package net.sourceforge.jnlp.security;

import java.lang.reflect.InvocationTargetException;
import java.net.Socket;
import java.security.AccessController;
import java.security.KeyStore;
import java.security.PrivilegedAction;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import net.sourceforge.jnlp.security.SecurityDialogs;
import net.sourceforge.jnlp.security.dialogresults.BasicDialogValue;
import net.sourceforge.jnlp.security.dialogresults.YesNoSandbox;
import net.sourceforge.jnlp.util.logging.OutputController;
import sun.security.util.HostnameChecker;
import sun.security.validator.ValidatorException;

/* loaded from: input_file:net/sourceforge/jnlp/security/VariableX509TrustManager.class */
public final class VariableX509TrustManager {
    private X509TrustManager[] caTrustManagers;
    private X509TrustManager[] certTrustManagers;
    private X509TrustManager[] clientTrustManagers;
    private ArrayList<Certificate> temporarilyTrusted = new ArrayList<>();
    private ArrayList<Certificate> temporarilyUntrusted = new ArrayList<>();
    private static VariableX509TrustManager instance = null;

    public VariableX509TrustManager() {
        this.caTrustManagers = null;
        this.certTrustManagers = null;
        this.clientTrustManagers = null;
        try {
            KeyStore[] certKeyStores = KeyStores.getCertKeyStores();
            this.certTrustManagers = new X509TrustManager[certKeyStores.length];
            for (int i = 0; i < certKeyStores.length; i++) {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509", "SunJSSE");
                trustManagerFactory.init(certKeyStores[i]);
                for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                    if (trustManager instanceof X509TrustManager) {
                        this.certTrustManagers[i] = (X509TrustManager) trustManager;
                    }
                }
            }
        } catch (Exception e) {
            OutputController.getLogger().log(OutputController.Level.ERROR_ALL, (Throwable) e);
        }
        try {
            KeyStore[] cAKeyStores = KeyStores.getCAKeyStores();
            this.caTrustManagers = new X509TrustManager[cAKeyStores.length];
            for (int i2 = 0; i2 < this.caTrustManagers.length; i2++) {
                TrustManagerFactory trustManagerFactory2 = TrustManagerFactory.getInstance("SunX509", "SunJSSE");
                trustManagerFactory2.init(cAKeyStores[i2]);
                for (TrustManager trustManager2 : trustManagerFactory2.getTrustManagers()) {
                    if (trustManager2 instanceof X509TrustManager) {
                        this.caTrustManagers[i2] = (X509TrustManager) trustManager2;
                    }
                }
            }
        } catch (Exception e2) {
            OutputController.getLogger().log(OutputController.Level.ERROR_ALL, (Throwable) e2);
        }
        try {
            KeyStore[] clientKeyStores = KeyStores.getClientKeyStores();
            this.clientTrustManagers = new X509TrustManager[clientKeyStores.length];
            for (int i3 = 0; i3 < this.clientTrustManagers.length; i3++) {
                TrustManagerFactory trustManagerFactory3 = TrustManagerFactory.getInstance("SunX509", "SunJSSE");
                trustManagerFactory3.init(clientKeyStores[i3]);
                for (TrustManager trustManager3 : trustManagerFactory3.getTrustManagers()) {
                    if (trustManager3 instanceof X509TrustManager) {
                        this.clientTrustManagers[i3] = (X509TrustManager) trustManager3;
                    }
                }
            }
        } catch (Exception e3) {
            OutputController.getLogger().log(OutputController.Level.ERROR_ALL, (Throwable) e3);
        }
    }

    public void checkTrustClient(X509Certificate[] x509CertificateArr, String str, String str2) throws CertificateException {
        boolean z = false;
        ValidatorException validatorException = null;
        for (X509TrustManager x509TrustManager : this.clientTrustManagers) {
            try {
                x509TrustManager.checkClientTrusted(x509CertificateArr, str);
                z = true;
                break;
            } catch (ValidatorException e) {
                validatorException = e;
            }
        }
        if (!z) {
            throw validatorException;
        }
    }

    public synchronized void checkTrustServer(X509Certificate[] x509CertificateArr, String str, String str2, SSLSocket sSLSocket, SSLEngine sSLEngine) throws CertificateException {
        CertificateException certificateException = null;
        boolean z = true;
        boolean z2 = false;
        try {
            checkAllManagers(x509CertificateArr, str, sSLSocket, sSLEngine);
        } catch (CertificateException e) {
            z = false;
            certificateException = e;
        }
        if (isExplicitlyTrusted(x509CertificateArr, str)) {
            return;
        }
        if (str2 != null) {
            try {
                HostnameChecker.getInstance((byte) 1).match(str2, x509CertificateArr[0]);
                z2 = true;
            } catch (CertificateException e2) {
                certificateException = e2;
            }
        }
        if (z && z2) {
            return;
        }
        if (!isTemporarilyUntrusted(x509CertificateArr[0])) {
            if (askUser(x509CertificateArr, str, z, z2, str2)) {
                temporarilyTrust(x509CertificateArr[0]);
                return;
            }
            temporarilyUntrust(x509CertificateArr[0]);
        }
        throw certificateException;
    }

    private void checkAllManagers(X509Certificate[] x509CertificateArr, String str, Socket socket, SSLEngine sSLEngine) throws CertificateException {
        boolean z = false;
        ValidatorException validatorException = null;
        for (X509TrustManager x509TrustManager : this.caTrustManagers) {
            try {
                if (socket == null && sSLEngine == null) {
                    x509TrustManager.checkServerTrusted(x509CertificateArr, str);
                } else {
                    try {
                        Class<?> cls = Class.forName("javax.net.ssl.X509ExtendedTrustManager");
                        if (sSLEngine == null) {
                            cls.getDeclaredMethod("checkServerTrusted", X509Certificate[].class, String.class, Socket.class).invoke(x509TrustManager, x509CertificateArr, str, socket);
                        } else {
                            cls.getDeclaredMethod("checkServerTrusted", X509Certificate[].class, String.class, SSLEngine.class).invoke(x509TrustManager, x509CertificateArr, str, sSLEngine);
                        }
                    } catch (ClassNotFoundException | IllegalAccessException | NoSuchMethodException | InvocationTargetException e) {
                        throw new ValidatorException(e.getMessage());
                    }
                }
                z = true;
                break;
            } catch (ValidatorException e2) {
                validatorException = e2;
            }
        }
        if (z) {
            return;
        }
        for (X509TrustManager x509TrustManager2 : this.certTrustManagers) {
            try {
                x509TrustManager2.checkServerTrusted(x509CertificateArr, str);
                z = true;
                break;
            } catch (ValidatorException e3) {
                validatorException = e3;
            }
        }
        if (z || this.temporarilyTrusted.contains(x509CertificateArr[0])) {
            return;
        }
        if (validatorException != null) {
            throw validatorException;
        }
        throw new ValidatorException(ValidatorException.T_SIGNATURE_ERROR, x509CertificateArr[0]);
    }

    private boolean isExplicitlyTrusted(X509Certificate[] x509CertificateArr, String str) {
        boolean z = false;
        X509TrustManager[] x509TrustManagerArr = this.certTrustManagers;
        int length = x509TrustManagerArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            try {
                x509TrustManagerArr[i].checkServerTrusted(x509CertificateArr, str);
                z = true;
                break;
            } catch (ValidatorException e) {
                if (this.temporarilyTrusted.contains(x509CertificateArr[0])) {
                    z = true;
                    break;
                }
            } catch (CertificateException e2) {
            }
            i++;
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public X509Certificate[] getAcceptedIssuers() {
        ArrayList arrayList = new ArrayList();
        for (X509TrustManager x509TrustManager : this.caTrustManagers) {
            arrayList.addAll(Arrays.asList(x509TrustManager.getAcceptedIssuers()));
        }
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
    }

    private void temporarilyUntrust(Certificate certificate) {
        this.temporarilyUntrusted.add(certificate);
    }

    private boolean isTemporarilyUntrusted(Certificate certificate) {
        return this.temporarilyUntrusted.contains(certificate);
    }

    private void temporarilyTrust(Certificate certificate) {
        this.temporarilyTrusted.add(certificate);
    }

    private boolean askUser(final X509Certificate[] x509CertificateArr, final String str, final boolean z, final boolean z2, final String str2) {
        return ((Boolean) AccessController.doPrivileged(new PrivilegedAction<Boolean>() { // from class: net.sourceforge.jnlp.security.VariableX509TrustManager.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Boolean run() {
                YesNoSandbox showCertWarningDialog = SecurityDialogs.showCertWarningDialog(SecurityDialogs.AccessType.UNVERIFIED, null, new HttpsCertVerifier(x509CertificateArr, str, z, z2, str2), null);
                if (showCertWarningDialog == null) {
                    return false;
                }
                return Boolean.valueOf(showCertWarningDialog.compareValue(BasicDialogValue.Primitive.YES));
            }
        })).booleanValue();
    }

    public static VariableX509TrustManager getInstance() {
        if (instance == null) {
            instance = new VariableX509TrustManager();
        }
        return instance;
    }
}
