package com.google.step2.xmlsimplesign;

import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Lists;
import com.google.inject.Inject;
import com.google.step2.util.ExpiringLruCache;
import com.google.step2.util.TimeSource;
import java.security.GeneralSecurityException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;

/* JADX WARN: Classes with same name are omitted:
  input_file:com/google/step2/xmlsimplesign/CachedCertPathValidator.class
 */
/* loaded from: input_file:step2-common-1.0.0-wso2v1.jar:com/google/step2/xmlsimplesign/CachedCertPathValidator.class */
public class CachedCertPathValidator {
    private static final Logger log = Logger.getLogger(CachedCertPathValidator.class.getName());
    private static final String VALIDATOR_TYPE = "PKIX";
    private static final String CERTIFICATE_TYPE = "X.509";
    private static final int VALIDATION_CACHE_SIZE = 1024;
    private static final long VALIDATION_CACHE_AGE_SECONDS = 600;
    private final Set<TrustAnchor> trustRoots;
    private final ExpiringLruCache<List<X509Certificate>, Boolean> validationCache;
    private TimeSource timeSource;

    @Inject
    public CachedCertPathValidator(TrustRootsProvider trustRootsProvider) {
        this(trustRootsProvider.getTrustRoots());
    }

    public CachedCertPathValidator(Collection<X509Certificate> collection) {
        this.timeSource = new TimeSource();
        this.trustRoots = createTrustRoots(collection);
        this.validationCache = new ExpiringLruCache<>(VALIDATION_CACHE_SIZE);
    }

    private ImmutableSet<TrustAnchor> createTrustRoots(Collection<X509Certificate> collection) {
        ArrayList newArrayList = Lists.newArrayList();
        Iterator<X509Certificate> it = collection.iterator();
        while (it.hasNext()) {
            newArrayList.add(new TrustAnchor(it.next(), null));
        }
        return ImmutableSet.copyOf(newArrayList);
    }

    public void setTimeSource(TimeSource timeSource) {
        this.timeSource = timeSource;
        this.validationCache.setTimeSource(timeSource);
    }

    public void validate(List<X509Certificate> list) throws CertValidatorException {
        if (this.validationCache.get(list) != null) {
            return;
        }
        validateNoCache(list);
        this.validationCache.put(list, Boolean.TRUE, VALIDATION_CACHE_AGE_SECONDS);
    }

    private void validateNoCache(List<X509Certificate> list) throws CertValidatorException {
        try {
            CertPathValidator certPathValidator = CertPathValidator.getInstance(VALIDATOR_TYPE);
            PKIXParameters pKIXParameters = new PKIXParameters(this.trustRoots);
            pKIXParameters.setDate(this.timeSource.now());
            pKIXParameters.setRevocationEnabled(false);
            certPathValidator.validate(CertificateFactory.getInstance(CERTIFICATE_TYPE).generateCertPath(list), pKIXParameters);
        } catch (GeneralSecurityException e) {
            log.log(Level.WARNING, "Certificate validation failed, certs were: " + list, (Throwable) e);
            throw new CertValidatorException("Certificate validation failure", e);
        }
    }
}
