRubyMethod(name = {"next_update="})
    public IRubyObject set_next_update(ThreadContext threadContext, IRubyObject iRubyObject) {
        this.changed = true;
        RubyTime callMethod = iRubyObject.callMethod(threadContext, "getutc");
        callMethod.setMicroseconds(0L);
        this.next_update = callMethod;
        return callMethod;
    }

    @JRubyMethod
    public RubyArray revoked() {
        if (this.revoked != null) {
            return this.revoked;
        }
        RubyArray newArray = getRuntime().newArray(4);
        this.revoked = newArray;
        return newArray;
    }

    @JRubyMethod(name = {"revoked="})
    public IRubyObject set_revoked(IRubyObject iRubyObject) {
        this.changed = true;
        RubyArray rubyArray = (RubyArray) iRubyObject;
        this.revoked = rubyArray;
        return rubyArray;
    }

    @JRubyMethod
    public IRubyObject add_revoked(ThreadContext threadContext, IRubyObject iRubyObject) {
        this.changed = true;
        revoked().callMethod(threadContext, "<<", iRubyObject);
        return iRubyObject;
    }

    @JRubyMethod
    public RubyArray extensions() {
        return this.extensions;
    }

    @JRubyMethod(name = {"extensions="})
    public IRubyObject set_extensions(IRubyObject iRubyObject) {
        RubyArray rubyArray = (RubyArray) iRubyObject;
        this.extensions = rubyArray;
        return rubyArray;
    }

    @JRubyMethod
    public IRubyObject add_extension(IRubyObject iRubyObject) {
        extensions().append(iRubyObject);
        return iRubyObject;
    }

    @JRubyMethod
    public IRubyObject sign(ThreadContext threadContext, IRubyObject iRubyObject, IRubyObject iRubyObject2) {
        Extensions extensions;
        Ruby ruby = threadContext.runtime;
        String signatureAlgorithm = getSignatureAlgorithm(ruby, (PKey) iRubyObject, (Digest) iRubyObject2);
        X509v2CRLBuilder x509v2CRLBuilder = new X509v2CRLBuilder(this.issuer.getX500Name(), getLastUpdate().toDate());
        x509v2CRLBuilder.setNextUpdate(getNextUpdate().toDate());
        if (this.revoked != null) {
            for (int i = 0; i < this.revoked.size(); i++) {
                X509Revoked entry = this.revoked.entry(i);
                BigInteger bigInteger = new BigInteger(entry.callMethod(threadContext, "serial").toString());
                RubyTime callMethod = entry.callMethod(threadContext, "time").callMethod(threadContext, "getutc");
                callMethod.setMicroseconds(0L);
                if (entry.hasExtensions()) {
                    RubyArray extensions2 = entry.extensions();
                    ASN1Encodable[] aSN1EncodableArr = new ASN1Encodable[extensions2.size()];
                    for (int i2 = 0; i2 < extensions2.size(); i2++) {
                        try {
                            aSN1EncodableArr[i2] = extensions2.entry(i2).toASN1Sequence();
                        } catch (IOException e) {
                            throw newCRLError(ruby, e);
                        }
                    }
                    extensions = Extensions.getInstance(new DERSequence(aSN1EncodableArr));
                } else {
                    extensions = null;
                }
                x509v2CRLBuilder.addCRLEntry(bigInteger, callMethod.getJavaDate(), extensions);
            }
        }
        for (int i3 = 0; i3 < this.extensions.size(); i3++) {
            try {
                X509Extension entry2 = this.extensions.entry(i3);
                x509v2CRLBuilder.addExtension(entry2.getRealObjectID(), entry2.isRealCritical(), entry2.getRealValue());
            } catch (IOException e2) {
                throw newCRLError(ruby, e2);
            }
        }
        PrivateKey privateKey = ((PKey) iRubyObject).getPrivateKey();
        try {
            if (avoidJavaSecurity) {
            }
            this.crlHolder = x509v2CRLBuilder.build(new JcaContentSignerBuilder(signatureAlgorithm).build(privateKey));
            this.crl = null;
            ASN1Primitive cRLValue = getCRLValue(ruby);
            ASN1Sequence aSN1Sequence = (ASN1Sequence) ((ASN1Sequence) cRLValue).getObjectAt(0);
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            int i4 = aSN1Sequence.getObjectAt(0) instanceof ASN1Integer ? 0 + 1 : 0;
            aSN1EncodableVector.add(new ASN1Integer(new BigInteger(this.version.toString())));
            while (i4 < aSN1Sequence.size()) {
                int i5 = i4;
                i4++;
                aSN1EncodableVector.add(aSN1Sequence.getObjectAt(i5));
            }
            ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
            aSN1EncodableVector2.add(new DLSequence(aSN1EncodableVector));
            aSN1EncodableVector2.add(((ASN1Sequence) cRLValue).getObjectAt(1));
            aSN1EncodableVector2.add(((ASN1Sequence) cRLValue).getObjectAt(2));
            this.crlValue = new DLSequence(aSN1EncodableVector2);
            this.changed = false;
            return this;
        } catch (IllegalStateException e3) {
            OpenSSL.debugStackTrace(e3);
            throw newCRLError(ruby, e3);
        } catch (Exception e4) {
            OpenSSL.debugStackTrace(e4);
            throw newCRLError(ruby, e4.getMessage());
        }
    }

    private String getSignatureAlgorithm(Ruby ruby, PKey pKey, Digest digest) {
        String algorithm = pKey.getAlgorithm();
        String shortAlgorithm = digest.getShortAlgorithm();
        if (ASN1Registry.SN_dsa.equalsIgnoreCase(algorithm)) {
            if ("MD5".equalsIgnoreCase(shortAlgorithm)) {
                throw newCRLError(ruby, "unsupported key / digest algorithm (" + pKey + " / " + shortAlgorithm + ")");
            }
        } else if ("RSA".equalsIgnoreCase(algorithm) && "DSS1".equals(digest.name().toString())) {
            throw newCRLError(ruby, "unsupported key / digest algorithm (" + pKey + " / " + shortAlgorithm + ")");
        }
        return shortAlgorithm + "WITH" + algorithm;
    }

    private boolean isDSA(PKey pKey) {
        return ASN1Registry.SN_dsa.equalsIgnoreCase(pKey.getAlgorithm());
    }

    private ASN1Primitive getCRLValue(Ruby ruby) {
        if (this.crlValue != null) {
            return this.crlValue;
        }
        ASN1Primitive readCRL = readCRL(ruby);
        this.crlValue = readCRL;
        return readCRL;
    }

    private ASN1Primitive readCRL(Ruby ruby) {
        try {
            return ASN1.readObject(getEncoded());
        } catch (IOException e) {
            throw newCRLError(ruby, e);
        } catch (CRLException e2) {
            throw newCRLError(ruby, e2);
        }
    }

    @JRubyMethod
    public IRubyObject verify(ThreadContext threadContext, IRubyObject iRubyObject) {
        if (this.changed) {
            return threadContext.runtime.getFalse();
        }
        try {
            return threadContext.runtime.newBoolean(SecurityHelper.verify(getCRL(), ((PKey) iRubyObject).getPublicKey(), true));
        } catch (GeneralSecurityException e) {
            OpenSSL.debug("CRL#verify() failed:", e);
            return threadContext.runtime.getFalse();
        }
    }

    private static RubyClass _CRLError(Ruby ruby) {
        return X509._X509(ruby).getClass("CRLError");
    }

    static RaiseException newCRLError(Ruby ruby, Exception exc) {
        return Utils.newError(ruby, _CRLError(ruby), exc);
    }

    private static RaiseException newCRLError(Ruby ruby, String str) {
        return Utils.newError(ruby, _CRLError(ruby), str);
    }
}
