package org.josso.auth.scheme.validation;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:WEB-INF/lib/josso-strong-authscheme-1.8.10-SNAPSHOT.jar:org/josso/auth/scheme/validation/AbstractX509CertificateValidator.class */
public abstract class AbstractX509CertificateValidator implements X509CertificateValidator {
    private static final Log log = LogFactory.getLog(AbstractX509CertificateValidator.class);
    protected String _url;
    protected String _httpProxyHost;
    protected String _httpProxyPort;
    protected String _trustStore;
    protected String _trustPassword;
    protected List<String> _caCertAliases;
    protected List<String> _trustAnchorCertAliases;
    private KeyStore _keystore;
    private Set<TrustAnchor> _trustAnchors;
    private List<X509Certificate> _caCerts;
    private boolean _initialized = false;

    public synchronized void initialize() {
        try {
            if (this._initialized) {
                return;
            }
            if (this._trustStore == null) {
                log.error("TrustStore is not set!");
                throw new RuntimeException("Can't initialize keystore!");
            }
            if (this._trustAnchorCertAliases == null || this._trustAnchorCertAliases.size() == 0) {
                log.error("Trust anchor certificate aliases are not set!");
                throw new RuntimeException("Trust anchor certificate aliases are not set!");
            }
            this._keystore = KeyStore.getInstance("JKS");
            char[] cArr = null;
            if (this._trustPassword != null) {
                cArr = this._trustPassword.toCharArray();
            }
            this._keystore.load(getClass().getResourceAsStream(this._trustStore), cArr);
            this._trustAnchors = new HashSet();
            Iterator<String> it = this._trustAnchorCertAliases.iterator();
            while (it.hasNext()) {
                Certificate certificate = this._keystore.getCertificate(it.next());
                if (certificate != null && (certificate instanceof X509Certificate)) {
                    this._trustAnchors.add(new TrustAnchor((X509Certificate) certificate, null));
                }
            }
            this._caCerts = new ArrayList();
            if (this._caCertAliases != null && this._caCertAliases.size() > 0) {
                Iterator<String> it2 = this._caCertAliases.iterator();
                while (it2.hasNext()) {
                    Certificate certificate2 = this._keystore.getCertificate(it2.next());
                    if (certificate2 != null && (certificate2 instanceof X509Certificate)) {
                        this._caCerts.add((X509Certificate) certificate2);
                    }
                }
            }
            this._initialized = true;
        } catch (Exception e) {
            log.error(e, e);
            throw new RuntimeException("Can't initialize keystore : " + e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CertPath generateCertificatePath(X509Certificate x509Certificate) throws CertificateException {
        if (!this._initialized) {
            initialize();
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate);
        arrayList.addAll(this._caCerts);
        return CertificateFactory.getInstance("X.509").generateCertPath(arrayList);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Set<TrustAnchor> generateTrustAnchors() throws CertificateException {
        if (!this._initialized) {
            initialize();
        }
        return this._trustAnchors;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public X509Certificate getCertificate(String str) throws CertificateException {
        if (str == null) {
            return null;
        }
        if (!this._initialized) {
            initialize();
        }
        try {
            return (X509Certificate) this._keystore.getCertificate(str);
        } catch (KeyStoreException e) {
            log.error(e, e);
            throw new RuntimeException("Error getting certificate from keystore : " + e.getMessage(), e);
        }
    }

    public String getUrl() {
        return this._url;
    }

    public void setUrl(String str) {
        this._url = str;
    }

    public String getHttpProxyHost() {
        return this._httpProxyHost;
    }

    public void setHttpProxyHost(String str) {
        this._httpProxyHost = str;
    }

    public String getHttpProxyPort() {
        return this._httpProxyPort;
    }

    public void setHttpProxyPort(String str) {
        this._httpProxyPort = str;
    }

    public String getTrustStore() {
        return this._trustStore;
    }

    public void setTrustStore(String str) {
        this._trustStore = str;
    }

    public String getTrustPassword() {
        return this._trustPassword;
    }

    public void setTrustPassword(String str) {
        this._trustPassword = str;
    }

    public List<String> getTrustAnchorCertAliases() {
        return this._trustAnchorCertAliases;
    }

    public void setTrustAnchorCertAliases(List<String> list) {
        this._trustAnchorCertAliases = list;
    }

    public List<String> getCaCertAliases() {
        return this._caCertAliases;
    }

    public void setCaCertAliases(List<String> list) {
        this._caCertAliases = list;
    }
}
