package xdi2.client.http.ssl;

import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/xdi2-client-0.7.2.jar:xdi2/client/http/ssl/XDI2X509TrustManager.class */
public class XDI2X509TrustManager implements X509TrustManager {
    private static final Logger log = LoggerFactory.getLogger(XDI2X509TrustManager.class);
    private static List<X509TrustManager> tms;

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        CertificateException certificateException = null;
        RuntimeException runtimeException = null;
        for (X509TrustManager x509TrustManager : tms) {
            try {
                log.debug("Checking server certificate chain " + x509CertificateArr + " against " + x509TrustManager);
                x509TrustManager.checkClientTrusted(x509CertificateArr, str);
                return;
            } catch (RuntimeException e) {
                runtimeException = e;
            } catch (CertificateException e2) {
                certificateException = e2;
            }
        }
        if (certificateException != null) {
            throw certificateException;
        }
        if (runtimeException != null) {
            throw runtimeException;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        CertificateException certificateException = null;
        RuntimeException runtimeException = null;
        for (X509TrustManager x509TrustManager : tms) {
            try {
                log.debug("Checking server certificate chain " + x509CertificateArr + " against " + x509TrustManager);
                x509TrustManager.checkServerTrusted(x509CertificateArr, str);
                return;
            } catch (RuntimeException e) {
                runtimeException = e;
            } catch (CertificateException e2) {
                certificateException = e2;
            }
        }
        if (certificateException != null) {
            throw certificateException;
        }
        if (runtimeException != null) {
            throw runtimeException;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        ArrayList arrayList = new ArrayList();
        Iterator<X509TrustManager> it = tms.iterator();
        while (it.hasNext()) {
            arrayList.addAll(Arrays.asList(it.next().getAcceptedIssuers()));
        }
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
    }

    public static void enable() {
        try {
            tms = new ArrayList();
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init((KeyStore) null);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    tms.add((X509TrustManager) trustManager);
                }
            }
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(XDI2X509TrustManager.class.getResourceAsStream("cacerts.jks"), "changeit".toCharArray());
            TrustManagerFactory trustManagerFactory2 = TrustManagerFactory.getInstance("X509");
            trustManagerFactory2.init(keyStore);
            for (TrustManager trustManager2 : trustManagerFactory2.getTrustManagers()) {
                if (trustManager2 instanceof X509TrustManager) {
                    tms.add((X509TrustManager) trustManager2);
                }
            }
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(null, new TrustManager[]{new XDI2X509TrustManager()}, null);
            HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
        } catch (Exception e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }
}
