package hk.hku.cecid.ebms.pkg.pki;

import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import org.apache.log4j.Logger;

/* loaded from: input_file:hermes2_bin.zip:plugins/corvus-ebms/ebxml-pkg.jar:hk/hku/cecid/ebms/pkg/pki/CertPathVerifier.class */
public class CertPathVerifier {
    protected static Logger logger = Logger.getLogger(CertPathVerifier.class);

    public static boolean verify(Certificate[] certificateArr, CompositeKeyStore compositeKeyStore) {
        try {
            CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX");
            X509CertSelector x509CertSelector = new X509CertSelector();
            for (Certificate certificate : certificateArr) {
                x509CertSelector.setSubject(((X509Certificate) certificate).getSubjectX500Principal().getEncoded());
            }
            KeyStore keyStore = compositeKeyStore.getKeyStore();
            if (keyStore == null) {
                logger.debug("trustAnchorsKS is null");
                return false;
            }
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, x509CertSelector);
            ArrayList arrayList = new ArrayList();
            for (Certificate certificate2 : certificateArr) {
                arrayList.add(certificate2);
            }
            pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters()));
            certPathBuilder.build(pKIXBuilderParameters).getCertPath();
            return true;
        } catch (IOException e) {
            logger.debug(ErrorMessages.getMessage(ErrorMessages.ERR_PKI_VERIFY_SIGNATURE_FAILED, e));
            return false;
        } catch (InvalidAlgorithmParameterException e2) {
            logger.debug(ErrorMessages.getMessage(ErrorMessages.ERR_PKI_VERIFY_SIGNATURE_FAILED, e2));
            return false;
        } catch (KeyStoreException e3) {
            logger.debug(ErrorMessages.getMessage(ErrorMessages.ERR_PKI_VERIFY_SIGNATURE_FAILED, e3));
            return false;
        } catch (NoSuchAlgorithmException e4) {
            logger.debug(ErrorMessages.getMessage(ErrorMessages.ERR_PKI_VERIFY_SIGNATURE_FAILED, e4));
            return false;
        } catch (CertPathBuilderException e5) {
            logger.debug(ErrorMessages.getMessage(ErrorMessages.ERR_PKI_VERIFY_SIGNATURE_FAILED, e5));
            return false;
        }
    }
}
