package org.dcache.util;

import com.google.common.base.Preconditions;
import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheStats;
import com.google.common.hash.Hasher;
import com.google.common.hash.Hashing;
import eu.emi.security.authn.x509.ProxySupport;
import eu.emi.security.authn.x509.RevocationParameters;
import eu.emi.security.authn.x509.StoreUpdateListener;
import eu.emi.security.authn.x509.ValidationError;
import eu.emi.security.authn.x509.ValidationErrorCode;
import eu.emi.security.authn.x509.ValidationErrorListener;
import eu.emi.security.authn.x509.ValidationResult;
import eu.emi.security.authn.x509.X509CertChainValidatorExt;
import java.security.cert.CertPath;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;

/* loaded from: input_file:org/dcache/util/CachingCertificateValidator.class */
public class CachingCertificateValidator implements X509CertChainValidatorExt {
    protected final Cache<String, ValidationResult> cache;
    protected final X509CertChainValidatorExt validator;

    public CachingCertificateValidator(X509CertChainValidatorExt x509CertChainValidatorExt, long j) {
        this.cache = CacheBuilder.newBuilder().expireAfterWrite(j, TimeUnit.MILLISECONDS).build();
        this.validator = x509CertChainValidatorExt;
    }

    public ValidationResult validate(final X509Certificate[] x509CertificateArr) {
        Preconditions.checkNotNull(x509CertificateArr, "Cannot validate a null cert chain.");
        Preconditions.checkArgument(x509CertificateArr.length > 0, "Cannot validate a cert chain of length 0.");
        int i = 0;
        try {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                x509Certificate.checkValidity();
                i++;
            }
            i = 0;
            Hasher newHasher = Hashing.sha256().newHasher();
            for (X509Certificate x509Certificate2 : x509CertificateArr) {
                newHasher.putBytes(x509Certificate2.getEncoded());
                i++;
            }
            return (ValidationResult) this.cache.get(newHasher.hash().toString(), new Callable<ValidationResult>() { // from class: org.dcache.util.CachingCertificateValidator.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public ValidationResult call() throws Exception {
                    return CachingCertificateValidator.this.validator.validate(x509CertificateArr);
                }
            });
        } catch (CertificateEncodingException e) {
            return new ValidationResult(false, Collections.singletonList(new ValidationError(x509CertificateArr, i, ValidationErrorCode.inputError, new Object[]{e.getMessage()})));
        } catch (CertificateExpiredException e2) {
            return new ValidationResult(false, Collections.singletonList(new ValidationError(x509CertificateArr, i, ValidationErrorCode.certificateExpired, new Object[]{e2.getMessage()})));
        } catch (CertificateNotYetValidException e3) {
            return new ValidationResult(false, Collections.singletonList(new ValidationError(x509CertificateArr, i, ValidationErrorCode.certificateNotYetValid, new Object[]{e3.getMessage()})));
        } catch (ExecutionException e4) {
            return new ValidationResult(false, Collections.singletonList(new ValidationError(x509CertificateArr, i, ValidationErrorCode.inputError, new Object[]{e4.getMessage()})));
        }
    }

    public CacheStats stats() {
        return this.cache.stats();
    }

    public void dispose() {
        this.validator.dispose();
    }

    public ProxySupport getProxySupport() {
        return this.validator.getProxySupport();
    }

    public ValidationResult validate(CertPath certPath) {
        return this.validator.validate(certPath);
    }

    public RevocationParameters getRevocationCheckingMode() {
        return this.validator.getRevocationCheckingMode();
    }

    public X509Certificate[] getTrustedIssuers() {
        return this.validator.getTrustedIssuers();
    }

    public void addValidationListener(ValidationErrorListener validationErrorListener) {
        this.validator.addValidationListener(validationErrorListener);
    }

    public void removeValidationListener(ValidationErrorListener validationErrorListener) {
        this.validator.removeValidationListener(validationErrorListener);
    }

    public void addUpdateListener(StoreUpdateListener storeUpdateListener) {
        this.validator.addUpdateListener(storeUpdateListener);
    }

    public void removeUpdateListener(StoreUpdateListener storeUpdateListener) {
        this.validator.removeUpdateListener(storeUpdateListener);
    }
}
