package ca.nrc.cadc.vosi.avail;

import ca.nrc.cadc.auth.SSLUtil;
import ca.nrc.cadc.auth.X509CertificateChain;
import ca.nrc.cadc.date.DateUtil;
import java.io.File;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.text.DateFormat;
import java.util.Date;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import org.apache.log4j.Logger;

/* loaded from: input_file:ca/nrc/cadc/vosi/avail/CheckCertificate.class */
public class CheckCertificate implements CheckResource {
    private static Logger log = Logger.getLogger(CheckCertificate.class);
    private File cert;
    private File key;

    public CheckCertificate(File file) {
        this.cert = file;
    }

    public CheckCertificate(File file, File file2) {
        this.cert = file;
        this.key = file2;
    }

    @Override // ca.nrc.cadc.vosi.avail.CheckResource
    public void check() throws CheckException {
        log.debug("read - cert: " + this.cert + " key: " + this.key);
        try {
            Subject createSubject = this.key != null ? SSLUtil.createSubject(this.cert, this.key) : SSLUtil.createSubject(this.cert);
            log.debug("check validity - cert: " + this.cert.getAbsolutePath() + " " + this.cert + " key: " + this.key);
            try {
                Set publicCredentials = createSubject.getPublicCredentials(X509CertificateChain.class);
                if (publicCredentials.isEmpty()) {
                    throw new RuntimeException("failed to load X509 certficate from file(s): " + this.cert.getAbsolutePath());
                }
                checkValidity((X509CertificateChain) publicCredentials.iterator().next());
                log.debug("test succeeded: " + this.cert.getAbsolutePath() + " " + this.cert + " " + this.key);
            } catch (Throwable th) {
                log.debug("test failed: " + this.cert + " " + this.key);
                throw new CheckException("cert check failed (invalid): " + th.getMessage());
            }
        } catch (Throwable th2) {
            log.debug("test failed: " + this.cert + " " + this.key);
            throw new CheckException("cert check failed (not found): " + th2.getMessage());
        }
    }

    private void checkValidity(X509CertificateChain x509CertificateChain) {
        DateFormat dateFormat = DateUtil.getDateFormat("yyyy-MM-dd HH:mm:ss.SSS", DateUtil.LOCAL);
        Date date = null;
        Date date2 = null;
        X500Principal x500Principal = null;
        for (X509Certificate x509Certificate : x509CertificateChain.getChain()) {
            try {
                date = x509Certificate.getNotBefore();
                date2 = x509Certificate.getNotAfter();
                x500Principal = x509Certificate.getSubjectX500Principal();
                x509Certificate.checkValidity();
            } catch (CertificateExpiredException e) {
                log.error(this.cert.getAbsolutePath() + "certificate has expired, DN: " + x500Principal + ", valid from " + dateFormat.format(date) + " to " + dateFormat.format(date2));
                throw new RuntimeException(this.cert.getAbsolutePath() + "certificate has expired, DN: " + x500Principal + ", valid from " + dateFormat.format(date) + " to " + dateFormat.format(date2));
            } catch (CertificateNotYetValidException e2) {
                log.error(this.cert.getAbsolutePath() + " certificate is not valid yet, DN: " + x500Principal + ", valid from " + dateFormat.format(date) + " to " + dateFormat.format(date2));
                throw new RuntimeException(this.cert.getAbsolutePath() + "certificate is not valid yet, DN: " + x500Principal + ", valid from " + dateFormat.format(date) + " to " + dateFormat.format(date2));
            }
        }
    }
}
