package no.digipost.security.cert;

import java.security.GeneralSecurityException;
import java.security.cert.CertPath;
import java.security.cert.X509Certificate;
import java.util.Optional;
import java.util.function.Predicate;
import no.digipost.security.DigipostSecurity;
import no.digipost.security.DigipostSecurityException;
import no.digipost.security.InvalidState;

/* loaded from: input_file:no/digipost/security/cert/ReviewedCertPath.class */
public final class ReviewedCertPath {
    private final Optional<CertPath> path;
    private final Predicate<CertPath> isTrusted;
    public final Optional<GeneralSecurityException> exception;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ReviewedCertPath(CertPath certPath, Predicate<CertPath> predicate) {
        this(Optional.of(certPath), predicate, Optional.empty());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ReviewedCertPath(GeneralSecurityException generalSecurityException) {
        this(Optional.empty(), certPath -> {
            return false;
        }, Optional.of(generalSecurityException));
    }

    private ReviewedCertPath(Optional<CertPath> optional, Predicate<CertPath> predicate, Optional<GeneralSecurityException> optional2) {
        this.path = optional;
        this.isTrusted = predicate;
        this.exception = optional2;
    }

    public CertPath getPath() {
        return this.path.orElseThrow(() -> {
            return (DigipostSecurityException) this.exception.map((v1) -> {
                return new DigipostSecurityException(v1);
            }).orElseGet(() -> {
                return new DigipostSecurityException("no certpath or exception");
            });
        });
    }

    public boolean isTrusted() {
        return this.path.filter(this.isTrusted).isPresent();
    }

    public CertPath getTrustedPath() {
        CertPath path = getPath();
        if (isTrusted()) {
            return path;
        }
        throw new Untrusted(path, this.exception.orElse(null));
    }

    public TrustedCertificateAndIssuer getTrustedCertificateAndIssuer() {
        CertPath trustedPath = getTrustedPath();
        X509Certificate orElseThrow = DigipostSecurity.asStream(trustedPath).findFirst().orElseThrow(() -> {
            return new InvalidState("No certificate found at all in supposedly trusted CertPath!", trustedPath);
        });
        return new TrustedCertificateAndIssuer(orElseThrow, DigipostSecurity.asStream(trustedPath).skip(1L).findFirst().orElseThrow(() -> {
            return new InvalidState("No issuer found for supposedly trusted certificate", orElseThrow);
        }));
    }

    public String toString() {
        return (isTrusted() ? "Trusted: " : "Untrusted: ") + ((String) this.path.map(DigipostSecurity::describe).orElse(this.exception.map(generalSecurityException -> {
            return generalSecurityException.getClass().getSimpleName() + ": '" + generalSecurityException.getMessage() + "'";
        }).orElse("No certpath or exception")));
    }
}
