package com.floragunn.searchguard.tools.tlsdiag.tasks;

import java.io.File;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertStore;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Set;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.jce.exception.ExtCertPathValidatorException;

/* loaded from: input_file:com/floragunn/searchguard/tools/tlsdiag/tasks/ValidateCert.class */
public class ValidateCert extends DumpCert {
    private static final Logger log = LogManager.getLogger(ValidateCert.class);
    private final Set<TrustAnchor> trustAnchors;

    public ValidateCert(Set<TrustAnchor> set, File file) {
        super(file);
        this.trustAnchors = set;
    }

    @Override // com.floragunn.searchguard.tools.tlsdiag.tasks.DumpCert, com.floragunn.searchguard.tools.tlsdiag.tasks.Task
    public void run() {
        super.run();
        if (this.certificates.size() == 0) {
            return;
        }
        checkCertPath(this.certificates);
    }

    private void checkCertPath(List<X509Certificate> list) {
        try {
            X509Certificate x509Certificate = list.get(0);
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setCertificate(x509Certificate);
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(this.trustAnchors, x509CertSelector);
            pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(list)));
            pKIXBuilderParameters.setRevocationEnabled(false);
            log.info("Trust anchor:\n" + ((PKIXCertPathBuilderResult) CertPathBuilder.getInstance("PKIX", "BC").build(pKIXBuilderParameters)).getTrustAnchor().getTrustedCert().getSubjectDN());
        } catch (CertPathBuilderException e) {
            if (!(e.getCause() instanceof ExtCertPathValidatorException)) {
                log.error("No certificate path could be found: " + e.getMessage());
                return;
            }
            Throwable th = (ExtCertPathValidatorException) e.getCause();
            if (th.getCause() == null || th.getCause() == th || th.getCause().getMessage() == null) {
                log.error("No certificate path could be found: " + th.getMessage());
            } else {
                log.error("No certificate path could be found: " + th.getMessage() + " [" + th.getCause().getMessage() + "]");
            }
            log.debug(th.getCertPath().toString());
            log.debug(th.getReason());
            if (th.getCause() == null || th.getCause() == th) {
                return;
            }
            log.debug(th.getCause());
        } catch (Exception e2) {
            log.error("Error in checkCertPath()", e2);
        }
    }
}
