package org.eclipse.jetty.util.security;

import d.c.a.a.a;
import java.security.GeneralSecurityException;
import java.security.InvalidParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Security;
import java.security.cert.CRL;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathValidator;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
import java.util.concurrent.atomic.AtomicLong;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;

/* loaded from: classes4.dex */
public class CertificateValidator {

    /* renamed from: a, reason: collision with root package name */
    public static final Logger f35990a = Log.getLogger((Class<?>) CertificateValidator.class);

    /* renamed from: b, reason: collision with root package name */
    public static AtomicLong f35991b = new AtomicLong();

    /* renamed from: c, reason: collision with root package name */
    public KeyStore f35992c;

    /* renamed from: d, reason: collision with root package name */
    public Collection<? extends CRL> f35993d;

    /* renamed from: e, reason: collision with root package name */
    public int f35994e = -1;

    /* renamed from: f, reason: collision with root package name */
    public boolean f35995f = false;

    /* renamed from: g, reason: collision with root package name */
    public boolean f35996g = false;

    /* renamed from: h, reason: collision with root package name */
    public String f35997h;

    public CertificateValidator(KeyStore keyStore, Collection<? extends CRL> collection) {
        if (keyStore == null) {
            throw new InvalidParameterException("TrustStore must be specified for CertificateValidator.");
        }
        this.f35992c = keyStore;
        this.f35993d = collection;
    }

    public Collection<? extends CRL> getCrls() {
        return this.f35993d;
    }

    public int getMaxCertPathLength() {
        return this.f35994e;
    }

    public String getOcspResponderURL() {
        return this.f35997h;
    }

    public KeyStore getTrustStore() {
        return this.f35992c;
    }

    public boolean isEnableCRLDP() {
        return this.f35995f;
    }

    public boolean isEnableOCSP() {
        return this.f35996g;
    }

    public void setEnableCRLDP(boolean z) {
        this.f35995f = z;
    }

    public void setEnableOCSP(boolean z) {
        this.f35996g = z;
    }

    public void setMaxCertPathLength(int i2) {
        this.f35994e = i2;
    }

    public void setOcspResponderURL(String str) {
        this.f35997h = str;
    }

    public String validate(KeyStore keyStore, String str) {
        if (str == null) {
            return null;
        }
        try {
            validate(keyStore, keyStore.getCertificate(str));
            return str;
        } catch (KeyStoreException e2) {
            f35990a.debug(e2);
            StringBuilder l1 = a.l1("Unable to validate certificate for alias [", str, "]: ");
            l1.append(e2.getMessage());
            throw new CertificateException(l1.toString(), e2);
        }
    }

    public void validate(KeyStore keyStore) {
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                validate(keyStore, aliases.nextElement());
            }
        } catch (KeyStoreException e2) {
            throw new CertificateException("Unable to retrieve aliases from keystore", e2);
        }
    }

    public void validate(KeyStore keyStore, Certificate certificate) {
        if (certificate == null || !(certificate instanceof X509Certificate)) {
            return;
        }
        ((X509Certificate) certificate).checkValidity();
        try {
            if (keyStore == null) {
                throw new InvalidParameterException("Keystore cannot be null");
            }
            String certificateAlias = keyStore.getCertificateAlias((X509Certificate) certificate);
            if (certificateAlias == null) {
                certificateAlias = "JETTY" + String.format("%016X", Long.valueOf(f35991b.incrementAndGet()));
                keyStore.setCertificateEntry(certificateAlias, certificate);
            }
            Certificate[] certificateChain = keyStore.getCertificateChain(certificateAlias);
            if (certificateChain == null || certificateChain.length == 0) {
                throw new IllegalStateException("Unable to retrieve certificate chain");
            }
            validate(certificateChain);
        } catch (KeyStoreException e2) {
            f35990a.debug(e2);
            StringBuilder g1 = a.g1("Unable to validate certificate");
            g1.append(0 == 0 ? "" : a.F0(" for alias [", null, "]"));
            g1.append(": ");
            g1.append(e2.getMessage());
            throw new CertificateException(g1.toString(), e2);
        }
    }

    public void validate(Certificate[] certificateArr) {
        try {
            ArrayList arrayList = new ArrayList();
            for (Certificate certificate : certificateArr) {
                if (certificate != null) {
                    if (!(certificate instanceof X509Certificate)) {
                        throw new IllegalStateException("Invalid certificate type in chain");
                    }
                    arrayList.add((X509Certificate) certificate);
                }
            }
            if (arrayList.isEmpty()) {
                throw new IllegalStateException("Invalid certificate chain");
            }
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setCertificate((X509Certificate) arrayList.get(0));
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(this.f35992c, x509CertSelector);
            pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList)));
            pKIXBuilderParameters.setMaxPathLength(this.f35994e);
            pKIXBuilderParameters.setRevocationEnabled(true);
            Collection<? extends CRL> collection = this.f35993d;
            if (collection != null && !collection.isEmpty()) {
                pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(this.f35993d)));
            }
            if (this.f35996g) {
                Security.setProperty("ocsp.enable", "true");
            }
            if (this.f35995f) {
                System.setProperty("com.sun.security.enableCRLDP", "true");
            }
            CertPathValidator.getInstance("PKIX").validate(CertPathBuilder.getInstance("PKIX").build(pKIXBuilderParameters).getCertPath(), pKIXBuilderParameters);
        } catch (GeneralSecurityException e2) {
            f35990a.debug(e2);
            StringBuilder g1 = a.g1("Unable to validate certificate: ");
            g1.append(e2.getMessage());
            throw new CertificateException(g1.toString(), e2);
        }
    }
}
