package io.jenkins.plugins.neuvector;

import java.io.IOException;
import java.io.StringWriter;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.conn.ssl.TrustStrategy;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;

/* loaded from: input_file:WEB-INF/lib/neuvector-vulnerability-scanner.jar:io/jenkins/plugins/neuvector/BouncyCastleTrustStrategy.class */
public class BouncyCastleTrustStrategy implements TrustStrategy {
    public static final TrustSelfSignedStrategy INSTANCE = new TrustSelfSignedStrategy();
    private final String preDefineCert;

    public BouncyCastleTrustStrategy(String str) {
        this.preDefineCert = str;
    }

    private String normalizeTheCert(String str) {
        return str.replaceAll("[\n\\s]+", "");
    }

    public boolean isTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("Certificate chain is null or empty");
        }
        if (x509CertificateArr.length > 1) {
            throw new IllegalArgumentException("Certificate chain should be length one");
        }
        X509Certificate x509Certificate = x509CertificateArr[0];
        x509Certificate.checkValidity();
        StringWriter stringWriter = new StringWriter();
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
        try {
            jcaPEMWriter.writeObject(x509Certificate);
            jcaPEMWriter.close();
            return normalizeTheCert(this.preDefineCert).equals(normalizeTheCert(stringWriter.toString()));
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }
}
