package org.eclipse.hono.service.auth.device;

import io.vertx.core.Future;
import java.security.GeneralSecurityException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import org.eclipse.hono.service.auth.X509CertificateChainValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/hono/service/auth/device/DeviceCertificateValidator.class */
public class DeviceCertificateValidator implements X509CertificateChainValidator {
    private static final Logger LOG = LoggerFactory.getLogger(DeviceCertificateValidator.class);

    @Override // org.eclipse.hono.service.auth.X509CertificateChainValidator
    public Future<Void> validate(List<X509Certificate> list, TrustAnchor trustAnchor) {
        Objects.requireNonNull(list);
        Objects.requireNonNull(trustAnchor);
        if (list.isEmpty()) {
            throw new IllegalArgumentException("certificate chain must not be empty");
        }
        Future<Void> future = Future.future();
        try {
            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) Collections.singleton(trustAnchor));
            pKIXParameters.setRevocationEnabled(false);
            CertPathValidator.getInstance("PKIX").validate(CertificateFactory.getInstance("X.509").generateCertPath(list), pKIXParameters);
            LOG.debug("validation of device certificate [subject DN: {}] succeeded", list.get(0).getSubjectX500Principal().getName());
            future.complete();
        } catch (GeneralSecurityException e) {
            LOG.debug("validation of device certificate [subject DN: {}] failed", list.get(0).getSubjectX500Principal().getName(), e);
            if (e instanceof CertificateException) {
                future.fail(e);
            } else {
                future.fail(new CertificateException("validation of device certificate failed", e));
            }
        }
        return future;
    }
}
