package net.shibboleth.metadata.dom.ds;

import java.io.ByteArrayInputStream;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import javax.annotation.Nonnull;
import javax.annotation.concurrent.GuardedBy;
import javax.annotation.concurrent.ThreadSafe;
import net.shibboleth.metadata.Item;
import net.shibboleth.metadata.dom.AbstractDOMValidationStage;
import net.shibboleth.metadata.dom.DOMTraversalContext;
import net.shibboleth.metadata.dom.SimpleDOMTraversalContext;
import net.shibboleth.metadata.pipeline.StageProcessingException;
import net.shibboleth.shared.annotation.constraint.NonnullAfterInit;
import net.shibboleth.shared.codec.Base64Support;
import net.shibboleth.shared.codec.DecodingException;
import net.shibboleth.shared.component.ComponentInitializationException;
import org.w3c.dom.Element;

@ThreadSafe
/* loaded from: input_file:net/shibboleth/metadata/dom/ds/X509ValidationStage.class */
public class X509ValidationStage extends AbstractDOMValidationStage<X509Certificate, Context> {

    @GuardedBy("this")
    @NonnullAfterInit
    private CertificateFactory factory;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:net/shibboleth/metadata/dom/ds/X509ValidationStage$Context.class */
    public static class Context extends SimpleDOMTraversalContext {
        private Map<X509Certificate, X509Certificate> certMap;

        public Context(@Nonnull Item<Element> item) {
            super(item);
            this.certMap = new HashMap();
        }

        protected boolean haveSeen(@Nonnull X509Certificate x509Certificate) {
            return this.certMap.containsKey(x509Certificate);
        }

        protected void add(@Nonnull X509Certificate x509Certificate) {
            this.certMap.put(x509Certificate, x509Certificate);
        }
    }

    @Override // net.shibboleth.metadata.dom.AbstractDOMTraversalStage
    @Nonnull
    protected Context buildContext(@Nonnull Item<Element> item) {
        return new Context(item);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.metadata.dom.AbstractDOMTraversalStage
    public boolean applicable(@Nonnull Element element, @Nonnull Context context) {
        return "http://www.w3.org/2000/09/xmldsig#".equals(element.getNamespaceURI()) && "X509Certificate".equals(element.getLocalName());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.metadata.dom.AbstractDOMTraversalStage
    public void visit(@Nonnull Element element, @Nonnull Context context) throws StageProcessingException {
        X509Certificate x509Certificate;
        String textContent = element.getTextContent();
        if (!$assertionsDisabled && textContent == null) {
            throw new AssertionError();
        }
        try {
            byte[] decode = Base64Support.decode(textContent);
            synchronized (this) {
                x509Certificate = (X509Certificate) this.factory.generateCertificate(new ByteArrayInputStream(decode));
                if (!$assertionsDisabled && x509Certificate == null) {
                    throw new AssertionError();
                }
            }
            if (!context.haveSeen(x509Certificate)) {
                context.add(x509Certificate);
                applyValidators(x509Certificate, context);
            }
        } catch (DecodingException e) {
            addError(context.getItem(), element, "could not convert X509Certficate data");
        } catch (CertificateException e2) {
            addError(context.getItem(), element, "X.509 certificate: " + e2.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.metadata.dom.AbstractDOMValidationStage
    public synchronized void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        try {
            this.factory = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e) {
            throw new ComponentInitializationException("can't create X.509 certificate factory", e);
        }
    }

    @Override // net.shibboleth.metadata.dom.AbstractDOMTraversalStage
    @Nonnull
    protected /* bridge */ /* synthetic */ DOMTraversalContext buildContext(@Nonnull Item item) {
        return buildContext((Item<Element>) item);
    }

    static {
        $assertionsDisabled = !X509ValidationStage.class.desiredAssertionStatus();
    }
}
