package org.fabric3.binding.ws.metro.runtime.security;

import com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate;
import com.sun.xml.wss.impl.XWSSecurityRuntimeException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;

/* loaded from: input_file:org/fabric3/binding/ws/metro/runtime/security/CertificateValidatorImpl.class */
public class CertificateValidatorImpl implements CertificateValidator {
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v29, types: [java.util.List] */
    @Override // org.fabric3.binding.ws.metro.runtime.security.CertificateValidator
    public boolean validate(X509Certificate x509Certificate, KeyStore keyStore) throws XWSSecurityRuntimeException {
        try {
            x509Certificate.checkValidity();
            if (x509Certificate.getIssuerX500Principal().equals(x509Certificate.getSubjectX500Principal())) {
                if (isTrustedSelfSigned(x509Certificate, keyStore)) {
                    return true;
                }
                throw new XWSSecurityRuntimeException("Validation of self signed certificate failed");
            }
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setCertificate(x509Certificate);
            ArrayList arrayList = new ArrayList();
            boolean z = false;
            Object obj = null;
            int i = 0;
            boolean z2 = false;
            try {
                PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, x509CertSelector);
                pKIXBuilderParameters.setRevocationEnabled(false);
                pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(Collections.singleton(x509Certificate))));
                Certificate[] certificateArr = null;
                String certificateAlias = keyStore.getCertificateAlias(x509Certificate);
                if (certificateAlias != null) {
                    certificateArr = keyStore.getCertificateChain(certificateAlias);
                }
                if (certificateArr == null) {
                    arrayList.add(x509Certificate);
                    obj = x509Certificate.getIssuerX500Principal();
                    i = keyStore.size();
                } else {
                    arrayList = Arrays.asList(certificateArr);
                }
                while (!z) {
                    int i2 = i;
                    i--;
                    if (i2 == 0 || certificateArr != null) {
                        break;
                    }
                    Enumeration<String> aliases = keyStore.aliases();
                    while (true) {
                        if (!aliases.hasMoreElements()) {
                            break;
                        }
                        Certificate certificate = keyStore.getCertificate(aliases.nextElement());
                        if (certificate != null && XMLX509Certificate.JCA_CERT_ID.equals(certificate.getType()) && !arrayList.contains(certificate)) {
                            X509Certificate x509Certificate2 = (X509Certificate) certificate;
                            if (obj.equals(x509Certificate2.getSubjectX500Principal())) {
                                arrayList.add(certificate);
                                if (x509Certificate2.getSubjectX500Principal().equals(x509Certificate2.getIssuerX500Principal())) {
                                    z = true;
                                    break;
                                }
                                obj = x509Certificate2.getIssuerDN();
                                if (!z2) {
                                    z2 = true;
                                }
                            }
                        }
                    }
                    if (!z) {
                        if (!z2) {
                            break;
                        }
                        z2 = false;
                    }
                }
                CertPathValidator.getInstance("PKIX").validate(CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID).generateCertPath(arrayList), pKIXBuilderParameters);
                return true;
            } catch (InvalidAlgorithmParameterException e) {
                throw new XWSSecurityRuntimeException(e);
            } catch (KeyStoreException e2) {
                throw new XWSSecurityRuntimeException(e2);
            } catch (NoSuchAlgorithmException e3) {
                throw new XWSSecurityRuntimeException(e3);
            } catch (CertPathValidatorException e4) {
                throw new XWSSecurityRuntimeException(e4);
            } catch (CertificateException e5) {
                throw new XWSSecurityRuntimeException(e5);
            }
        } catch (CertificateExpiredException e6) {
            throw new XWSSecurityRuntimeException(e6);
        } catch (CertificateNotYetValidException e7) {
            throw new XWSSecurityRuntimeException(e7);
        }
    }

    private static boolean isTrustedSelfSigned(X509Certificate x509Certificate, KeyStore keyStore) throws XWSSecurityRuntimeException {
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                Certificate certificate = keyStore.getCertificate(aliases.nextElement());
                if (certificate != null && XMLX509Certificate.JCA_CERT_ID.equals(certificate.getType()) && ((X509Certificate) certificate).equals(x509Certificate)) {
                    return true;
                }
            }
            return false;
        } catch (KeyStoreException e) {
            throw new XWSSecurityRuntimeException(e);
        }
    }
}
