package org.apache.synapse.transport.certificatevalidation.pathvalidation;

import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.transport.certificatevalidation.CertificateVerificationException;
import org.apache.synapse.transport.certificatevalidation.RevocationStatus;
import org.apache.synapse.transport.certificatevalidation.RevocationVerifier;

/* loaded from: input_file:WEB-INF/lib/synapse-nhttp-transport-2.1.7-wso2v142.jar:org/apache/synapse/transport/certificatevalidation/pathvalidation/PathChecker.class */
public class PathChecker extends PKIXCertPathChecker {
    X509Certificate[] certChainArray;
    RevocationVerifier verifier;
    private int position;
    private static final Log log = LogFactory.getLog(PathChecker.class);

    /* JADX INFO: Access modifiers changed from: protected */
    public PathChecker(X509Certificate[] x509CertificateArr, RevocationVerifier revocationVerifier) {
        this.certChainArray = x509CertificateArr;
        this.position = x509CertificateArr.length - 1;
        this.verifier = revocationVerifier;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("Forward checking is not supported");
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set<String> getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection<String> collection) throws CertPathValidatorException {
        try {
            RevocationStatus checkRevocationStatus = this.verifier.checkRevocationStatus((X509Certificate) certificate, nextIssuer());
            log.info("Certificate status is: " + checkRevocationStatus.getMessage());
            if (checkRevocationStatus != RevocationStatus.GOOD) {
                throw new CertPathValidatorException("Revocation Status is Not Good");
            }
        } catch (CertificateVerificationException e) {
            throw new CertPathValidatorException(e);
        }
    }

    private X509Certificate nextIssuer() {
        if (this.position <= 0) {
            throw new ArrayIndexOutOfBoundsException("Certificate Chain Index Out of Bounds");
        }
        X509Certificate[] x509CertificateArr = this.certChainArray;
        int i = this.position;
        this.position = i - 1;
        return x509CertificateArr[i];
    }
}
