package org.eclipse.jetty.util.security;

import java.security.InvalidParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CRL;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.concurrent.atomic.AtomicLong;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;

/* loaded from: classes5.dex */
public class CertificateValidator {
    private static final Logger LOG = Log.getLogger((Class<?>) CertificateValidator.class);
    private static AtomicLong __aliasCount = new AtomicLong();
    private Collection<? extends CRL> _crls;
    private String _ocspResponderURL;
    private KeyStore _trustStore;
    private int _maxCertPathLength = -1;
    private boolean _enableCRLDP = false;
    private boolean _enableOCSP = false;

    public CertificateValidator(KeyStore keyStore, Collection<? extends CRL> collection) {
        if (keyStore == null) {
            throw new InvalidParameterException("TrustStore must be specified for CertificateValidator.");
        }
        this._trustStore = keyStore;
        this._crls = collection;
    }

    public Collection<? extends CRL> getCrls() {
        return this._crls;
    }

    public int getMaxCertPathLength() {
        return this._maxCertPathLength;
    }

    public String getOcspResponderURL() {
        return this._ocspResponderURL;
    }

    public KeyStore getTrustStore() {
        return this._trustStore;
    }

    public boolean isEnableCRLDP() {
        return this._enableCRLDP;
    }

    public boolean isEnableOCSP() {
        return this._enableOCSP;
    }

    public void setEnableCRLDP(boolean z) {
        this._enableCRLDP = z;
    }

    public void setEnableOCSP(boolean z) {
        this._enableOCSP = z;
    }

    public void setMaxCertPathLength(int i) {
        this._maxCertPathLength = i;
    }

    public void setOcspResponderURL(String str) {
        this._ocspResponderURL = str;
    }

    public String validate(KeyStore keyStore, String str) throws CertificateException {
        if (str == null) {
            return null;
        }
        try {
            validate(keyStore, keyStore.getCertificate(str));
            return str;
        } catch (KeyStoreException e) {
            LOG.debug(e);
            throw new CertificateException("Unable to validate certificate for alias [" + str + "]: " + e.getMessage(), e);
        }
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Found unreachable blocks
        	at jadx.core.dex.visitors.blocks.DominatorTree.sortBlocks(DominatorTree.java:34)
        	at jadx.core.dex.visitors.blocks.DominatorTree.compute(DominatorTree.java:24)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.computeDominators(BlockProcessor.java:209)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:50)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    public void validate(java.security.KeyStore r3) throws java.security.cert.CertificateException {
        /*
            r2 = this;
            java.util.Enumeration r0 = r3.aliases()     // Catch: java.security.KeyStoreException -> L15
        L4:
            boolean r1 = r0.hasMoreElements()     // Catch: java.security.KeyStoreException -> L15
            if (r1 == 0) goto L14
            java.lang.Object r1 = r0.nextElement()     // Catch: java.security.KeyStoreException -> L15
            java.lang.String r1 = (java.lang.String) r1     // Catch: java.security.KeyStoreException -> L15
            r2.validate(r3, r1)     // Catch: java.security.KeyStoreException -> L15
            goto L4
        L14:
            return
        L15:
            r3 = move-exception
            java.security.cert.CertificateException r0 = new java.security.cert.CertificateException
            java.lang.String r1 = "Unable to retrieve aliases from keystore"
            r0.<init>(r1, r3)
            throw r0
        L1e:
            goto L1e
        */
        throw new UnsupportedOperationException("Method not decompiled: org.eclipse.jetty.util.security.CertificateValidator.validate(java.security.KeyStore):void");
    }

    public void validate(KeyStore keyStore, Certificate certificate) throws CertificateException {
        String str;
        if (certificate == null || !(certificate instanceof X509Certificate)) {
            return;
        }
        ((X509Certificate) certificate).checkValidity();
        try {
            if (keyStore == null) {
                throw new InvalidParameterException("Keystore cannot be null");
            }
            String certificateAlias = keyStore.getCertificateAlias((X509Certificate) certificate);
            if (certificateAlias == null) {
                certificateAlias = "JETTY" + String.format("%016X", Long.valueOf(__aliasCount.incrementAndGet()));
                keyStore.setCertificateEntry(certificateAlias, certificate);
            }
            Certificate[] certificateChain = keyStore.getCertificateChain(certificateAlias);
            if (certificateChain == null || certificateChain.length == 0) {
                throw new IllegalStateException("Unable to retrieve certificate chain");
            }
            validate(certificateChain);
        } catch (KeyStoreException e) {
            LOG.debug(e);
            StringBuilder sb = new StringBuilder();
            sb.append("Unable to validate certificate");
            if (0 == 0) {
                str = "";
            } else {
                str = " for alias [" + ((String) null) + "]";
            }
            sb.append(str);
            sb.append(": ");
            sb.append(e.getMessage());
            throw new CertificateException(sb.toString(), e);
        }
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Found unreachable blocks
        	at jadx.core.dex.visitors.blocks.DominatorTree.sortBlocks(DominatorTree.java:34)
        	at jadx.core.dex.visitors.blocks.DominatorTree.compute(DominatorTree.java:24)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.computeDominators(BlockProcessor.java:209)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:50)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    public void validate(java.security.cert.Certificate[] r7) throws java.security.cert.CertificateException {
        /*
            r6 = this;
            java.util.ArrayList r0 = new java.util.ArrayList     // Catch: java.security.GeneralSecurityException -> La7
            r0.<init>()     // Catch: java.security.GeneralSecurityException -> La7
            int r1 = r7.length     // Catch: java.security.GeneralSecurityException -> La7
            r2 = 0
            r3 = 0
        L8:
            if (r3 >= r1) goto L23
            r4 = r7[r3]     // Catch: java.security.GeneralSecurityException -> La7
            if (r4 != 0) goto Lf
            goto L18
        Lf:
            boolean r5 = r4 instanceof java.security.cert.X509Certificate     // Catch: java.security.GeneralSecurityException -> La7
            if (r5 == 0) goto L1b
            java.security.cert.X509Certificate r4 = (java.security.cert.X509Certificate) r4     // Catch: java.security.GeneralSecurityException -> La7
            r0.add(r4)     // Catch: java.security.GeneralSecurityException -> La7
        L18:
            int r3 = r3 + 1
            goto L8
        L1b:
            java.lang.IllegalStateException r7 = new java.lang.IllegalStateException     // Catch: java.security.GeneralSecurityException -> La7
            java.lang.String r0 = "Invalid certificate type in chain"
            r7.<init>(r0)     // Catch: java.security.GeneralSecurityException -> La7
            throw r7     // Catch: java.security.GeneralSecurityException -> La7
        L23:
            boolean r7 = r0.isEmpty()     // Catch: java.security.GeneralSecurityException -> La7
            if (r7 != 0) goto L9f
            java.security.cert.X509CertSelector r7 = new java.security.cert.X509CertSelector     // Catch: java.security.GeneralSecurityException -> La7
            r7.<init>()     // Catch: java.security.GeneralSecurityException -> La7
            java.lang.Object r1 = r0.get(r2)     // Catch: java.security.GeneralSecurityException -> La7
            java.security.cert.X509Certificate r1 = (java.security.cert.X509Certificate) r1     // Catch: java.security.GeneralSecurityException -> La7
            r7.setCertificate(r1)     // Catch: java.security.GeneralSecurityException -> La7
            java.security.cert.PKIXBuilderParameters r1 = new java.security.cert.PKIXBuilderParameters     // Catch: java.security.GeneralSecurityException -> La7
            java.security.KeyStore r2 = r6._trustStore     // Catch: java.security.GeneralSecurityException -> La7
            r1.<init>(r2, r7)     // Catch: java.security.GeneralSecurityException -> La7
            java.lang.String r7 = "Collection"
            java.security.cert.CollectionCertStoreParameters r2 = new java.security.cert.CollectionCertStoreParameters     // Catch: java.security.GeneralSecurityException -> La7
            r2.<init>(r0)     // Catch: java.security.GeneralSecurityException -> La7
            java.security.cert.CertStore r7 = java.security.cert.CertStore.getInstance(r7, r2)     // Catch: java.security.GeneralSecurityException -> La7
            r1.addCertStore(r7)     // Catch: java.security.GeneralSecurityException -> La7
            int r7 = r6._maxCertPathLength     // Catch: java.security.GeneralSecurityException -> La7
            r1.setMaxPathLength(r7)     // Catch: java.security.GeneralSecurityException -> La7
            r7 = 1
            r1.setRevocationEnabled(r7)     // Catch: java.security.GeneralSecurityException -> La7
            java.util.Collection<? extends java.security.cert.CRL> r7 = r6._crls     // Catch: java.security.GeneralSecurityException -> La7
            if (r7 == 0) goto L71
            java.util.Collection<? extends java.security.cert.CRL> r7 = r6._crls     // Catch: java.security.GeneralSecurityException -> La7
            boolean r7 = r7.isEmpty()     // Catch: java.security.GeneralSecurityException -> La7
            if (r7 != 0) goto L71
            java.lang.String r7 = "Collection"
            java.security.cert.CollectionCertStoreParameters r0 = new java.security.cert.CollectionCertStoreParameters     // Catch: java.security.GeneralSecurityException -> La7
            java.util.Collection<? extends java.security.cert.CRL> r2 = r6._crls     // Catch: java.security.GeneralSecurityException -> La7
            r0.<init>(r2)     // Catch: java.security.GeneralSecurityException -> La7
            java.security.cert.CertStore r7 = java.security.cert.CertStore.getInstance(r7, r0)     // Catch: java.security.GeneralSecurityException -> La7
            r1.addCertStore(r7)     // Catch: java.security.GeneralSecurityException -> La7
        L71:
            boolean r7 = r6._enableOCSP     // Catch: java.security.GeneralSecurityException -> La7
            if (r7 == 0) goto L7c
            java.lang.String r7 = "ocsp.enable"
            java.lang.String r0 = "true"
            java.security.Security.setProperty(r7, r0)     // Catch: java.security.GeneralSecurityException -> La7
        L7c:
            boolean r7 = r6._enableCRLDP     // Catch: java.security.GeneralSecurityException -> La7
            if (r7 == 0) goto L87
            java.lang.String r7 = "com.sun.security.enableCRLDP"
            java.lang.String r0 = "true"
            java.lang.System.setProperty(r7, r0)     // Catch: java.security.GeneralSecurityException -> La7
        L87:
            java.lang.String r7 = "PKIX"
            java.security.cert.CertPathBuilder r7 = java.security.cert.CertPathBuilder.getInstance(r7)     // Catch: java.security.GeneralSecurityException -> La7
            java.security.cert.CertPathBuilderResult r7 = r7.build(r1)     // Catch: java.security.GeneralSecurityException -> La7
            java.lang.String r0 = "PKIX"
            java.security.cert.CertPathValidator r0 = java.security.cert.CertPathValidator.getInstance(r0)     // Catch: java.security.GeneralSecurityException -> La7
            java.security.cert.CertPath r7 = r7.getCertPath()     // Catch: java.security.GeneralSecurityException -> La7
            r0.validate(r7, r1)     // Catch: java.security.GeneralSecurityException -> La7
            return
        L9f:
            java.lang.IllegalStateException r7 = new java.lang.IllegalStateException     // Catch: java.security.GeneralSecurityException -> La7
            java.lang.String r0 = "Invalid certificate chain"
            r7.<init>(r0)     // Catch: java.security.GeneralSecurityException -> La7
            throw r7     // Catch: java.security.GeneralSecurityException -> La7
        La7:
            r7 = move-exception
            org.eclipse.jetty.util.log.Logger r0 = org.eclipse.jetty.util.security.CertificateValidator.LOG
            r0.debug(r7)
            java.security.cert.CertificateException r0 = new java.security.cert.CertificateException
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            r1.<init>()
            java.lang.String r2 = "Unable to validate certificate: "
            r1.append(r2)
            java.lang.String r2 = r7.getMessage()
            r1.append(r2)
            java.lang.String r1 = r1.toString()
            r0.<init>(r1, r7)
            throw r0
        Lc8:
            goto Lc8
        */
        throw new UnsupportedOperationException("Method not decompiled: org.eclipse.jetty.util.security.CertificateValidator.validate(java.security.cert.Certificate[]):void");
    }
}
