package com.buildforge.services.common.ssl.core;

import com.buildforge.services.common.dbo.KeyStoreDBO;
import com.buildforge.services.common.dbo.MessageDBO;
import com.buildforge.services.common.dbo.UserDBO;
import com.buildforge.services.common.ssl.config.AbstractKeyStoreConfig;
import com.buildforge.services.common.ssl.config.SSLConfig;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:lib/com.ibm.rational.buildforge.services.client.java_7.1.3.4110010.jar:com/buildforge/services/common/ssl/core/BFX509TrustManager.class */
public final class BFX509TrustManager implements X509TrustManager {
    private static final Logger log = Logger.getLogger(BFX509TrustManager.class.getName());
    private KeyStore ts;
    private TrustManager[] tm;
    private SSLConfig config;

    public BFX509TrustManager(TrustManager[] trustManagerArr, SSLConfig sSLConfig, KeyStore keyStore) {
        this.ts = null;
        this.tm = null;
        this.config = null;
        this.tm = trustManagerArr;
        this.ts = keyStore;
        this.config = sSLConfig;
    }

    private AbstractKeyStoreConfig getKeyStoreConfig() throws KeyStoreException {
        return AbstractKeyStoreConfig.getInstance();
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            if (log.isLoggable(Level.FINE)) {
                for (int i = 0; i < x509CertificateArr.length; i++) {
                    log.log(Level.FINE, "chain[" + i + "]: " + x509CertificateArr[i].getSubjectDN());
                }
            }
            for (TrustManager trustManager : this.tm) {
                if (trustManager != null && (trustManager instanceof X509TrustManager)) {
                    if (log.isLoggable(Level.FINE)) {
                        log.log(Level.FINE, "Delegating to X509TrustManager: " + trustManager.getClass().getName());
                    }
                    ((X509TrustManager) trustManager).checkClientTrusted(x509CertificateArr, str);
                }
            }
        } catch (Throwable th) {
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, "Caught exception in checkClientTrusted.", th);
            }
            if (log.isLoggable(Level.WARNING)) {
                String message = th.getMessage();
                String obj = x509CertificateArr[0].getSubjectDN().toString();
                String str2 = null;
                try {
                    KeyStoreDBO keyStoreByUuid = getKeyStoreConfig().getKeyStoreByUuid(this.config.getTrustStoreId());
                    if (keyStoreByUuid != null) {
                        str2 = keyStoreByUuid.getLocation();
                    }
                } catch (KeyStoreException e) {
                    log.warning("Error loading keystores: " + e);
                }
                log.log(Level.WARNING, new MessageDBO(MessageDBO.Severity.WARNING, "SSLHandshakeFailed", obj, str2, this.config.getAlias(), message).translate());
            }
            if (th instanceof RuntimeException) {
                throw ((RuntimeException) th);
            }
            if (!(th instanceof CertificateException)) {
                throw new CertificateException(th);
            }
            throw ((CertificateException) th);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (log.isLoggable(Level.FINE)) {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                log.log(Level.FINE, "Certificate information:");
                log.log(Level.FINE, "  Subject DN: " + x509Certificate.getSubjectDN());
                log.log(Level.FINE, "  Issuer DN: " + x509Certificate.getIssuerDN());
                log.log(Level.FINE, "  Serial number: " + x509Certificate.getSerialNumber());
                log.log(Level.FINE, UserDBO.UID_SYSTEM);
            }
        }
        for (TrustManager trustManager : this.tm) {
            if (trustManager != null && (trustManager instanceof X509TrustManager)) {
                try {
                    if (log.isLoggable(Level.FINE)) {
                        log.fine("Delegating to X509TrustManager: " + trustManager.getClass().getName());
                    }
                    ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, str);
                } catch (CertificateException e) {
                    if (log.isLoggable(Level.FINE)) {
                        log.fine("Certificate Exception occurred: " + e.getMessage());
                    }
                    if (log.isLoggable(Level.WARNING)) {
                        String message = e.getMessage();
                        String obj = x509CertificateArr[0].getSubjectDN().toString();
                        String str2 = null;
                        try {
                            KeyStoreDBO keyStoreByUuid = getKeyStoreConfig().getKeyStoreByUuid(this.config.getTrustStoreId());
                            if (keyStoreByUuid != null) {
                                str2 = keyStoreByUuid.getLocation();
                            }
                        } catch (KeyStoreException e2) {
                            log.warning("Error loading keystores: " + e2);
                        }
                        log.warning(new MessageDBO(MessageDBO.Severity.WARNING, "SSLHandshakeFailed", obj, str2, this.config.getAlias(), message).translate());
                    }
                    throw e;
                }
            }
        }
        log.fine("Server is trusted by all X509TrustManagers.");
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        ArrayList arrayList = new ArrayList();
        for (TrustManager trustManager : this.tm) {
            if (trustManager instanceof X509TrustManager) {
                if (log.isLoggable(Level.FINE)) {
                    log.log(Level.FINE, "Delegating to X509TrustManager: " + trustManager.getClass().getName());
                }
                X509Certificate[] acceptedIssuers = ((X509TrustManager) trustManager).getAcceptedIssuers();
                if (acceptedIssuers != null) {
                    for (int i = 0; i < acceptedIssuers.length; i++) {
                        if (!arrayList.contains(acceptedIssuers[i])) {
                            arrayList.add(acceptedIssuers[i]);
                        }
                    }
                }
            }
        }
        if (arrayList.size() > 0) {
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        }
        return null;
    }
}
