package org.jvnet.hudson.crypto;

import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:WEB-INF/lib/crypto-util-1.0.jar:org/jvnet/hudson/crypto/CertificateUtil.class */
public class CertificateUtil {
    public static Set<TrustAnchor> getDefaultRootCAs() throws NoSuchAlgorithmException, KeyStoreException {
        X509TrustManager defaultX509TrustManager = getDefaultX509TrustManager();
        HashSet hashSet = new HashSet();
        for (X509Certificate x509Certificate : defaultX509TrustManager.getAcceptedIssuers()) {
            hashSet.add(new TrustAnchor(x509Certificate, null));
        }
        return hashSet;
    }

    public static X509TrustManager getDefaultX509TrustManager() throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("X509TrustManager is not found");
    }

    public static PKIXCertPathValidatorResult validatePath(List<X509Certificate> list) throws GeneralSecurityException {
        return validatePath(list, getDefaultRootCAs());
    }

    public static PKIXCertPathValidatorResult validatePath(List<X509Certificate> list, Set<TrustAnchor> set) throws GeneralSecurityException {
        CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
        PKIXParameters pKIXParameters = new PKIXParameters(set);
        pKIXParameters.setRevocationEnabled(false);
        return (PKIXCertPathValidatorResult) certPathValidator.validate(CertificateFactory.getInstance("X509").generateCertPath(list), pKIXParameters);
    }
}
