package org.glite.voms.ac;

import java.io.IOException;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.apache.log4j.Logger;
import org.glite.voms.BasicVOMSTrustStore;
import org.glite.voms.PKIVerifier;

/* loaded from: input_file:WEB-INF/lib/voms-api-2.0.6.jar:org/glite/voms/ac/ACValidator.class */
public class ACValidator {
    protected static final Logger log = Logger.getLogger(ACValidator.class);
    private static ACValidator theInstance = null;
    protected ACTrustStore myTrustStore;
    protected VOMSTrustStore myVOMSStore;
    protected PKIVerifier theVerifier;

    public ACValidator(ACTrustStore aCTrustStore) {
        if (aCTrustStore == null) {
            throw new IllegalArgumentException("ACValidator: constructor must have an ACTrustStore");
        }
        this.myTrustStore = aCTrustStore;
    }

    public ACValidator(VOMSTrustStore vOMSTrustStore) {
        if (vOMSTrustStore == null) {
            throw new IllegalArgumentException("ACValidator: constructor must have a VOMSTrustStore");
        }
        this.myVOMSStore = vOMSTrustStore;
        try {
            this.theVerifier = new PKIVerifier(this.myVOMSStore);
        } catch (IOException e) {
            log.error("Problems while initializing the verifier: " + e.getMessage());
            throw new IllegalArgumentException("Problems with the passed store: " + e.getMessage());
        } catch (CRLException e2) {
            log.error("Problems while initializing the verifier: " + e2.getMessage());
            throw new IllegalArgumentException("Problems with the passed store: " + e2.getMessage());
        } catch (CertificateException e3) {
            log.error("Problems while initializing the verifier: " + e3.getMessage());
            throw new IllegalArgumentException("Problems with the passed store: " + e3.getMessage());
        }
    }

    public ACValidator(PKIVerifier pKIVerifier) {
        this.myTrustStore = null;
        this.myVOMSStore = null;
        this.theVerifier = pKIVerifier;
    }

    public static ACValidator getInstance() {
        return getInstance((VOMSTrustStore) null);
    }

    public static ACValidator getInstance(ACTrustStore aCTrustStore) throws IllegalArgumentException {
        ACValidator aCValidator = theInstance != null ? theInstance : new ACValidator(aCTrustStore);
        theInstance = aCValidator;
        return aCValidator;
    }

    public static ACValidator getInstance(VOMSTrustStore vOMSTrustStore) throws IllegalArgumentException {
        ACValidator aCValidator = theInstance != null ? theInstance : new ACValidator(vOMSTrustStore);
        theInstance = aCValidator;
        return aCValidator;
    }

    public void cleanup() {
        if (this.myTrustStore != null && (this.myTrustStore instanceof BasicVOMSTrustStore)) {
            ((BasicVOMSTrustStore) this.myTrustStore).stopRefresh();
        }
        if (this.myVOMSStore != null) {
            this.myVOMSStore.stopRefresh();
        }
        if (this.theVerifier != null) {
            this.theVerifier.cleanup();
        }
    }

    public boolean validate(AttributeCertificate attributeCertificate) {
        if (attributeCertificate == null) {
            return false;
        }
        if (this.theVerifier != null) {
            return this.theVerifier.verify(attributeCertificate);
        }
        if (!attributeCertificate.isValid()) {
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug("AC expired or not yet valid. Issuer : " + attributeCertificate.getIssuer().getName());
            return false;
        }
        X509Certificate[] aACandidate = this.myTrustStore.getAACandidate(attributeCertificate.getIssuer());
        if (aACandidate == null || aACandidate.length == 0) {
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug("AC not valid (no such trusted issuer) : " + attributeCertificate.getIssuer().getName());
            return false;
        }
        for (int i = 0; i < aACandidate.length; i++) {
            if (attributeCertificate.verify(aACandidate[i].getPublicKey())) {
                if (!log.isDebugEnabled()) {
                    return true;
                }
                log.debug("AC signature verified OK by issuer : " + aACandidate[i].getSubjectX500Principal().getName());
                return true;
            }
            if (log.isDebugEnabled()) {
                log.debug("AC from signature did not verify OK by issuer : " + aACandidate[i].getSubjectX500Principal().getName());
            }
        }
        return false;
    }
}
