package no.difi.vefa.peppol.security.context;

import java.io.InputStream;
import java.util.HashMap;
import java.util.Map;
import no.difi.certvalidator.Validator;
import no.difi.certvalidator.ValidatorBuilder;
import no.difi.certvalidator.api.CertificateBucket;
import no.difi.certvalidator.api.CertificateBucketException;
import no.difi.certvalidator.api.CrlCache;
import no.difi.certvalidator.rule.CRLRule;
import no.difi.certvalidator.rule.ChainRule;
import no.difi.certvalidator.rule.ExpirationRule;
import no.difi.certvalidator.rule.OCSPRule;
import no.difi.certvalidator.rule.PrincipalNameRule;
import no.difi.certvalidator.rule.SigningRule;
import no.difi.certvalidator.util.KeyStoreCertificateBucket;
import no.difi.certvalidator.util.SimpleCrlCache;
import no.difi.certvalidator.util.SimplePrincipalNameProvider;

/* loaded from: input_file:no/difi/vefa/peppol/security/context/PeppolContext.class */
public class PeppolContext {
    private static final Map<String, String> apCn = new HashMap<String, String>() { // from class: no.difi.vefa.peppol.security.context.PeppolContext.1
        {
            put("test", "PEPPOL ACCESS POINT TEST CA");
            put("production", "PEPPOL ACCESS POINT CA");
        }
    };
    private static final Map<String, String> smpCn = new HashMap<String, String>() { // from class: no.difi.vefa.peppol.security.context.PeppolContext.2
        {
            put("test", "PEPPOL SERVICE METADATA PUBLISHER TEST CA");
            put("production", "PEPPOL SERVICE METADATA PUBLISHER CA");
        }
    };
    private CrlCache crlCache = new SimpleCrlCache();
    private KeyStoreCertificateBucket keyStore;
    private CertificateBucket rootCertificates;
    private CertificateBucket intermediateApCertificates;
    private CertificateBucket intermediateSmpCertificates;
    private String scope;

    public PeppolContext(String str) {
        try {
            this.scope = str;
            this.keyStore = new KeyStoreCertificateBucket(getKeyStoreInputStream(str), "peppol");
            this.rootCertificates = this.keyStore.toSimple("peppol-root", "difi-root");
            this.intermediateApCertificates = this.keyStore.toSimple("peppol-ap", "difi-ap");
            this.intermediateSmpCertificates = this.keyStore.toSimple("peppol-smp", "difi-smp");
        } catch (CertificateBucketException e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    public static InputStream getKeyStoreInputStream(String str) {
        return PeppolContext.class.getResourceAsStream(String.format("/peppol-%s.jks", str));
    }

    public KeyStoreCertificateBucket getKeyStoreBucket() {
        return this.keyStore;
    }

    public Validator endpointValidator() {
        return generateValidator(this.intermediateApCertificates, apCn);
    }

    public Validator providerValidator() {
        return generateValidator(this.intermediateSmpCertificates, smpCn);
    }

    private Validator generateValidator(CertificateBucket certificateBucket, Map<String, String> map) {
        ValidatorBuilder newInstance = ValidatorBuilder.newInstance();
        newInstance.addRule(new ExpirationRule());
        newInstance.addRule(SigningRule.PublicSignedOnly());
        if (map != null && map.containsKey(this.scope)) {
            newInstance.addRule(new PrincipalNameRule("CN", new SimplePrincipalNameProvider(map.get(this.scope)), PrincipalNameRule.Principal.ISSUER));
        }
        newInstance.addRule(new ChainRule(this.rootCertificates, certificateBucket, new String[0]));
        newInstance.addRule(new CRLRule(this.crlCache));
        newInstance.addRule(new OCSPRule(certificateBucket));
        return newInstance.build();
    }
}
