package won.cryptography.webid;

import java.lang.invoke.MethodHandles;
import java.net.URI;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.List;
import org.apache.http.ssl.TrustStrategy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import won.cryptography.service.CertificateService;
import won.protocol.util.linkeddata.LinkedDataSource;

/* loaded from: input_file:won/cryptography/webid/TrustWebIdStrategy.class */
public class TrustWebIdStrategy implements TrustStrategy {
    private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    private final WebIDVerificationAgent verificationAgent = new WebIDVerificationAgent();

    public TrustWebIdStrategy(LinkedDataSource linkedDataSource) {
        this.verificationAgent.setLinkedDataSource(linkedDataSource);
    }

    public boolean isTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr == null || x509CertificateArr.length < 1) {
            return false;
        }
        X509Certificate x509Certificate = x509CertificateArr[0];
        PublicKey publicKey = x509Certificate.getPublicKey();
        try {
            List<URI> webIdFromSubjectAlternativeNames = CertificateService.getWebIdFromSubjectAlternativeNames(x509Certificate);
            if (webIdFromSubjectAlternativeNames == null || webIdFromSubjectAlternativeNames.isEmpty()) {
                logger.warn("no WebIDs found in subject alternative names");
                return false;
            }
            try {
                List<String> verify = this.verificationAgent.verify(publicKey, webIdFromSubjectAlternativeNames);
                if (verify != null && !verify.isEmpty()) {
                    return true;
                }
                logger.warn("WebIDs do not pass verification " + webIdFromSubjectAlternativeNames.toString());
                return false;
            } catch (Exception e) {
                logger.warn("Error during WebIDs verification " + webIdFromSubjectAlternativeNames.toString());
                return false;
            }
        } catch (CertificateParsingException e2) {
            logger.warn("error extracting WebIDs from subject alternative names", e2);
            return false;
        }
    }
}
