package no.digipost.security.cert;

import java.util.Collections;
import java.util.EnumSet;
import java.util.Set;

/* loaded from: input_file:no/digipost/security/cert/CertificateValidatorConfig.class */
public class CertificateValidatorConfig {
    public static final CertificateValidatorConfig MOST_STRICT = new CertificateValidatorConfig(OcspPolicy.ALWAYS_DO_OCSP_LOOKUP, EnumSet.of(CertStatus.OK), OcspSignatureValidator.DEFAULT, false);
    final OcspPolicy ocspPolicy;
    private final Set<CertStatus> allowedOcspResults;
    final OcspSignatureValidator ocspSignatureValidator;
    final boolean ignoreCustomSigningCertificatesInOcspResponses;

    public boolean allowsOcspResult(CertStatus certStatus) {
        return this.allowedOcspResults.contains(certStatus);
    }

    private CertificateValidatorConfig(OcspPolicy ocspPolicy, Set<CertStatus> set, OcspSignatureValidator ocspSignatureValidator, boolean z) {
        this.ocspPolicy = ocspPolicy;
        this.allowedOcspResults = Collections.unmodifiableSet(set);
        this.ocspSignatureValidator = ocspSignatureValidator;
        this.ignoreCustomSigningCertificatesInOcspResponses = z;
    }

    public CertificateValidatorConfig withOcspPolicy(OcspPolicy ocspPolicy) {
        return new CertificateValidatorConfig(ocspPolicy, this.allowedOcspResults, this.ocspSignatureValidator, this.ignoreCustomSigningCertificatesInOcspResponses);
    }

    public CertificateValidatorConfig allowOcspResults(CertStatus... certStatusArr) {
        return new CertificateValidatorConfig(this.ocspPolicy, EnumSet.of(CertStatus.OK, certStatusArr), this.ocspSignatureValidator, this.ignoreCustomSigningCertificatesInOcspResponses);
    }

    CertificateValidatorConfig validateOcspResponseSignatureUsing(OcspSignatureValidator ocspSignatureValidator) {
        return new CertificateValidatorConfig(this.ocspPolicy, this.allowedOcspResults, ocspSignatureValidator, this.ignoreCustomSigningCertificatesInOcspResponses);
    }

    CertificateValidatorConfig ignoreCustomSigningCertificatesInOcspResponses() {
        return new CertificateValidatorConfig(this.ocspPolicy, this.allowedOcspResults, this.ocspSignatureValidator, true);
    }
}
