package no.digipost.security.cert;

import java.util.Collections;
import java.util.EnumSet;
import java.util.Set;

/* loaded from: input_file:no/digipost/security/cert/CertificateValidatorConfig.class */
public class CertificateValidatorConfig {
    private final OcspSetting ocspSetting;
    private final Set<CertStatus> allowedOcspResults;
    final OcspSignatureValidator ocspSignatureValidator;
    final boolean ignoreCustomSigningCertificatesInOcspResponses;
    public static final CertificateValidatorConfig MOST_STRICT = new CertificateValidatorConfig(OcspSetting.OCSP_ACTIVATED, EnumSet.of(CertStatus.OK), OcspSignatureValidator.DEFAULT, false);
    private static final CertificateValidatorConfig MOST_STRICT_WITH_NO_OCSP = MOST_STRICT.withUnoptimized(OcspSetting.NO_OCSP);

    public boolean is(OcspSetting ocspSetting) {
        return this.ocspSetting == ocspSetting;
    }

    public boolean allowsOcspResult(CertStatus certStatus) {
        return this.allowedOcspResults.contains(certStatus);
    }

    private CertificateValidatorConfig(OcspSetting ocspSetting, Set<CertStatus> set, OcspSignatureValidator ocspSignatureValidator, boolean z) {
        this.ocspSetting = ocspSetting;
        this.allowedOcspResults = Collections.unmodifiableSet(set);
        this.ocspSignatureValidator = ocspSignatureValidator;
        this.ignoreCustomSigningCertificatesInOcspResponses = z;
    }

    public CertificateValidatorConfig with(OcspSetting ocspSetting) {
        return (this == MOST_STRICT && ocspSetting == OcspSetting.NO_OCSP) ? MOST_STRICT_WITH_NO_OCSP : withUnoptimized(ocspSetting);
    }

    private CertificateValidatorConfig withUnoptimized(OcspSetting ocspSetting) {
        return new CertificateValidatorConfig(ocspSetting, this.allowedOcspResults, this.ocspSignatureValidator, this.ignoreCustomSigningCertificatesInOcspResponses);
    }

    public CertificateValidatorConfig allowOcspResults(CertStatus... certStatusArr) {
        return new CertificateValidatorConfig(this.ocspSetting, EnumSet.of(CertStatus.OK, certStatusArr), this.ocspSignatureValidator, this.ignoreCustomSigningCertificatesInOcspResponses);
    }

    CertificateValidatorConfig validateOcspResponseSignatureUsing(OcspSignatureValidator ocspSignatureValidator) {
        return new CertificateValidatorConfig(this.ocspSetting, this.allowedOcspResults, ocspSignatureValidator, this.ignoreCustomSigningCertificatesInOcspResponses);
    }

    CertificateValidatorConfig ignoreCustomSigningCertificatesInOcspResponses() {
        return new CertificateValidatorConfig(this.ocspSetting, this.allowedOcspResults, this.ocspSignatureValidator, true);
    }
}
