package com.github.toolarium.security.certificate.impl;

import com.github.toolarium.security.certificate.ICertificateVerifier;
import com.github.toolarium.security.pki.util.PKIUtil;
import java.security.GeneralSecurityException;
import java.security.cert.X509Certificate;
import java.util.function.Consumer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/github/toolarium/security/certificate/impl/CertificateVerifier.class */
public class CertificateVerifier implements ICertificateVerifier {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) CertificateVerifier.class);

    @Override // com.github.toolarium.security.certificate.ICertificateVerifier
    public void verifyCertificateChain(Consumer<String> consumer, X509Certificate[] x509CertificateArr) throws GeneralSecurityException {
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            return;
        }
        int length = x509CertificateArr.length;
        if (consumer != null) {
            PKIUtil.getInstance().processCertificate(consumer, "Verify certificate chain: " + length + " certificate(s)...", x509CertificateArr);
        }
        verifyCertificate(consumer, x509CertificateArr[length - 1], null);
        for (int i = length - 1; i > 0; i--) {
            verifyCertificate(consumer, x509CertificateArr[i - 1], x509CertificateArr[i]);
        }
        LOG.debug("Certificate chain checked successful!");
    }

    @Override // com.github.toolarium.security.certificate.ICertificateVerifier
    public void verifyCertificate(Consumer<String> consumer, X509Certificate x509Certificate, X509Certificate x509Certificate2) throws GeneralSecurityException {
        if (x509Certificate2 != null) {
            LOG.debug("Verify certificate: '" + x509Certificate.getSubjectX500Principal().getName() + "'");
            x509Certificate.verify(x509Certificate2.getPublicKey());
            LOG.debug("Successfully verified CA certificate with public key.");
            if (consumer != null) {
                PKIUtil.getInstance().processPublicKeyInfo(consumer, null, x509Certificate2.getPublicKey());
            }
        }
    }

    @Override // com.github.toolarium.security.certificate.ICertificateVerifier
    public void verifyCertificate(Consumer<String> consumer, X509Certificate x509Certificate) throws GeneralSecurityException {
        if (x509Certificate == null) {
            throw new GeneralSecurityException("Invalid certificate (null)!");
        }
        LOG.debug("Verify certificate: '" + x509Certificate.getSubjectX500Principal().getName() + "'");
        x509Certificate.verify(x509Certificate.getPublicKey());
        LOG.debug("Successfully verified CA certificate with its own public key.");
        if (consumer != null) {
            PKIUtil.getInstance().processPublicKeyInfo(consumer, null, x509Certificate.getPublicKey());
        }
    }
}
