package org.opcfoundation.ua.transport.security;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.net.ssl.X509TrustManager;
import org.opcfoundation.ua.builtintypes.StatusCode;

/* loaded from: input_file:org/opcfoundation/ua/transport/security/CertValidatorTrustManager.class */
public class CertValidatorTrustManager implements X509TrustManager {
    CertificateValidator validator;
    Map<X509Certificate, Cert> certMap = new HashMap();
    List<Cert> acceptedCertificates = new ArrayList();
    List<Cert> acceptedIssuers = new ArrayList();
    X509Certificate[] acceptedIssuersArray;

    public CertValidatorTrustManager(CertificateValidator certificateValidator) {
        this.validator = certificateValidator;
    }

    synchronized void validate(X509Certificate x509Certificate) throws CertificateException {
        Cert cert = this.certMap.get(x509Certificate);
        if (cert == null) {
            cert = new Cert(x509Certificate);
            this.certMap.put(x509Certificate, cert);
        }
        StatusCode validateCertificate = this.validator.validateCertificate(cert);
        boolean z = validateCertificate == null || validateCertificate.isGood();
        if (!z) {
            throw new CertificateException("Certificate is not valid");
        }
        this.acceptedCertificates.add(cert);
        if (x509Certificate.getSubjectX500Principal().equals(x509Certificate.getIssuerX500Principal()) || !z) {
            return;
        }
        this.acceptedIssuers.add(cert);
        this.acceptedIssuersArray = null;
    }

    @Override // javax.net.ssl.X509TrustManager
    public synchronized void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        for (X509Certificate x509Certificate : x509CertificateArr) {
            validate(x509Certificate);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public synchronized void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        for (X509Certificate x509Certificate : x509CertificateArr) {
            validate(x509Certificate);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public synchronized X509Certificate[] getAcceptedIssuers() {
        if (this.acceptedIssuersArray == null) {
            int size = this.acceptedIssuers.size();
            this.acceptedIssuersArray = new X509Certificate[size];
            for (int i = 0; i < size; i++) {
                this.acceptedIssuersArray[i] = this.acceptedIssuers.get(i).getCertificate();
            }
        }
        return this.acceptedIssuersArray;
    }
}
