package org.italiangrid.voms.util;

import eu.emi.security.authn.x509.ProxySupport;
import eu.emi.security.authn.x509.RevocationParameters;
import eu.emi.security.authn.x509.StoreUpdateListener;
import eu.emi.security.authn.x509.ValidationErrorListener;
import eu.emi.security.authn.x509.ValidationResult;
import eu.emi.security.authn.x509.X509CertChainValidatorExt;
import eu.emi.security.authn.x509.impl.CertificateUtils;
import eu.emi.security.authn.x509.impl.FormatMode;
import java.security.cert.CertPath;
import java.security.cert.X509Certificate;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import org.italiangrid.voms.VOMSError;

/* loaded from: input_file:org/italiangrid/voms/util/CachingCertificateValidator.class */
public class CachingCertificateValidator implements X509CertChainValidatorExt {
    protected final ConcurrentMap<String, CachedValidationResult> validationResultsCache = new ConcurrentHashMap();
    protected final X509CertChainValidatorExt validator;
    protected final long cacheEntryLifetimeMsec;

    public CachingCertificateValidator(X509CertChainValidatorExt x509CertChainValidatorExt, long j) {
        this.cacheEntryLifetimeMsec = j;
        this.validator = x509CertChainValidatorExt;
    }

    public boolean cachedValidationResultHasExpired(CachedValidationResult cachedValidationResult, long j) {
        return j - cachedValidationResult.getTimestamp() > this.cacheEntryLifetimeMsec;
    }

    protected ValidationResult getCachedResult(String str) {
        CachedValidationResult cachedValidationResult = this.validationResultsCache.get(str);
        if (cachedValidationResult == null) {
            return null;
        }
        if (!cachedValidationResultHasExpired(cachedValidationResult, System.currentTimeMillis())) {
            return cachedValidationResult.getResult();
        }
        this.validationResultsCache.remove(str, cachedValidationResult);
        return null;
    }

    private void certChainSanityChecks(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr == null) {
            throw new IllegalArgumentException("Cannot validate a null cert chain.");
        }
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("Cannot validate a cert chain of length 0.");
        }
    }

    public ValidationResult validate(X509Certificate[] x509CertificateArr) {
        certChainSanityChecks(x509CertificateArr);
        try {
            String fingerprint = FingerprintHelper.getFingerprint(x509CertificateArr[x509CertificateArr.length - 1]);
            ValidationResult cachedResult = getCachedResult(fingerprint);
            if (cachedResult == null) {
                cachedResult = this.validator.validate(x509CertificateArr);
                this.validationResultsCache.putIfAbsent(fingerprint, new CachedValidationResult(fingerprint, cachedResult));
            }
            return cachedResult;
        } catch (Throwable th) {
            throw new VOMSError(String.format("Error computing fingerprint for certificate: %s. Cause: %s", CertificateUtils.format(x509CertificateArr[0], FormatMode.COMPACT_ONE_LINE), th.getMessage()), th);
        }
    }

    public void dispose() {
        this.validator.dispose();
    }

    public ProxySupport getProxySupport() {
        return this.validator.getProxySupport();
    }

    public ValidationResult validate(CertPath certPath) {
        return this.validator.validate(certPath);
    }

    public RevocationParameters getRevocationCheckingMode() {
        return this.validator.getRevocationCheckingMode();
    }

    public X509Certificate[] getTrustedIssuers() {
        return this.validator.getTrustedIssuers();
    }

    public void addValidationListener(ValidationErrorListener validationErrorListener) {
        this.validator.addValidationListener(validationErrorListener);
    }

    public void removeValidationListener(ValidationErrorListener validationErrorListener) {
        this.validator.removeValidationListener(validationErrorListener);
    }

    public void addUpdateListener(StoreUpdateListener storeUpdateListener) {
        this.validator.addUpdateListener(storeUpdateListener);
    }

    public void removeUpdateListener(StoreUpdateListener storeUpdateListener) {
        this.validator.removeUpdateListener(storeUpdateListener);
    }
}
