package org.dcache.xrootd.plugins.authn.gsi;

import eu.emi.security.authn.x509.CrlCheckingMode;
import eu.emi.security.authn.x509.NamespaceCheckingMode;
import eu.emi.security.authn.x509.OCSPCheckingMode;
import eu.emi.security.authn.x509.OCSPParametes;
import eu.emi.security.authn.x509.ProxySupport;
import eu.emi.security.authn.x509.RevocationParameters;
import eu.emi.security.authn.x509.X509CertChainValidator;
import eu.emi.security.authn.x509.impl.OpensslCertChainValidator;
import eu.emi.security.authn.x509.impl.ValidatorParams;
import java.util.Properties;
import java.util.concurrent.TimeUnit;

/* loaded from: input_file:org/dcache/xrootd/plugins/authn/gsi/CertChainValidatorProvider.class */
public class CertChainValidatorProvider {
    private final String caCertificatePath;
    private final X509CertChainValidator certChainValidator;
    private final long trustAnchorRefreshInterval;

    public CertChainValidatorProvider(Properties properties) {
        this.caCertificatePath = properties.getProperty("xrootd.gsi.ca.path");
        this.trustAnchorRefreshInterval = TimeUnit.valueOf(properties.getProperty("xrootd.gsi.ca.refresh.unit")).toMillis(Integer.parseInt(properties.getProperty("xrootd.gsi.ca.refresh")));
        this.certChainValidator = new OpensslCertChainValidator(this.caCertificatePath, false, NamespaceCheckingMode.valueOf(properties.getProperty("xrootd.gsi.ca.namespace-mode")), this.trustAnchorRefreshInterval, new ValidatorParams(new RevocationParameters(CrlCheckingMode.valueOf(properties.getProperty("xrootd.gsi.ca.crl-mode")), new OCSPParametes(OCSPCheckingMode.valueOf(properties.getProperty("xrootd.gsi.ca.ocsp-mode")))), ProxySupport.ALLOW), false);
    }

    public X509CertChainValidator getCertChainValidator() {
        return this.certChainValidator;
    }
}
