package org.springframework.boot.actuate.ssl;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.stream.Stream;
import org.springframework.boot.actuate.health.AbstractHealthIndicator;
import org.springframework.boot.actuate.health.Health;
import org.springframework.boot.actuate.health.Status;
import org.springframework.boot.info.SslInfo;

/* loaded from: input_file:BOOT-INF/lib/spring-boot-actuator-3.4.0.jar:org/springframework/boot/actuate/ssl/SslHealthIndicator.class */
public class SslHealthIndicator extends AbstractHealthIndicator {
    private final SslInfo sslInfo;

    public SslHealthIndicator(SslInfo sslInfo) {
        this.sslInfo = sslInfo;
    }

    @Override // org.springframework.boot.actuate.health.AbstractHealthIndicator
    protected void doHealthCheck(Health.Builder builder) throws Exception {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        Iterator<SslInfo.BundleInfo> it = this.sslInfo.getBundles().iterator();
        while (it.hasNext()) {
            for (SslInfo.CertificateChainInfo certificateChainInfo : it.next().getCertificateChains()) {
                if (containsOnlyValidCertificates(certificateChainInfo)) {
                    arrayList.add(certificateChainInfo);
                } else if (containsInvalidCertificate(certificateChainInfo)) {
                    arrayList2.add(certificateChainInfo);
                }
            }
        }
        builder.status(arrayList2.isEmpty() ? Status.UP : Status.OUT_OF_SERVICE);
        builder.withDetail("validChains", arrayList);
        builder.withDetail("invalidChains", arrayList2);
    }

    private boolean containsOnlyValidCertificates(SslInfo.CertificateChainInfo certificateChainInfo) {
        return validatableCertificates(certificateChainInfo).allMatch(this::isValidCertificate);
    }

    private boolean containsInvalidCertificate(SslInfo.CertificateChainInfo certificateChainInfo) {
        return validatableCertificates(certificateChainInfo).anyMatch(this::isNotValidCertificate);
    }

    private Stream<SslInfo.CertificateInfo> validatableCertificates(SslInfo.CertificateChainInfo certificateChainInfo) {
        return certificateChainInfo.getCertificates().stream().filter(certificateInfo -> {
            return certificateInfo.getValidity() != null;
        });
    }

    private boolean isValidCertificate(SslInfo.CertificateInfo certificateInfo) {
        return certificateInfo.getValidity().getStatus().isValid();
    }

    private boolean isNotValidCertificate(SslInfo.CertificateInfo certificateInfo) {
        return !isValidCertificate(certificateInfo);
    }
}
