package net.ripe.rpki.commons.provisioning.cms;

import net.ripe.rpki.commons.crypto.crl.X509Crl;
import net.ripe.rpki.commons.crypto.crl.X509CrlValidator;
import net.ripe.rpki.commons.provisioning.x509.ProvisioningCertificateValidator;
import net.ripe.rpki.commons.provisioning.x509.ProvisioningCmsCertificate;
import net.ripe.rpki.commons.provisioning.x509.ProvisioningIdentityCertificate;
import net.ripe.rpki.commons.validation.ValidationOptions;
import net.ripe.rpki.commons.validation.ValidationResult;

/* loaded from: input_file:net/ripe/rpki/commons/provisioning/cms/ProvisioningCmsObjectValidator.class */
public class ProvisioningCmsObjectValidator {
    private ValidationOptions options;
    private ProvisioningCmsObject cmsObject;
    private ProvisioningIdentityCertificate identityCertificate;
    private ValidationResult validationResult;
    private ProvisioningCmsCertificate cmsCertificate;
    private X509Crl crl;

    public ProvisioningCmsObjectValidator(ValidationOptions validationOptions, ProvisioningCmsObject provisioningCmsObject, ProvisioningIdentityCertificate provisioningIdentityCertificate) {
        this.options = validationOptions;
        this.cmsObject = provisioningCmsObject;
        this.identityCertificate = provisioningIdentityCertificate;
    }

    public void validate(ValidationResult validationResult) {
        this.validationResult = validationResult;
        ProvisioningCmsObjectParser provisioningCmsObjectParser = new ProvisioningCmsObjectParser(validationResult);
        provisioningCmsObjectParser.parseCms("<cms>", this.cmsObject.getEncoded());
        if (provisioningCmsObjectParser.getValidationResult().hasFailures()) {
            return;
        }
        this.cmsCertificate = new ProvisioningCmsCertificate(this.cmsObject.getCmsCertificate());
        this.crl = new X509Crl(this.cmsObject.getCrl());
        validateCrl();
        validateCertificateChain();
    }

    private void validateCrl() {
        new X509CrlValidator(this.options, this.validationResult, this.identityCertificate).validate("<crl>", this.crl);
    }

    private void validateCertificateChain() {
        validateCmsCertificate();
        validateIdentityCertificate();
    }

    private void validateCmsCertificate() {
        new ProvisioningCertificateValidator(this.options, this.validationResult, this.identityCertificate, this.crl).validate("<cms-cert>", this.cmsCertificate);
    }

    private void validateIdentityCertificate() {
        new ProvisioningCertificateValidator(this.options, this.validationResult, this.identityCertificate, this.crl).validate("<identity-cert>", this.identityCertificate);
    }
}
