package eu.emi.security.authn.x509.impl;

import eu.emi.security.authn.x509.NamespaceCheckingMode;
import eu.emi.security.authn.x509.ValidationError;
import eu.emi.security.authn.x509.ValidationResult;
import eu.emi.security.authn.x509.helpers.crl.AbstractCRLStoreSPI;
import eu.emi.security.authn.x509.helpers.crl.LazyOpensslCRLStoreSpi;
import eu.emi.security.authn.x509.helpers.crl.OpensslCRLStoreSpi;
import eu.emi.security.authn.x509.helpers.ns.NamespaceChecker;
import eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator;
import eu.emi.security.authn.x509.helpers.trust.LazyOpensslTrustAnchorStoreImpl;
import eu.emi.security.authn.x509.helpers.trust.OpensslTrustAnchorStore;
import eu.emi.security.authn.x509.helpers.trust.OpensslTrustAnchorStoreImpl;
import java.security.InvalidAlgorithmParameterException;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Timer;

/* loaded from: input_file:eu/emi/security/authn/x509/impl/OpensslCertChainValidator.class */
public class OpensslCertChainValidator extends AbstractValidator {
    private OpensslTrustAnchorStore trustStore;
    private AbstractCRLStoreSPI crlStore;
    private final NamespaceCheckingMode namespaceMode;
    private String path;
    private final boolean lazyMode;
    private static final X509Certificate[] EMPTY_CERT_ARRAY = new X509Certificate[0];
    protected static final Timer timer = new Timer("caNl validator (openssl) timer", true);

    public OpensslCertChainValidator(String str, NamespaceCheckingMode namespaceCheckingMode, long j, ValidatorParams validatorParams) {
        this(str, false, namespaceCheckingMode, j, validatorParams, true);
    }

    public OpensslCertChainValidator(String str, boolean z, NamespaceCheckingMode namespaceCheckingMode, long j, ValidatorParams validatorParams) {
        this(str, z, namespaceCheckingMode, j, validatorParams, true);
    }

    public OpensslCertChainValidator(String str, boolean z, NamespaceCheckingMode namespaceCheckingMode, long j, ValidatorParams validatorParams, boolean z2) {
        super(validatorParams.getInitialListeners());
        this.path = str;
        this.lazyMode = z2;
        this.namespaceMode = namespaceCheckingMode;
        this.trustStore = z2 ? new LazyOpensslTrustAnchorStoreImpl(str, j, this.observers, z) : new OpensslTrustAnchorStoreImpl(str, timer, j, namespaceCheckingMode.globusEnabled(), namespaceCheckingMode.euGridPmaEnabled(), this.observers, z);
        try {
            this.crlStore = z2 ? new LazyOpensslCRLStoreSpi(str, j, this.observers, z) : new OpensslCRLStoreSpi(str, j, timer, this.observers, z);
            init(this.trustStore, this.crlStore, validatorParams.isAllowProxy(), validatorParams.getRevocationSettings());
        } catch (InvalidAlgorithmParameterException e) {
            throw new RuntimeException("BUG: OpensslCRLStoreSpi can not be initialized", e);
        }
    }

    public OpensslCertChainValidator(String str, NamespaceCheckingMode namespaceCheckingMode, long j) {
        this(str, namespaceCheckingMode, j, new ValidatorParams());
    }

    public OpensslCertChainValidator(String str) {
        this(str, NamespaceCheckingMode.EUGRIDPMA_GLOBUS, 600000L, new ValidatorParamsExt());
    }

    public String getTruststorePath() {
        return this.path;
    }

    public NamespaceCheckingMode getNamespaceCheckingMode() {
        return this.namespaceMode;
    }

    public long getUpdateInterval() {
        return this.trustStore.getUpdateInterval();
    }

    public void setUpdateInterval(long j) {
        this.trustStore.setUpdateInterval(j);
        this.crlStore.setUpdateInterval(j);
    }

    @Override // eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator, eu.emi.security.authn.x509.X509CertChainValidatorExt
    public void dispose() {
        super.dispose();
        this.trustStore.dispose();
        this.crlStore.dispose();
    }

    @Override // eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator, eu.emi.security.authn.x509.X509CertChainValidator
    public ValidationResult validate(X509Certificate[] x509CertificateArr) {
        ValidationResult validate = super.validate(x509CertificateArr, this.lazyMode ? ((LazyOpensslTrustAnchorStoreImpl) this.trustStore).getTrustAnchorsFor(x509CertificateArr) : this.trustStore.getTrustAnchors());
        validateNamespaces(x509CertificateArr, validate);
        return validate;
    }

    private void validateNamespaces(X509Certificate[] x509CertificateArr, ValidationResult validationResult) {
        List<ValidationError> check = new NamespaceChecker(this.namespaceMode, this.trustStore.getPmaNsStore(), this.trustStore.getGlobusNsStore()).check(validationResult.isValid() ? (X509Certificate[]) validationResult.getValidChain().toArray(EMPTY_CERT_ARRAY) : x509CertificateArr);
        processErrorList(check);
        validationResult.addErrors(check);
    }
}
