package no.difi.certvalidator.rule;

import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import net.klakegg.pkix.ocsp.OcspClient;
import net.klakegg.pkix.ocsp.OcspException;
import no.difi.certvalidator.api.CertificateBucket;
import no.difi.certvalidator.api.CertificateValidationException;
import no.difi.certvalidator.api.FailedValidationException;
import no.difi.certvalidator.api.ValidatorRule;

/* loaded from: input_file:WEB-INF/lib/commons-certvalidator-2.1.1.jar:no/difi/certvalidator/rule/OCSPRule.class */
public class OCSPRule implements ValidatorRule {
    protected OcspClient ocspClient;

    public OCSPRule(CertificateBucket certificateBucket) {
        ArrayList arrayList = new ArrayList();
        Iterator<X509Certificate> it = certificateBucket.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next());
        }
        this.ocspClient = OcspClient.builder().set(OcspClient.INTERMEDIATES, arrayList).build();
    }

    public OCSPRule(OcspClient ocspClient) {
        this.ocspClient = ocspClient;
    }

    @Override // no.difi.certvalidator.api.ValidatorRule
    public void validate(X509Certificate x509Certificate) throws CertificateValidationException {
        try {
            this.ocspClient.verify(x509Certificate);
        } catch (OcspException e) {
            throw new FailedValidationException(e.getMessage(), e);
        } catch (Exception e2) {
            throw new CertificateValidationException(e2.getMessage(), e2);
        }
    }
}
