package com.zimbra.cs.util;

import com.zimbra.common.util.ByteUtil;
import com.zimbra.common.util.ZimbraLog;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Set;

/* loaded from: input_file:com/zimbra/cs/util/CertValidationUtil.class */
public class CertValidationUtil {
    public static void validateCertificate(X509Certificate x509Certificate, boolean z, Set<TrustAnchor> set) throws CertificateException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, CertPathValidatorException {
        x509Certificate.checkValidity();
        if (z) {
            ArrayList arrayList = new ArrayList();
            arrayList.add(x509Certificate);
            CertPath generateCertPath = CertificateFactory.getInstance("X509").generateCertPath(arrayList);
            PKIXParameters pKIXParameters = new PKIXParameters(set);
            pKIXParameters.setRevocationEnabled(z);
            ZimbraLog.account.debug("Certificate Validation Result %s", new Object[]{((PKIXCertPathValidatorResult) CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters)).toString()});
        }
    }

    public static Set<TrustAnchor> loadTrustedAnchors(char[] cArr, String str) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        FileInputStream fileInputStream = null;
        try {
            fileInputStream = new FileInputStream(str);
            keyStore.load(fileInputStream, cArr);
            ByteUtil.closeStream(fileInputStream);
            HashSet hashSet = new HashSet();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(aliases.nextElement());
                hashSet.add(new TrustAnchor(x509Certificate, null));
                ZimbraLog.account.debug("adding certificate with issuer DN: %s , signature name: %s", new Object[]{x509Certificate.getIssuerDN().toString(), x509Certificate.getSigAlgName()});
            }
            return hashSet;
        } catch (Throwable th) {
            ByteUtil.closeStream(fileInputStream);
            throw th;
        }
    }

    public static String getSubjectDN(X509Certificate x509Certificate) {
        String str = null;
        Principal subjectDN = x509Certificate.getSubjectDN();
        if (subjectDN != null) {
            str = subjectDN.getName();
        }
        if (str == null) {
            str = "";
        }
        return str;
    }
}
