package org.italiangrid.voms.util;

import eu.emi.security.authn.x509.CrlCheckingMode;
import eu.emi.security.authn.x509.NamespaceCheckingMode;
import eu.emi.security.authn.x509.OCSPCheckingMode;
import eu.emi.security.authn.x509.OCSPParametes;
import eu.emi.security.authn.x509.ProxySupport;
import eu.emi.security.authn.x509.StoreUpdateListener;
import eu.emi.security.authn.x509.ValidationErrorListener;
import eu.emi.security.authn.x509.X509CertChainValidatorExt;
import eu.emi.security.authn.x509.impl.CRLParameters;
import eu.emi.security.authn.x509.impl.OpensslCertChainValidator;
import eu.emi.security.authn.x509.impl.RevocationParametersExt;
import eu.emi.security.authn.x509.impl.ValidatorParamsExt;
import java.util.Arrays;

/* loaded from: input_file:org/italiangrid/voms/util/CertificateValidatorBuilder.class */
public class CertificateValidatorBuilder {
    public static final String DEFAULT_TRUST_ANCHORS_DIR = "/etc/grid-security/certificates";
    public static final long DEFAULT_TRUST_ANCHORS_UPDATE_INTERVAL = 0;
    private String trustAnchorsDir = "/etc/grid-security/certificates";
    private ValidationErrorListener validationErrorListener = null;
    private StoreUpdateListener storeUpdateListener = null;
    private long trustAnchorsUpdateInterval = 0;
    private boolean lazyAnchorsLoading = DEFAULT_VALIDATOR_IS_LAZY.booleanValue();
    private NamespaceCheckingMode namespaceChecks = DEFAULT_NS_CHECKS;
    private CrlCheckingMode crlChecks = DEFAULT_CRL_CHECKS;
    private OCSPCheckingMode ocspChecks = DEFAULT_OCSP_CHECKS;
    public static final CrlCheckingMode DEFAULT_CRL_CHECKS = CrlCheckingMode.IF_VALID;
    public static final OCSPCheckingMode DEFAULT_OCSP_CHECKS = OCSPCheckingMode.IGNORE;
    public static final NamespaceCheckingMode DEFAULT_NS_CHECKS = NamespaceCheckingMode.GLOBUS_EUGRIDPMA;
    public static final Boolean DEFAULT_VALIDATOR_IS_LAZY = Boolean.FALSE;

    public CertificateValidatorBuilder storeUpdateListener(StoreUpdateListener storeUpdateListener) {
        this.storeUpdateListener = storeUpdateListener;
        return this;
    }

    public CertificateValidatorBuilder trustAnchorsDir(String str) {
        this.trustAnchorsDir = str;
        return this;
    }

    public CertificateValidatorBuilder validationErrorListener(ValidationErrorListener validationErrorListener) {
        this.validationErrorListener = validationErrorListener;
        return this;
    }

    public CertificateValidatorBuilder trustAnchorsUpdateInterval(long j) {
        this.trustAnchorsUpdateInterval = j;
        return this;
    }

    public CertificateValidatorBuilder lazyAnchorsLoading(boolean z) {
        this.lazyAnchorsLoading = z;
        return this;
    }

    public CertificateValidatorBuilder namespaceChecks(NamespaceCheckingMode namespaceCheckingMode) {
        this.namespaceChecks = namespaceCheckingMode;
        return this;
    }

    public CertificateValidatorBuilder crlChecks(CrlCheckingMode crlCheckingMode) {
        this.crlChecks = crlCheckingMode;
        return this;
    }

    public CertificateValidatorBuilder ocspChecks(OCSPCheckingMode oCSPCheckingMode) {
        this.ocspChecks = oCSPCheckingMode;
        return this;
    }

    public X509CertChainValidatorExt build() {
        ValidatorParamsExt validatorParamsExt = new ValidatorParamsExt(new RevocationParametersExt(this.crlChecks, new CRLParameters(), new OCSPParametes(this.ocspChecks)), ProxySupport.ALLOW);
        if (this.storeUpdateListener != null) {
            validatorParamsExt.setInitialListeners(Arrays.asList(this.storeUpdateListener));
        }
        OpensslCertChainValidator opensslCertChainValidator = new OpensslCertChainValidator(this.trustAnchorsDir, false, this.namespaceChecks, this.trustAnchorsUpdateInterval, validatorParamsExt, this.lazyAnchorsLoading);
        if (this.validationErrorListener != null) {
            opensslCertChainValidator.addValidationListener(this.validationErrorListener);
        }
        return opensslCertChainValidator;
    }

    public static X509CertChainValidatorExt buildCertificateValidator(String str, ValidationErrorListener validationErrorListener, StoreUpdateListener storeUpdateListener, long j, NamespaceCheckingMode namespaceCheckingMode, CrlCheckingMode crlCheckingMode, OCSPCheckingMode oCSPCheckingMode) {
        return buildCertificateValidator(str, validationErrorListener, storeUpdateListener, j, namespaceCheckingMode, crlCheckingMode, oCSPCheckingMode, true);
    }

    public static X509CertChainValidatorExt buildCertificateValidator(String str, ValidationErrorListener validationErrorListener, StoreUpdateListener storeUpdateListener, long j, NamespaceCheckingMode namespaceCheckingMode, CrlCheckingMode crlCheckingMode, OCSPCheckingMode oCSPCheckingMode, boolean z) {
        return new CertificateValidatorBuilder().trustAnchorsDir(str).validationErrorListener(validationErrorListener).storeUpdateListener(storeUpdateListener).trustAnchorsUpdateInterval(j).namespaceChecks(namespaceCheckingMode).crlChecks(crlCheckingMode).ocspChecks(oCSPCheckingMode).lazyAnchorsLoading(z).build();
    }

    public static X509CertChainValidatorExt buildCertificateValidator(String str, ValidationErrorListener validationErrorListener) {
        return buildCertificateValidator(str, validationErrorListener, null, 0L, DEFAULT_NS_CHECKS, DEFAULT_CRL_CHECKS, DEFAULT_OCSP_CHECKS);
    }

    public static X509CertChainValidatorExt buildCertificateValidator(String str, ValidationErrorListener validationErrorListener, StoreUpdateListener storeUpdateListener) {
        return buildCertificateValidator(str, validationErrorListener, storeUpdateListener, 0L, DEFAULT_NS_CHECKS, DEFAULT_CRL_CHECKS, DEFAULT_OCSP_CHECKS);
    }

    public static X509CertChainValidatorExt buildCertificateValidator(String str, ValidationErrorListener validationErrorListener, StoreUpdateListener storeUpdateListener, long j, boolean z) {
        return buildCertificateValidator(str, validationErrorListener, storeUpdateListener, j, DEFAULT_NS_CHECKS, DEFAULT_CRL_CHECKS, DEFAULT_OCSP_CHECKS, z);
    }

    public static X509CertChainValidatorExt buildCertificateValidator(String str, ValidationErrorListener validationErrorListener, StoreUpdateListener storeUpdateListener, long j) {
        return buildCertificateValidator(str, validationErrorListener, storeUpdateListener, j, DEFAULT_NS_CHECKS, DEFAULT_CRL_CHECKS, DEFAULT_OCSP_CHECKS);
    }

    public static X509CertChainValidatorExt buildCertificateValidator(String str, ValidationErrorListener validationErrorListener, long j, boolean z) {
        return buildCertificateValidator(str, validationErrorListener, null, j, DEFAULT_NS_CHECKS, DEFAULT_CRL_CHECKS, DEFAULT_OCSP_CHECKS, z);
    }

    public static X509CertChainValidatorExt buildCertificateValidator(String str, ValidationErrorListener validationErrorListener, long j) {
        return buildCertificateValidator(str, validationErrorListener, null, j, DEFAULT_NS_CHECKS, DEFAULT_CRL_CHECKS, DEFAULT_OCSP_CHECKS);
    }

    public static X509CertChainValidatorExt buildCertificateValidator(String str) {
        return buildCertificateValidator(str, null, null, 0L, DEFAULT_NS_CHECKS, DEFAULT_CRL_CHECKS, DEFAULT_OCSP_CHECKS);
    }

    public static X509CertChainValidatorExt buildCertificateValidator() {
        return buildCertificateValidator("/etc/grid-security/certificates", null, null, 0L, DEFAULT_NS_CHECKS, DEFAULT_CRL_CHECKS, DEFAULT_OCSP_CHECKS);
    }
}
