package be.fedict.eidviewer.lib;

import be.fedict.trust.client.XKMS2Client;
import be.fedict.trust.client.exception.RevocationDataNotFoundException;
import be.fedict.trust.client.exception.TrustDomainNotFoundException;
import be.fedict.trust.client.exception.ValidationFailedException;
import com.sun.xml.ws.client.ClientTransportException;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Observable;
import java.util.concurrent.LinkedBlockingQueue;
import java.util.logging.Level;
import java.util.logging.Logger;

/* loaded from: input_file:be/fedict/eidviewer/lib/TrustServiceController.class */
public class TrustServiceController extends Observable implements Runnable {
    private static final Logger logger = Logger.getLogger(TrustServiceController.class.getName());
    private static final String XKMS2_REASONURI_PREFIX = "http://www.w3.org/2002/03/xkms#";
    private String trustServiceURL;
    private XKMS2Client trustServiceClient;
    private boolean running;
    private Thread worker;
    private LinkedBlockingQueue<X509CertificateChainAndTrust> chainsToBeValidated = new LinkedBlockingQueue<>();
    private boolean validating = false;

    public TrustServiceController(String str) {
        this.trustServiceURL = str;
        this.trustServiceClient = new XKMS2Client(this.trustServiceURL);
    }

    public TrustServiceController setServicePublicKey(PublicKey publicKey) {
        logger.fine("Setting Service Public Key");
        this.trustServiceClient.setServicePublicKey(publicKey);
        return this;
    }

    public TrustServiceController setServerCertificate(X509Certificate x509Certificate) {
        logger.fine("Setting Server Certificate");
        this.trustServiceClient.setServerCertificate(x509Certificate);
        return this;
    }

    public TrustServiceController setProxy(String str, int i) {
        if (str != null) {
            logger.log(Level.INFO, "Set Proxy To {0}:{1}", new Object[]{str, Integer.valueOf(i)});
        } else {
            logger.log(Level.INFO, "Removing Proxy");
        }
        this.trustServiceClient.setProxy(str, i);
        return this;
    }

    public synchronized TrustServiceController validateLater(X509CertificateChainAndTrust x509CertificateChainAndTrust) {
        logger.log(Level.FINEST, "Enqueueing {0} for validation", new Object[]{x509CertificateChainAndTrust.toString()});
        try {
            this.chainsToBeValidated.put(x509CertificateChainAndTrust);
            logger.log(Level.FINEST, "Enqueued {0} successfully", new Object[]{x509CertificateChainAndTrust.toString()});
        } catch (InterruptedException e) {
            logger.log(Level.SEVERE, "TrustServiceController Interruped while adding certificates to be validated", (Throwable) e);
        }
        return this;
    }

    public synchronized TrustServiceController clear() {
        logger.fine("Clearing");
        this.chainsToBeValidated.clear();
        return this;
    }

    public TrustServiceController start() {
        logger.fine("Starting");
        this.worker = new Thread(this, "TrustServiceController");
        this.worker.setDaemon(true);
        this.worker.start();
        return this;
    }

    public void stop() {
        logger.fine("Stopping..");
        this.running = false;
        this.worker.interrupt();
    }

    public boolean isValidating() {
        return this.validating || !this.chainsToBeValidated.isEmpty();
    }

    @Override // java.lang.Runnable
    public void run() {
        this.running = true;
        while (this.running) {
            try {
                logger.finest("Sleeping until validation requested");
                X509CertificateChainAndTrust take = this.chainsToBeValidated.take();
                logger.finest("Validation requested");
                try {
                    try {
                        try {
                            this.validating = true;
                            take.setValidating();
                            logger.log(Level.INFO, "Validating {0}", new Object[]{take.toString()});
                            if (System.getProperty("os.name").startsWith("Linux")) {
                                logger.finest("Multithreaded proxy detection workaround enabled.");
                                logger.finest("See https://lists.launchpad.net/openjdk/msg06752.html");
                                synchronized (this.trustServiceClient) {
                                    this.trustServiceClient.validate(take.getTrustDomain(), take.getCertificates(), true);
                                }
                            } else {
                                this.trustServiceClient.validate(take.getTrustDomain(), take.getCertificates(), true);
                            }
                            logger.log(Level.INFO, "Trusted");
                            take.setTrusted();
                        } catch (ValidationFailedException e) {
                            logger.log(Level.INFO, "Validation Failed", (Throwable) e);
                            take.setValidationException(e);
                            take.setRevocationValues(this.trustServiceClient.getRevocationValues());
                            take.setInvalidReasons(trimInvalidReasons(this.trustServiceClient.getInvalidReasons()));
                        } catch (ClientTransportException e2) {
                            logger.log(Level.SEVERE, "Transport Exception Trying to Validate Certificate Chain", (Throwable) e2);
                            logger.log(Level.SEVERE, "Check the Proxy Settings, DNS Availability and Trust Service Accessibility", (Throwable) e2);
                            logger.log(Level.SEVERE, "Trust Service URL used: {0}", (Object[]) new String[]{this.trustServiceURL});
                            take.setTrustServiceException(e2);
                        }
                    } catch (RevocationDataNotFoundException e3) {
                        logger.log(Level.WARNING, "Revocation Data Not Found", (Throwable) e3);
                        take.setValidationException(e3);
                        take.setInvalidReasons(this.trustServiceClient.getInvalidReasons());
                    } catch (CertificateEncodingException e4) {
                        logger.log(Level.SEVERE, "Certificate Encoding Exception", (Throwable) e4);
                        take.setValidationException(e4);
                    }
                } catch (TrustDomainNotFoundException e5) {
                    logger.log(Level.SEVERE, "Trust Domain Not Found", (Throwable) e5);
                    take.setValidationException(e5);
                } catch (Exception e6) {
                    logger.log(Level.SEVERE, "General Exception Trying to Validate Certificate Chain", (Throwable) e6);
                    take.setTrustServiceException(e6);
                }
                this.validating = false;
                setChanged();
                notifyObservers(take);
            } catch (InterruptedException e7) {
                if (this.running) {
                    logger.log(this.running ? Level.SEVERE : Level.INFO, "TrustServiceController Worker Interrupted", (Throwable) e7);
                }
                this.running = false;
            }
        }
    }

    private List<String> trimInvalidReasons(List<String> list) {
        ArrayList arrayList = new ArrayList(list.size());
        for (String str : list) {
            if (str.startsWith(XKMS2_REASONURI_PREFIX)) {
                arrayList.add(str.substring(XKMS2_REASONURI_PREFIX.length()));
            }
        }
        return arrayList;
    }
}
