package io.apigee.trireme.kernel;

import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:io/apigee/trireme/kernel/CompositeTrustManager.class */
public class CompositeTrustManager implements X509TrustManager {
    private final X509TrustManager tm;
    private final List<X509CRL> crls;

    public CompositeTrustManager(X509TrustManager x509TrustManager, List<X509CRL> list) {
        this.tm = x509TrustManager;
        this.crls = list;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.tm.checkClientTrusted(x509CertificateArr, str);
        checkCRL(x509CertificateArr);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.tm.checkServerTrusted(x509CertificateArr, str);
        checkCRL(x509CertificateArr);
    }

    private void checkCRL(X509Certificate[] x509CertificateArr) throws CertificateException {
        for (X509Certificate x509Certificate : x509CertificateArr) {
            Iterator<X509CRL> it = this.crls.iterator();
            while (it.hasNext()) {
                if (it.next().isRevoked(x509Certificate)) {
                    throw new CertificateException("Certificate not trusted per the CRL");
                }
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.tm.getAcceptedIssuers();
    }
}
