package br.net.woodstock.rockframework.security.cert.impl;

import br.net.woodstock.rockframework.security.cert.CertificateException;
import br.net.woodstock.rockframework.security.cert.CertificateValidator;
import br.net.woodstock.rockframework.security.cert.ValidationError;
import br.net.woodstock.rockframework.security.util.BouncyCastleProviderHelper;
import br.net.woodstock.rockframework.util.Assert;
import br.net.woodstock.rockframework.utils.CollectionUtils;
import br.net.woodstock.rockframework.utils.ConditionUtils;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;

/* loaded from: input_file:br/net/woodstock/rockframework/security/cert/impl/HierarchyCertificateValidator.class */
public class HierarchyCertificateValidator implements CertificateValidator {
    public static final String VALIDATOR_NAME = "Hierarchy Validator";
    private Certificate[] certificates;

    public HierarchyCertificateValidator() {
    }

    public HierarchyCertificateValidator(Certificate certificate) {
        Assert.notNull(certificate, "certificate");
        this.certificates = new Certificate[]{certificate};
    }

    public HierarchyCertificateValidator(Certificate[] certificateArr) {
        Assert.notEmpty(certificateArr, "certificates");
        this.certificates = certificateArr;
    }

    @Override // br.net.woodstock.rockframework.security.cert.CertificateValidator
    public ValidationError[] validate(Certificate[] certificateArr) {
        Assert.notEmpty(certificateArr, "chain");
        if (certificateArr.length < 2) {
            return new ValidationError[]{new ValidationError(VALIDATOR_NAME, "Certificate chain must be greater than 1(certificate and issuer certificate")};
        }
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < certificateArr.length - 1; i++) {
            X509Certificate x509Certificate = (X509Certificate) certificateArr[i];
            X509Certificate x509Certificate2 = (X509Certificate) certificateArr[i + 1];
            try {
                x509Certificate.verify(x509Certificate2.getPublicKey());
                if (x509Certificate2.getBasicConstraints() == -1) {
                    arrayList.add(new ValidationError(VALIDATOR_NAME, "Certificate issuer '" + BouncyCastleProviderHelper.getName(x509Certificate2.getSubjectX500Principal()) + "' is not a CA"));
                }
            } catch (SignatureException e) {
                arrayList.add(new ValidationError(VALIDATOR_NAME, "Certificate '" + BouncyCastleProviderHelper.getName(x509Certificate.getSubjectX500Principal()) + "' not signed by '" + BouncyCastleProviderHelper.getName(x509Certificate2.getSubjectX500Principal()) + "'"));
            } catch (Exception e2) {
                throw new CertificateException(e2);
            }
        }
        try {
            if (ConditionUtils.isNotEmpty(this.certificates)) {
                boolean z = false;
                int i2 = 1;
                loop1: while (true) {
                    if (i2 >= certificateArr.length) {
                        break;
                    }
                    X509Certificate x509Certificate3 = (X509Certificate) certificateArr[i2];
                    for (Certificate certificate : this.certificates) {
                        if (Arrays.equals(x509Certificate3.getEncoded(), ((X509Certificate) certificate).getEncoded())) {
                            z = true;
                            break loop1;
                        }
                    }
                    i2++;
                }
                if (!z) {
                    arrayList.add(new ValidationError(VALIDATOR_NAME, "Certificate chain is invalid, a required certificate could not be found"));
                }
            }
            return (ValidationError[]) CollectionUtils.toArray(arrayList, ValidationError.class);
        } catch (CertificateEncodingException e3) {
            throw new CertificateException(e3);
        }
    }
}
