package org.italiangrid.voms.ac.impl;

import eu.emi.security.authn.x509.X509CertChainValidatorExt;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.asn1.x509.AttributeCertificate;
import org.italiangrid.voms.VOMSAttribute;
import org.italiangrid.voms.ac.VOMSACLookupStrategy;
import org.italiangrid.voms.ac.VOMSACValidationStrategy;
import org.italiangrid.voms.ac.VOMSACValidator;
import org.italiangrid.voms.ac.VOMSValidationResult;
import org.italiangrid.voms.ac.ValidationResultListener;
import org.italiangrid.voms.asn1.VOMSACUtils;
import org.italiangrid.voms.store.UpdatingVOMSTrustStore;
import org.italiangrid.voms.store.VOMSTrustStore;
import org.italiangrid.voms.store.VOMSTrustStores;
import org.italiangrid.voms.util.CertificateValidatorBuilder;
import org.italiangrid.voms.util.NullListener;

/* loaded from: input_file:org/italiangrid/voms/ac/impl/DefaultVOMSValidator.class */
public class DefaultVOMSValidator extends DefaultVOMSACParser implements VOMSACValidator {
    public static final String DEFAULT_TRUST_ANCHORS_DIR = "/etc/grid-security/certificates";
    private final VOMSACValidationStrategy validationStrategy;
    private final VOMSTrustStore trustStore;
    private ValidationResultListener validationResultListener;
    private final Object listenerLock;

    /* loaded from: input_file:org/italiangrid/voms/ac/impl/DefaultVOMSValidator$Builder.class */
    public static class Builder {
        private VOMSACValidationStrategy validationStrategy;
        private VOMSTrustStore trustStore;
        private ValidationResultListener validationResultListener;
        private X509CertChainValidatorExt certChainValidator;
        private VOMSACLookupStrategy acLookupStrategy;

        public Builder validationStrategy(VOMSACValidationStrategy vOMSACValidationStrategy) {
            this.validationStrategy = vOMSACValidationStrategy;
            return this;
        }

        public Builder trustStore(VOMSTrustStore vOMSTrustStore) {
            this.trustStore = vOMSTrustStore;
            return this;
        }

        public Builder validationListener(ValidationResultListener validationResultListener) {
            this.validationResultListener = validationResultListener;
            return this;
        }

        public Builder certChainValidator(X509CertChainValidatorExt x509CertChainValidatorExt) {
            this.certChainValidator = x509CertChainValidatorExt;
            return this;
        }

        public Builder acLookupStrategy(VOMSACLookupStrategy vOMSACLookupStrategy) {
            this.acLookupStrategy = vOMSACLookupStrategy;
            return this;
        }

        private void sanityChecks() {
            if (this.validationStrategy == null) {
                if (this.trustStore == null) {
                    this.trustStore = VOMSTrustStores.newTrustStore();
                }
                if (this.certChainValidator == null) {
                    this.certChainValidator = new CertificateValidatorBuilder().trustAnchorsDir("/etc/grid-security/certificates").build();
                }
                this.validationStrategy = new DefaultVOMSValidationStrategy(this.trustStore, this.certChainValidator);
            }
            if (this.validationResultListener == null) {
                this.validationResultListener = NullListener.INSTANCE;
            }
            if (this.acLookupStrategy == null) {
                this.acLookupStrategy = new LeafACLookupStrategy();
            }
        }

        public DefaultVOMSValidator build() {
            sanityChecks();
            return new DefaultVOMSValidator(this);
        }
    }

    private DefaultVOMSValidator(Builder builder) {
        super(builder.acLookupStrategy);
        this.listenerLock = new Object();
        this.validationStrategy = builder.validationStrategy;
        this.trustStore = builder.trustStore;
        this.validationResultListener = builder.validationResultListener;
    }

    @Override // org.italiangrid.voms.ac.VOMSACValidator
    public List<VOMSValidationResult> validateWithResult(X509Certificate[] x509CertificateArr) {
        return internalValidate(x509CertificateArr);
    }

    protected List<VOMSValidationResult> internalValidate(X509Certificate[] x509CertificateArr) {
        List<VOMSAttribute> parse = parse(x509CertificateArr);
        ArrayList arrayList = new ArrayList();
        Iterator<VOMSAttribute> it = parse.iterator();
        while (it.hasNext()) {
            VOMSValidationResult validateAC = this.validationStrategy.validateAC(it.next(), x509CertificateArr);
            synchronized (this.listenerLock) {
                this.validationResultListener.notifyValidationResult(validateAC);
            }
            arrayList.add(validateAC);
        }
        return arrayList;
    }

    @Override // org.italiangrid.voms.ac.VOMSACValidator
    public List<VOMSAttribute> validate(X509Certificate[] x509CertificateArr) {
        ArrayList arrayList = new ArrayList();
        for (VOMSValidationResult vOMSValidationResult : internalValidate(x509CertificateArr)) {
            if (vOMSValidationResult.isValid()) {
                arrayList.add(vOMSValidationResult.getAttributes());
            }
        }
        return arrayList;
    }

    @Override // org.italiangrid.voms.ac.VOMSACValidator
    public void shutdown() {
        if (this.trustStore instanceof UpdatingVOMSTrustStore) {
            ((UpdatingVOMSTrustStore) this.trustStore).cancel();
        }
    }

    @Override // org.italiangrid.voms.ac.VOMSACValidator
    public List<AttributeCertificate> validateACs(List<AttributeCertificate> list) {
        ArrayList arrayList = new ArrayList();
        for (AttributeCertificate attributeCertificate : list) {
            VOMSValidationResult validateAC = this.validationStrategy.validateAC(VOMSACUtils.deserializeVOMSAttributes(attributeCertificate));
            synchronized (this.listenerLock) {
                this.validationResultListener.notifyValidationResult(validateAC);
            }
            if (validateAC.isValid()) {
                arrayList.add(attributeCertificate);
            }
        }
        return arrayList;
    }

    @Override // org.italiangrid.voms.ac.VOMSACValidator
    public void setValidationResultListener(ValidationResultListener validationResultListener) {
        synchronized (this.listenerLock) {
            if (validationResultListener != null) {
                this.validationResultListener = validationResultListener;
            }
        }
    }
}
