package org.xipki.scep.message;

import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import org.xipki.scep.util.ScepHashAlgo;
import org.xipki.util.Args;

/* loaded from: input_file:org/xipki/scep/message/CertificateValidator.class */
public interface CertificateValidator {

    /* loaded from: input_file:org/xipki/scep/message/CertificateValidator$CollectionCertificateValidator.class */
    public static class CollectionCertificateValidator implements CertificateValidator {
        private final Collection<String> certHashes;

        public CollectionCertificateValidator(Collection<X509Certificate> collection) {
            Args.notEmpty(collection, "certs");
            this.certHashes = new HashSet(collection.size());
            Iterator<X509Certificate> it = collection.iterator();
            while (it.hasNext()) {
                try {
                    this.certHashes.add(ScepHashAlgo.SHA256.hexDigest(it.next().getEncoded()));
                } catch (CertificateEncodingException e) {
                    throw new IllegalArgumentException("could not encode certificate: " + e.getMessage(), e);
                }
            }
        }

        public CollectionCertificateValidator(X509Certificate x509Certificate) {
            Args.notNull(x509Certificate, "cert");
            this.certHashes = new HashSet(2);
            try {
                this.certHashes.add(ScepHashAlgo.SHA256.hexDigest(x509Certificate.getEncoded()));
            } catch (CertificateEncodingException e) {
                throw new IllegalArgumentException("could not encode certificate: " + e.getMessage(), e);
            }
        }

        @Override // org.xipki.scep.message.CertificateValidator
        public boolean trustCertificate(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr) {
            Args.notNull(x509Certificate, "signerCert");
            try {
                return this.certHashes.contains(ScepHashAlgo.SHA256.hexDigest(x509Certificate.getEncoded()));
            } catch (CertificateEncodingException e) {
                throw new IllegalArgumentException("could not encode certificate: " + e.getMessage(), e);
            }
        }
    }

    /* loaded from: input_file:org/xipki/scep/message/CertificateValidator$TrustAllCertValidator.class */
    public static class TrustAllCertValidator implements CertificateValidator {
        @Override // org.xipki.scep.message.CertificateValidator
        public boolean trustCertificate(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr) {
            return true;
        }
    }

    boolean trustCertificate(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr);
}
