package com.helger.security.certificate;

import com.helger.commons.ValueEnforcer;
import com.helger.commons.annotation.ReturnsMutableCopy;
import com.helger.commons.state.ETriState;
import com.helger.commons.string.ToStringGenerator;
import com.helger.security.revocation.CertificateRevocationCheckerDefaults;
import com.helger.security.revocation.ERevocationCheckMode;
import com.helger.security.revocation.RevocationCheckBuilder;
import com.helger.security.revocation.RevocationCheckResultCache;
import java.security.cert.X509Certificate;
import java.time.OffsetDateTime;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.concurrent.NotThreadSafe;

@NotThreadSafe
/* loaded from: input_file:WEB-INF/lib/ph-security-11.2.3.jar:com/helger/security/certificate/TrustedCAChecker.class */
public class TrustedCAChecker {
    private final TrustedCACertificates m_aTrustedCAs = new TrustedCACertificates();
    private final RevocationCheckResultCache m_aRevocationCache;

    public TrustedCAChecker(@Nonnull X509Certificate... x509CertificateArr) {
        ValueEnforcer.notNullNoNullValue(x509CertificateArr, "CACerts");
        for (X509Certificate x509Certificate : x509CertificateArr) {
            this.m_aTrustedCAs.addTrustedCACertificate(x509Certificate);
        }
        this.m_aRevocationCache = new RevocationCheckResultCache(x509Certificate2 -> {
            return new RevocationCheckBuilder().certificate(x509Certificate2).validCAs(x509CertificateArr).checkMode(CertificateRevocationCheckerDefaults.getRevocationCheckMode()).build();
        }, CertificateRevocationCheckerDefaults.DEFAULT_REVOCATION_CHECK_CACHING_DURATION);
    }

    @Nonnull
    @ReturnsMutableCopy
    public TrustedCACertificates getAllTrustedAPCertificates() {
        return new TrustedCACertificates(this.m_aTrustedCAs);
    }

    @Nonnull
    public RevocationCheckResultCache getRevocationCache() {
        return this.m_aRevocationCache;
    }

    @Nonnull
    public ECertificateCheckResult checkCertificate(@Nullable X509Certificate x509Certificate) {
        return checkCertificate(x509Certificate, null);
    }

    @Nonnull
    public ECertificateCheckResult checkCertificate(@Nullable X509Certificate x509Certificate, @Nullable OffsetDateTime offsetDateTime) {
        return checkCertificate(x509Certificate, offsetDateTime, ETriState.UNDEFINED, null);
    }

    @Nonnull
    public ECertificateCheckResult checkCertificate(@Nullable X509Certificate x509Certificate, @Nullable OffsetDateTime offsetDateTime, @Nonnull ETriState eTriState, @Nullable ERevocationCheckMode eRevocationCheckMode) {
        return CertificateHelper.checkCertificate(this.m_aTrustedCAs.getAllTrustedCAIssuers(), ((eTriState.isUndefined() ? CertificateRevocationCheckerDefaults.isCacheRevocationCheckResults() : eTriState.isTrue()) && offsetDateTime == null) ? this.m_aRevocationCache : null, new RevocationCheckBuilder().certificate(x509Certificate).checkDate(offsetDateTime).validCAs(this.m_aTrustedCAs.getAllTrustedCACertificates()).checkMode(eRevocationCheckMode));
    }

    public String toString() {
        return new ToStringGenerator(null).append("TrustedCAs", this.m_aTrustedCAs).append("RevocationCache", this.m_aRevocationCache).getToString();
    }
}
