package org.mule.runtime.module.tls.internal.revocation;

import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.CertPathBuilder;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXRevocationChecker;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.EnumSet;
import java.util.Set;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.ManagerFactoryParameters;
import org.mule.runtime.api.component.AbstractComponent;
import org.mule.runtime.api.util.Preconditions;
import org.mule.runtime.core.privileged.security.RevocationCheck;
import org.mule.runtime.core.privileged.security.tls.TlsConfiguration;

/* loaded from: input_file:org/mule/runtime/module/tls/internal/revocation/CustomOcspResponder.class */
public class CustomOcspResponder extends AbstractComponent implements RevocationCheck {
    private String url;
    private String certAlias;

    public void setUrl(String str) {
        this.url = str;
    }

    public void setCertAlias(String str) {
        this.certAlias = str;
    }

    @Override // org.mule.runtime.core.privileged.security.RevocationCheck
    public ManagerFactoryParameters configFor(KeyStore keyStore, Set<TrustAnchor> set) {
        Preconditions.checkArgument(this.url != null, "tls:custom-ocsp-responder requires the 'url' attribute");
        Preconditions.checkArgument(keyStore != null, "tls:custom-ocsp-responder requires a trust store");
        try {
            PKIXRevocationChecker pKIXRevocationChecker = (PKIXRevocationChecker) CertPathBuilder.getInstance(TlsConfiguration.REVOCATION_KEYSTORE_ALGORITHM).getRevocationChecker();
            pKIXRevocationChecker.setOptions(EnumSet.of(PKIXRevocationChecker.Option.NO_FALLBACK));
            if (this.url != null) {
                pKIXRevocationChecker.setOcspResponder(new URI(this.url));
            }
            if (this.certAlias != null) {
                if (!keyStore.isCertificateEntry(this.certAlias)) {
                    throw new IllegalStateException("Key with alias \"" + this.certAlias + "\" was not found");
                }
                pKIXRevocationChecker.setOcspResponderCert((X509Certificate) keyStore.getCertificate(this.certAlias));
            }
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, new X509CertSelector());
            pKIXBuilderParameters.addCertPathChecker(pKIXRevocationChecker);
            return new CertPathTrustManagerParameters(pKIXBuilderParameters);
        } catch (URISyntaxException | GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        CustomOcspResponder customOcspResponder = (CustomOcspResponder) obj;
        if (this.url != null) {
            if (!this.url.equals(customOcspResponder.url)) {
                return false;
            }
        } else if (customOcspResponder.url != null) {
            return false;
        }
        return this.certAlias != null ? this.certAlias.equals(customOcspResponder.certAlias) : customOcspResponder.certAlias == null;
    }

    public int hashCode() {
        return (31 * (this.url != null ? this.url.hashCode() : 0)) + (this.certAlias != null ? this.certAlias.hashCode() : 0);
    }
}
