package org.xipki.scep.client;

import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import org.xipki.security.HashAlgo;
import org.xipki.security.X509Cert;
import org.xipki.util.Args;

/* loaded from: input_file:org/xipki/scep/client/CaCertValidator.class */
public interface CaCertValidator {

    /* loaded from: input_file:org/xipki/scep/client/CaCertValidator$CachingCertificateValidator.class */
    public static final class CachingCertificateValidator implements CaCertValidator {
        private final ConcurrentHashMap<String, Boolean> cachedAnswers = new ConcurrentHashMap<>();
        private final CaCertValidator delegate;

        public CachingCertificateValidator(CaCertValidator caCertValidator) {
            this.delegate = (CaCertValidator) Args.notNull(caCertValidator, "delegate");
        }

        /* JADX WARN: Type inference failed for: r1v2, types: [byte[], byte[][]] */
        @Override // org.xipki.scep.client.CaCertValidator
        public boolean isTrusted(X509Cert x509Cert) {
            Args.notNull(x509Cert, "cert");
            String hexHash = HashAlgo.SHA256.hexHash((byte[][]) new byte[]{x509Cert.getEncoded()});
            Boolean bool = this.cachedAnswers.get(hexHash);
            if (bool != null) {
                return bool.booleanValue();
            }
            boolean isTrusted = this.delegate.isTrusted(x509Cert);
            this.cachedAnswers.put(hexHash, Boolean.valueOf(isTrusted));
            return isTrusted;
        }
    }

    /* loaded from: input_file:org/xipki/scep/client/CaCertValidator$PreprovisionedCaCertValidator.class */
    public static final class PreprovisionedCaCertValidator implements CaCertValidator {
        private final Set<String> fpOfCerts;

        /* JADX WARN: Type inference failed for: r2v2, types: [byte[], byte[][]] */
        public PreprovisionedCaCertValidator(X509Cert x509Cert) {
            Args.notNull(x509Cert, "cert");
            this.fpOfCerts = new HashSet(1);
            this.fpOfCerts.add(HashAlgo.SHA256.hexHash((byte[][]) new byte[]{x509Cert.getEncoded()}));
        }

        /* JADX WARN: Type inference failed for: r2v2, types: [byte[], byte[][]] */
        public PreprovisionedCaCertValidator(Set<X509Cert> set) {
            Args.notEmpty(set, "certs");
            this.fpOfCerts = new HashSet(set.size());
            Iterator<X509Cert> it = set.iterator();
            while (it.hasNext()) {
                this.fpOfCerts.add(HashAlgo.SHA256.hexHash((byte[][]) new byte[]{it.next().getEncoded()}));
            }
        }

        /* JADX WARN: Type inference failed for: r1v1, types: [byte[], byte[][]] */
        @Override // org.xipki.scep.client.CaCertValidator
        public boolean isTrusted(X509Cert x509Cert) {
            return this.fpOfCerts.contains(HashAlgo.SHA256.hexHash((byte[][]) new byte[]{((X509Cert) Args.notNull(x509Cert, "cert")).getEncoded()}));
        }
    }

    /* loaded from: input_file:org/xipki/scep/client/CaCertValidator$PreprovisionedHashCaCertValidator.class */
    public static final class PreprovisionedHashCaCertValidator implements CaCertValidator {
        private final HashAlgo hashAlgo;
        private final Set<byte[]> hashValues;

        public PreprovisionedHashCaCertValidator(HashAlgo hashAlgo, Set<byte[]> set) {
            this.hashAlgo = (HashAlgo) Args.notNull(hashAlgo, "hashAlgo");
            Args.notEmpty(set, "hashValues");
            int length = hashAlgo.getLength();
            for (byte[] bArr : set) {
                if (bArr.length != length) {
                    throw new IllegalArgumentException("invalid the length of hashValue: " + bArr.length + " != " + length);
                }
            }
            this.hashValues = new HashSet(set.size());
            for (byte[] bArr2 : set) {
                this.hashValues.add(Arrays.copyOf(bArr2, bArr2.length));
            }
        }

        /* JADX WARN: Type inference failed for: r1v1, types: [byte[], byte[][]] */
        @Override // org.xipki.scep.client.CaCertValidator
        public boolean isTrusted(X509Cert x509Cert) {
            byte[] hash = this.hashAlgo.hash((byte[][]) new byte[]{((X509Cert) Args.notNull(x509Cert, "cert")).getEncoded()});
            Iterator<byte[]> it = this.hashValues.iterator();
            while (it.hasNext()) {
                if (Arrays.equals(hash, it.next())) {
                    return true;
                }
            }
            return false;
        }
    }

    boolean isTrusted(X509Cert x509Cert);
}
