package net.sourceforge.jnlp.security;

import com.sun.net.ssl.internal.ssl.X509ExtendedTrustManager;
import java.security.AccessController;
import java.security.KeyStore;
import java.security.PrivilegedAction;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import net.sourceforge.jnlp.runtime.JNLPRuntime;
import net.sourceforge.jnlp.security.SecurityDialogs;
import sun.security.util.HostnameChecker;
import sun.security.validator.ValidatorException;

/* loaded from: input_file:net/sourceforge/jnlp/security/VariableX509TrustManager.class */
public final class VariableX509TrustManager extends X509ExtendedTrustManager {
    private X509TrustManager[] caTrustManagers;
    private X509TrustManager[] certTrustManagers;
    private X509TrustManager[] clientTrustManagers;
    private ArrayList<Certificate> temporarilyTrusted = new ArrayList<>();
    private ArrayList<Certificate> temporarilyUntrusted = new ArrayList<>();
    private static VariableX509TrustManager instance = null;

    public VariableX509TrustManager() {
        this.caTrustManagers = null;
        this.certTrustManagers = null;
        this.clientTrustManagers = null;
        try {
            KeyStore[] certKeyStores = KeyStores.getCertKeyStores();
            this.certTrustManagers = new X509TrustManager[certKeyStores.length];
            for (int i = 0; i < certKeyStores.length; i++) {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509", "SunJSSE");
                trustManagerFactory.init(certKeyStores[i]);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                for (int i2 = 0; i2 < trustManagers.length; i2++) {
                    if (trustManagers[i2] instanceof X509TrustManager) {
                        this.certTrustManagers[i] = (X509TrustManager) trustManagers[i2];
                    }
                }
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        try {
            KeyStore[] cAKeyStores = KeyStores.getCAKeyStores();
            this.caTrustManagers = new X509TrustManager[cAKeyStores.length];
            for (int i3 = 0; i3 < this.caTrustManagers.length; i3++) {
                TrustManagerFactory trustManagerFactory2 = TrustManagerFactory.getInstance("SunX509", "SunJSSE");
                trustManagerFactory2.init(cAKeyStores[i3]);
                TrustManager[] trustManagers2 = trustManagerFactory2.getTrustManagers();
                for (int i4 = 0; i4 < trustManagers2.length; i4++) {
                    if (trustManagers2[i4] instanceof X509TrustManager) {
                        this.caTrustManagers[i3] = (X509TrustManager) trustManagers2[i4];
                    }
                }
            }
        } catch (Exception e2) {
            e2.printStackTrace();
        }
        try {
            KeyStore[] clientKeyStores = KeyStores.getClientKeyStores();
            this.clientTrustManagers = new X509TrustManager[clientKeyStores.length];
            for (int i5 = 0; i5 < this.clientTrustManagers.length; i5++) {
                TrustManagerFactory trustManagerFactory3 = TrustManagerFactory.getInstance("SunX509", "SunJSSE");
                trustManagerFactory3.init(clientKeyStores[i5]);
                TrustManager[] trustManagers3 = trustManagerFactory3.getTrustManagers();
                for (int i6 = 0; i6 < trustManagers3.length; i6++) {
                    if (trustManagers3[i6] instanceof X509TrustManager) {
                        this.clientTrustManagers[i5] = (X509TrustManager) trustManagers3[i6];
                    }
                }
            }
        } catch (Exception e3) {
            e3.printStackTrace();
        }
    }

    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, String str2, String str3) throws CertificateException {
        boolean z = false;
        ValidatorException validatorException = null;
        for (int i = 0; i < this.clientTrustManagers.length; i++) {
            try {
                this.clientTrustManagers[i].checkClientTrusted(x509CertificateArr, str);
                z = true;
                break;
            } catch (ValidatorException e) {
                validatorException = e;
            }
        }
        if (!z) {
            throw validatorException;
        }
    }

    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkClientTrusted(x509CertificateArr, str, null, null);
    }

    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, String str2, String str3) throws CertificateException {
        checkServerTrusted(x509CertificateArr, str, str2, false);
    }

    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkServerTrusted(x509CertificateArr, str, (String) null, (String) null);
    }

    public synchronized void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, String str2, boolean z) throws CertificateException {
        CertificateException certificateException = null;
        boolean z2 = true;
        boolean z3 = true;
        try {
            checkAllManagers(x509CertificateArr, str);
        } catch (CertificateException e) {
            z2 = false;
            certificateException = e;
        }
        if (!isExplicitlyTrusted(x509CertificateArr, str)) {
            if (str2 == null) {
                z3 = false;
            } else {
                try {
                    HostnameChecker.getInstance((byte) 1).match(str2, x509CertificateArr[0]);
                } catch (CertificateException e2) {
                    z3 = false;
                    certificateException = e2;
                }
            }
        }
        if (z2 && z3) {
            return;
        }
        if (z) {
            throw certificateException;
        }
        if (!isTemporarilyUntrusted(x509CertificateArr[0])) {
            if (askUser(x509CertificateArr, str, z2, z3, str2)) {
                temporarilyTrust(x509CertificateArr[0]);
            } else {
                temporarilyUntrust(x509CertificateArr[0]);
            }
        }
        checkAllManagers(x509CertificateArr, str);
    }

    private void checkAllManagers(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        boolean z = false;
        ValidatorException validatorException = null;
        for (int i = 0; i < this.caTrustManagers.length; i++) {
            try {
                this.caTrustManagers[i].checkServerTrusted(x509CertificateArr, str);
                z = true;
                break;
            } catch (ValidatorException e) {
                validatorException = e;
            }
        }
        if (z) {
            return;
        }
        for (int i2 = 0; i2 < this.certTrustManagers.length; i2++) {
            try {
                this.certTrustManagers[i2].checkServerTrusted(x509CertificateArr, str);
                z = true;
                break;
            } catch (ValidatorException e2) {
                validatorException = e2;
            }
        }
        if (z || this.temporarilyTrusted.contains(x509CertificateArr[0])) {
            return;
        }
        if (validatorException != null) {
            throw validatorException;
        }
        throw new ValidatorException(ValidatorException.T_SIGNATURE_ERROR, x509CertificateArr[0]);
    }

    private boolean isExplicitlyTrusted(X509Certificate[] x509CertificateArr, String str) {
        boolean z = false;
        int i = 0;
        while (true) {
            if (i >= this.certTrustManagers.length) {
                break;
            }
            try {
                this.certTrustManagers[i].checkServerTrusted(x509CertificateArr, str);
                z = true;
                break;
            } catch (CertificateException e) {
            } catch (ValidatorException e2) {
                if (this.temporarilyTrusted.contains(x509CertificateArr[0])) {
                    z = true;
                    break;
                }
            }
            i++;
        }
        return z;
    }

    public X509Certificate[] getAcceptedIssuers() {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < this.caTrustManagers.length; i++) {
            arrayList.addAll(Arrays.asList(this.caTrustManagers[i].getAcceptedIssuers()));
        }
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
    }

    private void temporarilyUntrust(Certificate certificate) {
        this.temporarilyUntrusted.add(certificate);
    }

    private boolean isTemporarilyUntrusted(Certificate certificate) {
        return this.temporarilyUntrusted.contains(certificate);
    }

    private void temporarilyTrust(Certificate certificate) {
        this.temporarilyTrusted.add(certificate);
    }

    private boolean askUser(final X509Certificate[] x509CertificateArr, final String str, final boolean z, final boolean z2, final String str2) {
        if (JNLPRuntime.isTrustAll()) {
            return true;
        }
        return ((Boolean) AccessController.doPrivileged(new PrivilegedAction<Boolean>() { // from class: net.sourceforge.jnlp.security.VariableX509TrustManager.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Boolean run() {
                return Boolean.valueOf(SecurityDialogs.showCertWarningDialog(SecurityDialogs.AccessType.UNVERIFIED, null, new HttpsCertVerifier(this, x509CertificateArr, str, z, z2, str2)));
            }
        })).booleanValue();
    }

    public static VariableX509TrustManager getInstance() {
        if (instance == null) {
            instance = new VariableX509TrustManager();
        }
        return instance;
    }
}
