package org.globus.tools.ui.config;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.cert.X509Certificate;
import org.globus.gsi.CertUtil;

/* loaded from: input_file:WEB-INF/lib/cog-jglobus-4.0.4.jar:org/globus/tools/ui/config/Configure.class */
public class Configure {
    public static X509Certificate loadAndVerifyCertificate(String str) throws Exception {
        X509Certificate x509Certificate = null;
        String str2 = null;
        try {
            x509Certificate = CertUtil.loadCertificate(str);
            x509Certificate.checkValidity();
        } catch (IOException e) {
            str2 = new StringBuffer().append("Unable to load certificate : ").append(e.getMessage()).toString();
        } catch (GeneralSecurityException e2) {
            str2 = new StringBuffer().append("Invalid certificate : ").append(e2.getMessage()).toString();
        }
        if (str2 != null) {
            throw new Exception(str2);
        }
        return x509Certificate;
    }

    public static X509Certificate verifyUserCertificate(String str) throws Exception {
        X509Certificate loadAndVerifyCertificate = loadAndVerifyCertificate(str);
        if (loadAndVerifyCertificate.getSubjectDN().equals(loadAndVerifyCertificate.getIssuerDN())) {
            throw new Exception("This is a self-signed certificate.");
        }
        return loadAndVerifyCertificate;
    }

    public static X509Certificate verifyCertWithCA(String str, X509Certificate x509Certificate) throws Exception {
        X509Certificate loadAndVerifyCertificate = loadAndVerifyCertificate(str);
        if (!loadAndVerifyCertificate.getSubjectDN().equals(loadAndVerifyCertificate.getIssuerDN())) {
            throw new Exception("This is NOT a self-signed certificate.");
        }
        try {
            x509Certificate.verify(loadAndVerifyCertificate.getPublicKey());
            return loadAndVerifyCertificate;
        } catch (GeneralSecurityException e) {
            throw new Exception(new StringBuffer().append("User certificate probably not signed by this CA : ").append(e.getMessage()).toString());
        }
    }
}
