package org.apache.synapse.transport.certificatevalidation;

import java.io.ByteArrayInputStream;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import javax.security.cert.X509Certificate;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.transport.certificatevalidation.crl.CRLCache;
import org.apache.synapse.transport.certificatevalidation.crl.CRLVerifier;
import org.apache.synapse.transport.certificatevalidation.ocsp.OCSPCache;
import org.apache.synapse.transport.certificatevalidation.ocsp.OCSPVerifier;
import org.apache.synapse.transport.certificatevalidation.pathvalidation.CertificatePathValidator;

/* loaded from: input_file:WEB-INF/lib/synapse-nhttp-transport-4.0.0-wso2v18.jar:org/apache/synapse/transport/certificatevalidation/RevocationVerificationManager.class */
public class RevocationVerificationManager {
    private int cacheSize;
    private int cacheDelayMins;
    private static final Log log = LogFactory.getLog(RevocationVerificationManager.class);

    public RevocationVerificationManager(Integer num, Integer num2) {
        this.cacheSize = 50;
        this.cacheDelayMins = 15;
        if (num != null && num.intValue() > 50 && num.intValue() < 10000) {
            this.cacheSize = num.intValue();
        }
        if (num2 == null || num2.intValue() <= 1 || num2.intValue() >= 1440) {
            return;
        }
        this.cacheDelayMins = num2.intValue();
    }

    public void verifyRevocationStatus(X509Certificate[] x509CertificateArr) throws CertificateVerificationException {
        java.security.cert.X509Certificate[] convert = convert(x509CertificateArr);
        long currentTimeMillis = System.currentTimeMillis();
        OCSPCache cache = OCSPCache.getCache();
        cache.init(this.cacheSize, this.cacheDelayMins);
        CRLCache cache2 = CRLCache.getCache();
        cache2.init(this.cacheSize, this.cacheDelayMins);
        for (RevocationVerifier revocationVerifier : new RevocationVerifier[]{new OCSPVerifier(cache), new CRLVerifier(cache2)}) {
            try {
                new CertificatePathValidator(convert, revocationVerifier).validatePath();
                log.info("Path verification Successful. Took " + (System.currentTimeMillis() - currentTimeMillis) + " ms.");
                return;
            } catch (Exception e) {
                log.info(revocationVerifier.getClass().getSimpleName() + " failed.");
                log.debug("Certificate verification with " + revocationVerifier.getClass().getSimpleName() + " failed. ", e);
            }
        }
        throw new CertificateVerificationException("Path Verification Failed for both OCSP and CRL");
    }

    private java.security.cert.X509Certificate[] convert(X509Certificate[] x509CertificateArr) throws CertificateVerificationException {
        Throwable th;
        java.security.cert.X509Certificate[] x509CertificateArr2 = new java.security.cert.X509Certificate[x509CertificateArr.length];
        for (int i = 0; i < x509CertificateArr.length; i++) {
            try {
                x509CertificateArr2[i] = (java.security.cert.X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(x509CertificateArr[i].getEncoded()));
            } catch (CertificateEncodingException e) {
                th = e;
                throw new CertificateVerificationException("Cant Convert certificates from javax to java", th);
            } catch (CertificateException e2) {
                th = e2;
                throw new CertificateVerificationException("Cant Convert certificates from javax to java", th);
            } catch (javax.security.cert.CertificateEncodingException e3) {
                th = e3;
                throw new CertificateVerificationException("Cant Convert certificates from javax to java", th);
            }
        }
        return x509CertificateArr2;
    }
}
