package org.eclipse.jetty.util.security;

import java.security.InvalidParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CRL;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.concurrent.atomic.AtomicLong;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;

/* loaded from: classes.dex */
public class CertificateValidator {
    private static final Logger LOG = Log.getLogger((Class<?>) CertificateValidator.class);
    private static AtomicLong __aliasCount = new AtomicLong();
    private Collection<? extends CRL> _crls;
    private String _ocspResponderURL;
    private KeyStore _trustStore;
    private int _maxCertPathLength = -1;
    private boolean _enableCRLDP = false;
    private boolean _enableOCSP = false;

    public CertificateValidator(KeyStore keyStore, Collection<? extends CRL> collection) {
        if (keyStore == null) {
            throw new InvalidParameterException("TrustStore must be specified for CertificateValidator.");
        }
        this._trustStore = keyStore;
        this._crls = collection;
    }

    public Collection<? extends CRL> getCrls() {
        return this._crls;
    }

    public int getMaxCertPathLength() {
        return this._maxCertPathLength;
    }

    public String getOcspResponderURL() {
        return this._ocspResponderURL;
    }

    public KeyStore getTrustStore() {
        return this._trustStore;
    }

    public boolean isEnableCRLDP() {
        return this._enableCRLDP;
    }

    public boolean isEnableOCSP() {
        return this._enableOCSP;
    }

    public void setEnableCRLDP(boolean z) {
        this._enableCRLDP = z;
    }

    public void setEnableOCSP(boolean z) {
        this._enableOCSP = z;
    }

    public void setMaxCertPathLength(int i) {
        this._maxCertPathLength = i;
    }

    public void setOcspResponderURL(String str) {
        this._ocspResponderURL = str;
    }

    public String validate(KeyStore keyStore, String str) {
        if (str == null) {
            return null;
        }
        try {
            validate(keyStore, keyStore.getCertificate(str));
            return str;
        } catch (KeyStoreException e) {
            LOG.debug(e);
            throw new CertificateException("Unable to validate certificate for alias [" + str + "]: " + e.getMessage(), e);
        }
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Found unreachable blocks
        	at jadx.core.dex.visitors.blocks.DominatorTree.sortBlocks(DominatorTree.java:34)
        	at jadx.core.dex.visitors.blocks.DominatorTree.compute(DominatorTree.java:24)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.computeDominators(BlockProcessor.java:209)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:50)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    public void validate(java.security.KeyStore r3) {
        /*
            r2 = this;
            java.util.Enumeration r0 = r3.aliases()     // Catch: java.security.KeyStoreException -> L15
        L4:
            boolean r1 = r0.hasMoreElements()     // Catch: java.security.KeyStoreException -> L15
            if (r1 == 0) goto L14
            java.lang.Object r1 = r0.nextElement()     // Catch: java.security.KeyStoreException -> L15
            java.lang.String r1 = (java.lang.String) r1     // Catch: java.security.KeyStoreException -> L15
            r2.validate(r3, r1)     // Catch: java.security.KeyStoreException -> L15
            goto L4
        L14:
            return
        L15:
            r3 = move-exception
            java.security.cert.CertificateException r0 = new java.security.cert.CertificateException
            java.lang.String r1 = "Unable to retrieve aliases from keystore"
            r0.<init>(r1, r3)
            throw r0
        L1e:
            goto L1e
        */
        throw new UnsupportedOperationException("Method not decompiled: org.eclipse.jetty.util.security.CertificateValidator.validate(java.security.KeyStore):void");
    }

    public void validate(KeyStore keyStore, Certificate certificate) {
        String str;
        if (certificate == null || !(certificate instanceof X509Certificate)) {
            return;
        }
        ((X509Certificate) certificate).checkValidity();
        try {
            if (keyStore == null) {
                throw new InvalidParameterException("Keystore cannot be null");
            }
            String certificateAlias = keyStore.getCertificateAlias((X509Certificate) certificate);
            if (certificateAlias == null) {
                certificateAlias = "JETTY" + String.format("%016X", Long.valueOf(__aliasCount.incrementAndGet()));
                keyStore.setCertificateEntry(certificateAlias, certificate);
            }
            Certificate[] certificateChain = keyStore.getCertificateChain(certificateAlias);
            if (certificateChain == null || certificateChain.length == 0) {
                throw new IllegalStateException("Unable to retrieve certificate chain");
            }
            validate(certificateChain);
        } catch (KeyStoreException e) {
            LOG.debug(e);
            StringBuilder sb = new StringBuilder("Unable to validate certificate");
            if (0 == 0) {
                str = "";
            } else {
                str = " for alias [" + ((String) null) + "]";
            }
            sb.append(str);
            sb.append(": ");
            sb.append(e.getMessage());
            throw new CertificateException(sb.toString(), e);
        }
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Found unreachable blocks
        	at jadx.core.dex.visitors.blocks.DominatorTree.sortBlocks(DominatorTree.java:34)
        	at jadx.core.dex.visitors.blocks.DominatorTree.compute(DominatorTree.java:24)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.computeDominators(BlockProcessor.java:209)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:50)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    public void validate(java.security.cert.Certificate[] r9) {
        /*
            r8 = this;
            java.lang.String r0 = "PKIX"
            java.lang.String r1 = "Collection"
            java.util.ArrayList r2 = new java.util.ArrayList     // Catch: java.security.GeneralSecurityException -> La1
            r2.<init>()     // Catch: java.security.GeneralSecurityException -> La1
            int r3 = r9.length     // Catch: java.security.GeneralSecurityException -> La1
            r4 = 0
            r5 = 0
        Lc:
            if (r5 >= r3) goto L27
            r6 = r9[r5]     // Catch: java.security.GeneralSecurityException -> La1
            if (r6 == 0) goto L24
            boolean r7 = r6 instanceof java.security.cert.X509Certificate     // Catch: java.security.GeneralSecurityException -> La1
            if (r7 == 0) goto L1c
            java.security.cert.X509Certificate r6 = (java.security.cert.X509Certificate) r6     // Catch: java.security.GeneralSecurityException -> La1
            r2.add(r6)     // Catch: java.security.GeneralSecurityException -> La1
            goto L24
        L1c:
            java.lang.IllegalStateException r9 = new java.lang.IllegalStateException     // Catch: java.security.GeneralSecurityException -> La1
            java.lang.String r0 = "Invalid certificate type in chain"
            r9.<init>(r0)     // Catch: java.security.GeneralSecurityException -> La1
            throw r9     // Catch: java.security.GeneralSecurityException -> La1
        L24:
            int r5 = r5 + 1
            goto Lc
        L27:
            boolean r9 = r2.isEmpty()     // Catch: java.security.GeneralSecurityException -> La1
            if (r9 != 0) goto L99
            java.security.cert.X509CertSelector r9 = new java.security.cert.X509CertSelector     // Catch: java.security.GeneralSecurityException -> La1
            r9.<init>()     // Catch: java.security.GeneralSecurityException -> La1
            java.lang.Object r3 = r2.get(r4)     // Catch: java.security.GeneralSecurityException -> La1
            java.security.cert.X509Certificate r3 = (java.security.cert.X509Certificate) r3     // Catch: java.security.GeneralSecurityException -> La1
            r9.setCertificate(r3)     // Catch: java.security.GeneralSecurityException -> La1
            java.security.cert.PKIXBuilderParameters r3 = new java.security.cert.PKIXBuilderParameters     // Catch: java.security.GeneralSecurityException -> La1
            java.security.KeyStore r4 = r8._trustStore     // Catch: java.security.GeneralSecurityException -> La1
            r3.<init>(r4, r9)     // Catch: java.security.GeneralSecurityException -> La1
            java.security.cert.CollectionCertStoreParameters r9 = new java.security.cert.CollectionCertStoreParameters     // Catch: java.security.GeneralSecurityException -> La1
            r9.<init>(r2)     // Catch: java.security.GeneralSecurityException -> La1
            java.security.cert.CertStore r9 = java.security.cert.CertStore.getInstance(r1, r9)     // Catch: java.security.GeneralSecurityException -> La1
            r3.addCertStore(r9)     // Catch: java.security.GeneralSecurityException -> La1
            int r9 = r8._maxCertPathLength     // Catch: java.security.GeneralSecurityException -> La1
            r3.setMaxPathLength(r9)     // Catch: java.security.GeneralSecurityException -> La1
            r9 = 1
            r3.setRevocationEnabled(r9)     // Catch: java.security.GeneralSecurityException -> La1
            java.util.Collection<? extends java.security.cert.CRL> r9 = r8._crls     // Catch: java.security.GeneralSecurityException -> La1
            if (r9 == 0) goto L71
            java.util.Collection<? extends java.security.cert.CRL> r9 = r8._crls     // Catch: java.security.GeneralSecurityException -> La1
            boolean r9 = r9.isEmpty()     // Catch: java.security.GeneralSecurityException -> La1
            if (r9 != 0) goto L71
            java.security.cert.CollectionCertStoreParameters r9 = new java.security.cert.CollectionCertStoreParameters     // Catch: java.security.GeneralSecurityException -> La1
            java.util.Collection<? extends java.security.cert.CRL> r2 = r8._crls     // Catch: java.security.GeneralSecurityException -> La1
            r9.<init>(r2)     // Catch: java.security.GeneralSecurityException -> La1
            java.security.cert.CertStore r9 = java.security.cert.CertStore.getInstance(r1, r9)     // Catch: java.security.GeneralSecurityException -> La1
            r3.addCertStore(r9)     // Catch: java.security.GeneralSecurityException -> La1
        L71:
            boolean r9 = r8._enableOCSP     // Catch: java.security.GeneralSecurityException -> La1
            java.lang.String r1 = "true"
            if (r9 == 0) goto L7c
            java.lang.String r9 = "ocsp.enable"
            java.security.Security.setProperty(r9, r1)     // Catch: java.security.GeneralSecurityException -> La1
        L7c:
            boolean r9 = r8._enableCRLDP     // Catch: java.security.GeneralSecurityException -> La1
            if (r9 == 0) goto L85
            java.lang.String r9 = "com.sun.security.enableCRLDP"
            java.lang.System.setProperty(r9, r1)     // Catch: java.security.GeneralSecurityException -> La1
        L85:
            java.security.cert.CertPathBuilder r9 = java.security.cert.CertPathBuilder.getInstance(r0)     // Catch: java.security.GeneralSecurityException -> La1
            java.security.cert.CertPathBuilderResult r9 = r9.build(r3)     // Catch: java.security.GeneralSecurityException -> La1
            java.security.cert.CertPathValidator r0 = java.security.cert.CertPathValidator.getInstance(r0)     // Catch: java.security.GeneralSecurityException -> La1
            java.security.cert.CertPath r9 = r9.getCertPath()     // Catch: java.security.GeneralSecurityException -> La1
            r0.validate(r9, r3)     // Catch: java.security.GeneralSecurityException -> La1
            return
        L99:
            java.lang.IllegalStateException r9 = new java.lang.IllegalStateException     // Catch: java.security.GeneralSecurityException -> La1
            java.lang.String r0 = "Invalid certificate chain"
            r9.<init>(r0)     // Catch: java.security.GeneralSecurityException -> La1
            throw r9     // Catch: java.security.GeneralSecurityException -> La1
        La1:
            r9 = move-exception
            org.eclipse.jetty.util.log.Logger r0 = org.eclipse.jetty.util.security.CertificateValidator.LOG
            r0.debug(r9)
            java.security.cert.CertificateException r0 = new java.security.cert.CertificateException
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            java.lang.String r2 = "Unable to validate certificate: "
            r1.<init>(r2)
            java.lang.String r2 = r9.getMessage()
            r1.append(r2)
            java.lang.String r1 = r1.toString()
            r0.<init>(r1, r9)
            throw r0
        Lbf:
            goto Lbf
        */
        throw new UnsupportedOperationException("Method not decompiled: org.eclipse.jetty.util.security.CertificateValidator.validate(java.security.cert.Certificate[]):void");
    }
}
