package com.sun.identity.security.cert;

import com.sun.identity.security.SecurityDebug;
import com.sun.identity.shared.debug.Debug;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertStore;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXParameters;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Vector;

/* loaded from: input_file:com/sun/identity/security/cert/AMCertPath.class */
public class AMCertPath {
    private static String OCSP_ENABLE;
    private static String OCSP_RESPONDER_URL;
    private static String OCSP_RESPONDER_CERT_SUBJECT_NAME;
    private static String OCSP_RESPONDER_CERT_ISSUER_NAME;
    private static String OCSP_RESPONDER_CERT_SERIAL_NUMBER;
    private static CertificateFactory cf;
    private static CertPathValidator cpv;
    private CertStore store;
    public static Debug debug = SecurityDebug.debug;

    public AMCertPath(Vector vector) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        X509CRL x509crl;
        this.store = null;
        if (debug.messageEnabled() && (x509crl = (X509CRL) vector.elementAt(0)) != null) {
            debug.message(new StringBuffer().append("").append(x509crl.toString()).toString());
        }
        if (vector == null || vector.size() <= 0) {
            return;
        }
        this.store = CertStore.getInstance("Collection", new CollectionCertStoreParameters(vector));
    }

    private void printOCSPConfig() {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("OCSP_ENABLE :").append(OCSP_ENABLE).toString());
            debug.message(new StringBuffer().append("OCSP_RESPONDER_URL:").append(OCSP_RESPONDER_URL).toString());
            debug.message(new StringBuffer().append("OCSP_RESPONDER_CERT_SUBJECT_NAME :").append(OCSP_RESPONDER_CERT_SUBJECT_NAME).toString());
            debug.message(new StringBuffer().append("OCSP_RESPONDER_CERT_ISSUER_NAME :").append(OCSP_RESPONDER_CERT_ISSUER_NAME).toString());
            debug.message(new StringBuffer().append("OCSP_RESPONDER_CERT_SERIAL_NUMBER :").append(OCSP_RESPONDER_CERT_SERIAL_NUMBER).toString());
        }
    }

    public boolean velify(X509Certificate[] x509CertificateArr) {
        try {
            printOCSPConfig();
            CertPath generateCertPath = cf.generateCertPath(Arrays.asList(x509CertificateArr));
            Class<?> cls = Class.forName("com.sun.identity.security.keystore.AMX509TrustManager");
            PKIXParameters pKIXParameters = new PKIXParameters((KeyStore) cls.getMethod("getKeyStore", null).invoke(cls.newInstance(), (Object[]) null));
            if (this.store != null) {
                pKIXParameters.addCertStore(this.store);
            }
            CertPathValidatorResult validate = cpv.validate(generateCertPath, pKIXParameters);
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("VALIDATE_RESULT: PASS").append(validate.toString()).toString());
            }
            return true;
        } catch (Exception e) {
            debug.message("VALIDATE_RESULT: FAILED");
            debug.message(new StringBuffer().append("").append(e.toString()).toString());
            return false;
        }
    }

    static {
        OCSP_ENABLE = null;
        OCSP_RESPONDER_URL = null;
        OCSP_RESPONDER_CERT_SUBJECT_NAME = null;
        OCSP_RESPONDER_CERT_ISSUER_NAME = null;
        OCSP_RESPONDER_CERT_SERIAL_NUMBER = null;
        cf = null;
        cpv = null;
        OCSP_ENABLE = Security.getProperty("ocsp.enable");
        OCSP_RESPONDER_URL = Security.getProperty("ocsp.responderURL");
        OCSP_RESPONDER_CERT_SUBJECT_NAME = Security.getProperty("ocsp.responderCertSubjectName");
        OCSP_RESPONDER_CERT_ISSUER_NAME = Security.getProperty("ocsp.responderCertIssuerName");
        OCSP_RESPONDER_CERT_SERIAL_NUMBER = Security.getProperty("ocsp.responderCertSerialNumber");
        try {
            cf = CertificateFactory.getInstance("X509");
            cpv = CertPathValidator.getInstance("PKIX");
        } catch (Exception e) {
            debug.error(new StringBuffer().append("").append(e.toString()).toString());
        }
    }
}
