package com.yahoo.athenz.auth.impl;

import com.yahoo.athenz.auth.util.Crypto;
import java.security.cert.X509Certificate;
import java.util.Set;

/* loaded from: input_file:com/yahoo/athenz/auth/impl/CertificateAuthorityValidator.class */
public class CertificateAuthorityValidator {
    private static final String TRUST_STORE_PATH = "athenz.authority.truststore.path";
    private Set<String> issuerDNs;

    public CertificateAuthorityValidator() {
        extractIssuerDNs(System.getProperty(TRUST_STORE_PATH));
    }

    public CertificateAuthorityValidator(String str) {
        extractIssuerDNs(str);
    }

    private void extractIssuerDNs(String str) {
        if (str == null || str.isEmpty()) {
            return;
        }
        this.issuerDNs = Crypto.extractIssuerDn(str);
    }

    public boolean validate(X509Certificate x509Certificate) {
        return this.issuerDNs == null || this.issuerDNs.isEmpty() || this.issuerDNs.contains(Crypto.extractIssuerDn(x509Certificate));
    }

    public Set<String> getIssuerDNs() {
        return this.issuerDNs;
    }
}
