package no.difi.vefa.peppol.security.util;

import java.io.IOException;
import java.io.InputStream;
import java.security.cert.X509Certificate;
import java.util.Map;
import no.difi.certvalidator.ValidatorGroup;
import no.difi.certvalidator.ValidatorLoader;
import no.difi.certvalidator.api.CertificateValidationException;
import no.difi.certvalidator.lang.ValidatorParsingException;
import no.difi.vefa.peppol.common.code.Service;
import no.difi.vefa.peppol.common.lang.PeppolLoadingException;
import no.difi.vefa.peppol.mode.Mode;
import no.difi.vefa.peppol.security.api.CertificateValidator;
import no.difi.vefa.peppol.security.lang.PeppolSecurityException;

/* loaded from: input_file:no/difi/vefa/peppol/security/util/DifiCertificateValidator.class */
public class DifiCertificateValidator implements CertificateValidator {
    private ValidatorGroup validator;
    private Mode mode;

    public DifiCertificateValidator(Mode mode) throws PeppolLoadingException {
        this(mode, null);
    }

    public DifiCertificateValidator(Mode mode, Map<String, Object> map) throws PeppolLoadingException {
        this.mode = mode;
        try {
            InputStream resourceAsStream = getClass().getResourceAsStream(mode.getString("security.pki"));
            Throwable th = null;
            try {
                try {
                    this.validator = ValidatorLoader.newInstance().putAll(map).build(resourceAsStream);
                    if (resourceAsStream != null) {
                        if (0 != 0) {
                            try {
                                resourceAsStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            resourceAsStream.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (ValidatorParsingException | IOException e) {
            throw new PeppolLoadingException("Unable to initiate PKI.", e);
        }
    }

    @Override // no.difi.vefa.peppol.security.api.CertificateValidator
    public void validate(Service service, X509Certificate x509Certificate) throws PeppolSecurityException {
        try {
            this.validator.validate(this.mode.getString(String.format("security.validator.%s", service.toString())), x509Certificate);
        } catch (CertificateValidationException e) {
            throw new PeppolSecurityException(e.getMessage(), e);
        }
    }
}
