package org.apache.directory.fortress.core.ldap;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.Serializable;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.directory.fortress.core.CfgRuntimeException;
import org.apache.directory.fortress.core.GlobalIds;
import org.apache.directory.fortress.core.util.Config;
import org.apache.directory.fortress.core.util.ResourceUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/fortress-core-3.0.0.jar:org/apache/directory/fortress/core/ldap/LdapClientTrustStoreManager.class */
public final class LdapClientTrustStoreManager implements X509TrustManager, Serializable {
    private static final long serialVersionUID = 1;
    private static final String CLS_NM = LdapClientTrustStoreManager.class.getName();
    private static final Logger LOG = LoggerFactory.getLogger(CLS_NM);
    private final boolean isExamineValidityDates;
    private final char[] trustStorePw;
    private final String trustStoreFile;
    private final String trustStoreFormat;

    public LdapClientTrustStoreManager(String str, char[] cArr, String str2, boolean z) {
        if (str == null) {
            throw new CfgRuntimeException(136, "LdapClientTrustStoreManager constructor : input file name is null");
        }
        this.trustStoreFile = str;
        this.trustStorePw = (char[]) cArr.clone();
        this.isExamineValidityDates = z;
        if (str2 == null) {
            this.trustStoreFormat = KeyStore.getDefaultType();
        } else {
            this.trustStoreFormat = str2;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public synchronized void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        for (X509TrustManager x509TrustManager : getTrustManagers(x509CertificateArr)) {
            x509TrustManager.checkClientTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public synchronized void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        for (X509TrustManager x509TrustManager : getTrustManagers(x509CertificateArr)) {
            x509TrustManager.checkServerTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public synchronized X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }

    private synchronized X509TrustManager[] getTrustManagers(X509Certificate[] x509CertificateArr) throws CertificateException {
        if (Config.getInstance().getBoolean(GlobalIds.TRUST_STORE_ON_CLASSPATH, true)) {
            LOG.debug(CLS_NM + ".getTrustManager on classpath");
            return getTrustManagersOnClasspath(x509CertificateArr);
        }
        LOG.debug(CLS_NM + ".getTrustManager on filepath");
        return getTrustManagersOnFilepath(x509CertificateArr);
    }

    private synchronized X509TrustManager[] getTrustManagersOnClasspath(X509Certificate[] x509CertificateArr) throws CertificateException {
        if (this.isExamineValidityDates) {
            Date date = new Date();
            for (X509Certificate x509Certificate : x509CertificateArr) {
                x509Certificate.checkValidity(date);
            }
        }
        InputStream trustStoreInputStream = getTrustStoreInputStream();
        if (trustStoreInputStream == null) {
            throw new CertificateException("LdapClientTrustStoreManager.getTrustManagers : file not found");
        }
        try {
            trustStoreInputStream.close();
        } catch (IOException e) {
            LOG.warn("LdapClientTrustStoreManager.getTrustManagers on input stream close operation caught IOException={}", e.getMessage());
        }
        return loadTrustManagers(getTrustStore());
    }

    private synchronized X509TrustManager[] getTrustManagersOnFilepath(X509Certificate[] x509CertificateArr) throws CertificateException {
        if (this.isExamineValidityDates) {
            Date date = new Date();
            for (X509Certificate x509Certificate : x509CertificateArr) {
                x509Certificate.checkValidity(date);
            }
        }
        if (new File(this.trustStoreFile).exists()) {
            return loadTrustManagers(getTrustStore());
        }
        throw new CertificateException("FortressTrustStoreManager.getTrustManagers : file not found");
    }

    private X509TrustManager[] loadTrustManagers(KeyStore keyStore) throws CertificateException {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            X509TrustManager[] x509TrustManagerArr = new X509TrustManager[trustManagers.length];
            for (int i = 0; i < trustManagers.length; i++) {
                x509TrustManagerArr[i] = (X509TrustManager) trustManagers[i];
            }
            return x509TrustManagerArr;
        } catch (KeyStoreException e) {
            throw new CertificateException("LdapClientTrustStoreManager.loadTrustManagers caught KeyStoreException", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new CertificateException("LdapClientTrustStoreManager.loadTrustManagers caught NoSuchAlgorithmException", e2);
        }
    }

    private KeyStore getTrustStore() throws CertificateException {
        try {
            KeyStore keyStore = KeyStore.getInstance(this.trustStoreFormat);
            InputStream inputStream = null;
            try {
                try {
                    inputStream = getTrustStoreInputStream();
                    keyStore.load(inputStream, this.trustStorePw);
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (IOException e) {
                            LOG.warn("LdapClientTrustStoreManager.getTrustStore finally block on input stream close operation caught IOException={}", e.getMessage());
                        }
                    }
                    return keyStore;
                } catch (IOException e2) {
                    throw new CertificateException("LdapClientTrustStoreManager.getTrustManagers caught KeyStoreException", e2);
                } catch (NoSuchAlgorithmException e3) {
                    throw new CertificateException("LdapClientTrustStoreManager.getTrustManagers caught NoSuchAlgorithmException", e3);
                }
            } catch (Throwable th) {
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e4) {
                        LOG.warn("LdapClientTrustStoreManager.getTrustStore finally block on input stream close operation caught IOException={}", e4.getMessage());
                    }
                }
                throw th;
            }
        } catch (KeyStoreException e5) {
            throw new CertificateException("LdapClientTrustStoreManager.getTrustManagers caught KeyStoreException", e5);
        }
    }

    private InputStream getTrustStoreInputStream() throws CertificateException {
        InputStream inputStream = ResourceUtil.getInputStream(this.trustStoreFile);
        if (null == inputStream) {
            throw new CertificateException("LdapClientTrustStoreManager.getTrustStoreInputStream file does not exist on fortress classpath");
        }
        return inputStream;
    }
}
