package org.xipki.scep.client;

import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import org.xipki.scep.util.ScepHashAlgo;
import org.xipki.util.Args;

/* loaded from: input_file:org/xipki/scep/client/CaCertValidator.class */
public interface CaCertValidator {

    /* loaded from: input_file:org/xipki/scep/client/CaCertValidator$CachingCertificateValidator.class */
    public static final class CachingCertificateValidator implements CaCertValidator {
        private final ConcurrentHashMap<String, Boolean> cachedAnswers = new ConcurrentHashMap<>();
        private final CaCertValidator delegate;

        public CachingCertificateValidator(CaCertValidator caCertValidator) {
            this.delegate = (CaCertValidator) Args.notNull(caCertValidator, "delegate");
        }

        @Override // org.xipki.scep.client.CaCertValidator
        public boolean isTrusted(X509Certificate x509Certificate) {
            Args.notNull(x509Certificate, "cert");
            try {
                String hexDigest = ScepHashAlgo.SHA256.hexDigest(x509Certificate.getEncoded());
                Boolean bool = this.cachedAnswers.get(hexDigest);
                if (bool != null) {
                    return bool.booleanValue();
                }
                boolean isTrusted = this.delegate.isTrusted(x509Certificate);
                this.cachedAnswers.put(hexDigest, Boolean.valueOf(isTrusted));
                return isTrusted;
            } catch (CertificateEncodingException e) {
                return false;
            }
        }
    }

    /* loaded from: input_file:org/xipki/scep/client/CaCertValidator$PreprovisionedCaCertValidator.class */
    public static final class PreprovisionedCaCertValidator implements CaCertValidator {
        private final Set<String> fpOfCerts;

        public PreprovisionedCaCertValidator(X509Certificate x509Certificate) {
            Args.notNull(x509Certificate, "cert");
            this.fpOfCerts = new HashSet(1);
            try {
                this.fpOfCerts.add(ScepHashAlgo.SHA256.hexDigest(x509Certificate.getEncoded()));
            } catch (CertificateEncodingException e) {
                throw new IllegalArgumentException("at least one of the certificate could not be encoded");
            }
        }

        public PreprovisionedCaCertValidator(Set<X509Certificate> set) {
            Args.notEmpty(set, "certs");
            this.fpOfCerts = new HashSet(set.size());
            Iterator<X509Certificate> it = set.iterator();
            while (it.hasNext()) {
                try {
                    this.fpOfCerts.add(ScepHashAlgo.SHA256.hexDigest(it.next().getEncoded()));
                } catch (CertificateEncodingException e) {
                    throw new IllegalArgumentException("at least one of the certificate could not be encoded");
                }
            }
        }

        @Override // org.xipki.scep.client.CaCertValidator
        public boolean isTrusted(X509Certificate x509Certificate) {
            Args.notNull(x509Certificate, "cert");
            try {
                return this.fpOfCerts.contains(ScepHashAlgo.SHA256.hexDigest(x509Certificate.getEncoded()));
            } catch (CertificateEncodingException e) {
                return false;
            }
        }
    }

    /* loaded from: input_file:org/xipki/scep/client/CaCertValidator$PreprovisionedHashCaCertValidator.class */
    public static final class PreprovisionedHashCaCertValidator implements CaCertValidator {
        private final ScepHashAlgo hashAlgo;
        private final Set<byte[]> hashValues;

        public PreprovisionedHashCaCertValidator(ScepHashAlgo scepHashAlgo, Set<byte[]> set) {
            this.hashAlgo = (ScepHashAlgo) Args.notNull(scepHashAlgo, "hashAlgo");
            Args.notEmpty(set, "hashValues");
            int length = scepHashAlgo.getLength();
            for (byte[] bArr : set) {
                if (bArr.length != length) {
                    throw new IllegalArgumentException("invalid the length of hashValue: " + bArr.length + " != " + length);
                }
            }
            this.hashValues = new HashSet(set.size());
            for (byte[] bArr2 : set) {
                this.hashValues.add(Arrays.copyOf(bArr2, bArr2.length));
            }
        }

        @Override // org.xipki.scep.client.CaCertValidator
        public boolean isTrusted(X509Certificate x509Certificate) {
            Args.notNull(x509Certificate, "cert");
            try {
                byte[] digest = this.hashAlgo.digest(x509Certificate.getEncoded());
                Iterator<byte[]> it = this.hashValues.iterator();
                while (it.hasNext()) {
                    if (Arrays.equals(digest, it.next())) {
                        return true;
                    }
                }
                return false;
            } catch (CertificateEncodingException e) {
                return false;
            }
        }
    }

    boolean isTrusted(X509Certificate x509Certificate);
}
