package eu.emi.security.authn.x509.helpers.trust;

import eu.emi.security.authn.x509.StoreUpdateListener;
import eu.emi.security.authn.x509.helpers.ObserversHandler;
import eu.emi.security.authn.x509.helpers.ns.EuGridPmaNamespacesStore;
import eu.emi.security.authn.x509.helpers.ns.GlobusNamespacesStore;
import eu.emi.security.authn.x509.helpers.ns.NamespacesStore;
import eu.emi.security.authn.x509.impl.CertificateUtils;
import java.io.File;
import java.io.IOException;
import java.net.URL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import java.util.Timer;

/* loaded from: input_file:eu/emi/security/authn/x509/helpers/trust/OpensslTrustAnchorStoreImpl.class */
public class OpensslTrustAnchorStoreImpl extends DirectoryTrustAnchorStore implements OpensslTrustAnchorStore {
    public static final String CERT_WILDCARD = "????????.*";
    private boolean loadEuGridPmaNs;
    private boolean loadGlobusNs;
    private boolean openssl1Mode;
    private NamespacesStore pmaNsStore;
    private NamespacesStore globusNsStore;

    public OpensslTrustAnchorStoreImpl(String str, Timer timer, long j, boolean z, boolean z2, ObserversHandler observersHandler, boolean z3) {
        super(Collections.singletonList(str + File.separator + "????????.*"), null, 0, timer, j, CertificateUtils.Encoding.PEM, observersHandler, true);
        this.openssl1Mode = z3;
        this.pmaNsStore = new EuGridPmaNamespacesStore(observersHandler, z3);
        this.globusNsStore = new GlobusNamespacesStore(observersHandler, z3);
        this.loadEuGridPmaNs = z2;
        this.loadGlobusNs = z;
        update();
        scheduleUpdate();
    }

    @Override // eu.emi.security.authn.x509.helpers.trust.DirectoryTrustAnchorStore
    protected void reloadCerts(Collection<URL> collection) {
        ArrayList arrayList = new ArrayList();
        HashSet hashSet = new HashSet();
        for (URL url : collection) {
            if (tryLoadCert(url, hashSet)) {
                arrayList.add(url.getPath());
            }
        }
        synchronized (this) {
            this.anchors.clear();
            this.anchors.addAll(hashSet);
            if (this.loadEuGridPmaNs) {
                this.pmaNsStore.setPolicies(arrayList);
            }
            if (this.loadGlobusNs) {
                this.globusNsStore.setPolicies(arrayList);
            }
        }
    }

    protected boolean tryLoadCert(URL url, Set<TrustAnchorExt> set) {
        String fileHash = OpensslTruststoreHelper.getFileHash(url.getPath(), OpensslTruststoreHelper.CERT_REGEXP);
        if (fileHash == null) {
            return false;
        }
        try {
            X509Certificate[] loadCerts = loadCerts(url);
            if (loadCerts.length != 1) {
                throw new IOException("Each of the certificate files in the Openssl style truststore must contain exactly one certificate");
            }
            X509Certificate x509Certificate = loadCerts[0];
            if (!fileHash.equalsIgnoreCase(OpensslTruststoreHelper.getOpenSSLCAHash(x509Certificate.getSubjectX500Principal(), this.openssl1Mode))) {
                return false;
            }
            set.add(new TrustAnchorExt(x509Certificate, null));
            return true;
        } catch (Exception e) {
            this.observers.notifyObservers(url.toExternalForm(), StoreUpdateListener.CA_CERT, StoreUpdateListener.Severity.ERROR, e);
            return false;
        }
    }

    @Override // eu.emi.security.authn.x509.helpers.trust.OpensslTrustAnchorStore
    public NamespacesStore getPmaNsStore() {
        return this.pmaNsStore;
    }

    @Override // eu.emi.security.authn.x509.helpers.trust.OpensslTrustAnchorStore
    public NamespacesStore getGlobusNsStore() {
        return this.globusNsStore;
    }
}
