package org.openoces.serviceprovider;

import java.io.ByteArrayInputStream;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.naming.ldap.LdapName;
import org.apache.log4j.Logger;
import org.openoces.ooapi.certificate.OcesCertificate;
import org.openoces.ooapi.environment.Environments;
import org.openoces.ooapi.environment.RootCertificates;
import org.openoces.ooapi.exceptions.InternalException;
import org.openoces.ooapi.ldap.LDAPFactory;
import org.openoces.ooapi.ping.OCSPAlivetester;
import org.openoces.ooapi.ping.PidAlivetester;
import org.openoces.ooapi.service.impl.PidServiceProviderClientImpl;
import org.openoces.ooapi.validation.CRL;

/* loaded from: input_file:org/openoces/serviceprovider/ConfigurationChecker.class */
public class ConfigurationChecker {
    private static final Logger logger = Logger.getLogger(ConfigurationChecker.class);
    private static final String ROOT_CERTIFICATE_BINARY = "cACertificate;binary";

    public static void verifyRootCertificateFromLDAP() {
        for (Environments.Environment environment : Environments.getTrustedEnvironments()) {
            try {
                try {
                    X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream((byte[]) LDAPFactory.createLdapContext(environment, ROOT_CERTIFICATE_BINARY).getAttributes(new LdapName(LDAPFactory.getEnvironmentCaDn(environment))).get(ROOT_CERTIFICATE_BINARY).get()));
                    X509Certificate lookupCertificate = RootCertificates.lookupCertificate(environment);
                    if (lookupCertificate.getIssuerDN().getName().equals(x509Certificate.getIssuerDN().getName()) && lookupCertificate.getSerialNumber().equals(x509Certificate.getSerialNumber())) {
                        logger.info("Root certificate retrieved from LDAP with DN: " + x509Certificate.getSubjectDN().getName());
                    } else {
                        logger.error("ERROR: Could not retrieve root certificate from LDAP for environment " + environment);
                    }
                } catch (Exception e) {
                    logger.error("ERROR: Could not retrieve root certificate from LDAP for environment " + environment, e);
                }
            } catch (Exception e2) {
                logger.error("ERROR: Could not connect to LDAP directory.", e2);
                return;
            }
        }
    }

    public static boolean verifyFullCRL(OcesCertificate ocesCertificate) {
        CRL retrieveFullCrl = CertificateRevocationHandler.retrieveFullCrl(ocesCertificate);
        return retrieveFullCrl != null && retrieveFullCrl.isValid();
    }

    public static void verifyPidService() throws ServiceProviderException {
        try {
            PidAlivetester.getInstance().pingPid();
        } catch (InternalException e) {
            throw new ServiceProviderException("Error calling PID", e);
        }
    }

    public static boolean makeTestConnectionToPIDCPRService() {
        PidServiceProviderClientImpl.createForTestEnv().test();
        return true;
    }

    public static boolean canCallOCSP(String str) throws ServiceProviderException {
        return OCSPAlivetester.getInstance().pingOCSP(str);
    }
}
