package eu.contrail.security;

import java.io.FileInputStream;
import java.io.InputStreamReader;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Security;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Set;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:WEB-INF/lib/security-commons-1.0-SNAPSHOT.jar:eu/contrail/security/CertificatePathValidator.class */
public class CertificatePathValidator {
    private List list = new ArrayList();
    PKIXParameters param;
    Set<TrustAnchor> trust;
    CertPath certPath;
    CertPathValidator validator;

    public CertificatePathValidator(X509Certificate x509Certificate, X509CRL x509crl, X509Certificate x509Certificate2) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException, CertificateException {
        this.list.add(x509Certificate);
        this.list.add(x509Certificate2);
        this.list.add(x509crl);
        CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(this.list), "BC");
        CertificateFactory certificateFactory = CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID, "BC");
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate2);
        this.certPath = certificateFactory.generateCertPath(arrayList);
        Set singleton = Collections.singleton(new TrustAnchor(x509Certificate, null));
        this.validator = CertPathValidator.getInstance("PKIX", "BC");
        this.param = new PKIXParameters((Set<TrustAnchor>) singleton);
        this.param.addCertStore(certStore);
    }

    public void setTargetCertConstraints(X509CertSelector x509CertSelector) {
        this.param.setTargetCertConstraints(x509CertSelector);
    }

    public void validate() throws CertPathValidatorException, InvalidAlgorithmParameterException {
        this.param.setDate(new Date());
        this.validator.validate(this.certPath, this.param);
    }

    public static void main(String[] strArr) throws Exception {
        if (strArr.length != 4) {
            System.err.println("Usage: validate-cert rootCert endCert");
            System.exit(-1);
        }
        String str = strArr[0];
        String str2 = strArr[1];
        Security.addProvider(new BouncyCastleProvider());
        X509Certificate readCertificate = SecurityUtils.readCertificate(new InputStreamReader(new FileInputStream(str)));
        try {
            readCertificate.verify(readCertificate.getPublicKey());
        } catch (Exception e) {
            System.err.println("Verify rootCRL with rootKeyPair.getPublic()");
            System.err.println(e);
        }
        X509Certificate readCertificate2 = SecurityUtils.readCertificate(new InputStreamReader(new FileInputStream(str2)));
        ArrayList arrayList = new ArrayList();
        arrayList.add(readCertificate);
        arrayList.add(readCertificate2);
        CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), "BC");
        CertificateFactory certificateFactory = CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID, "BC");
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(readCertificate2);
        CertPath generateCertPath = certificateFactory.generateCertPath(arrayList2);
        Set singleton = Collections.singleton(new TrustAnchor(readCertificate, null));
        CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX", "BC");
        PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) singleton);
        pKIXParameters.addCertStore(certStore);
        pKIXParameters.setDate(new Date());
        pKIXParameters.setRevocationEnabled(false);
        try {
            certPathValidator.validate(generateCertPath, pKIXParameters);
            System.out.println("certificate path validated");
        } catch (CertPathValidatorException e2) {
            System.out.println("validation failed on certificate number " + e2.getIndex() + ", details: " + e2.getMessage());
        }
    }
}
