package com.ibm.debug.pdt.engine.internal.dt;

import com.ibm.debug.pdt.internal.ui.PICLUtils;
import java.net.Socket;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import org.eclipse.dstore.core.util.ssl.DStoreKeyStore;
import org.eclipse.dstore.core.util.ssl.IDataStoreTrustManager;

/* loaded from: input_file:com/ibm/debug/pdt/engine/internal/dt/DebugTrustManager.class */
public class DebugTrustManager extends X509ExtendedTrustManager implements IDataStoreTrustManager {
    private X509ExtendedTrustManager fPKIXTrustManager;
    private KeyStore fKeyStore;
    private List<Certificate> fUntrustedCertificates = new ArrayList();

    public void setKeystore(String str, String str2) {
        try {
            this.fKeyStore = DStoreKeyStore.getKeyStore(str, str2);
            if (this.fKeyStore != null) {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
                trustManagerFactory.init(this.fKeyStore);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                int i = 0;
                while (true) {
                    if (i >= trustManagers.length) {
                        break;
                    }
                    if (trustManagers[i] instanceof X509ExtendedTrustManager) {
                        this.fPKIXTrustManager = (X509ExtendedTrustManager) trustManagers[i];
                        break;
                    }
                    i++;
                }
            }
            if (this.fPKIXTrustManager == null) {
                DTPortForwarderLog.log(4, "Cannot find a PKIX trust manager");
            }
        } catch (Exception e) {
            PICLUtils.logError(e);
        }
    }

    public List<Certificate> getUntrustedCerts() {
        return this.fUntrustedCertificates;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (this.fPKIXTrustManager == null) {
            throw new CertificateException();
        }
        try {
            this.fPKIXTrustManager.checkClientTrusted(x509CertificateArr, str);
        } catch (Exception e) {
            computeUntrustedCertificates(x509CertificateArr);
            throw e;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (this.fPKIXTrustManager == null) {
            throw new CertificateException();
        }
        try {
            this.fPKIXTrustManager.checkServerTrusted(x509CertificateArr, str);
        } catch (Exception e) {
            computeUntrustedCertificates(x509CertificateArr);
            throw e;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        if (this.fPKIXTrustManager == null) {
            throw new CertificateException();
        }
        try {
            this.fPKIXTrustManager.checkClientTrusted(x509CertificateArr, str, socket);
        } catch (Exception e) {
            computeUntrustedCertificates(x509CertificateArr);
            throw e;
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        if (this.fPKIXTrustManager == null) {
            throw new CertificateException();
        }
        try {
            this.fPKIXTrustManager.checkClientTrusted(x509CertificateArr, str, sSLEngine);
        } catch (Exception e) {
            computeUntrustedCertificates(x509CertificateArr);
            throw e;
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        if (this.fPKIXTrustManager == null) {
            throw new CertificateException();
        }
        try {
            this.fPKIXTrustManager.checkServerTrusted(x509CertificateArr, str, socket);
        } catch (Exception e) {
            computeUntrustedCertificates(x509CertificateArr);
            throw e;
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        if (this.fPKIXTrustManager == null) {
            throw new CertificateException();
        }
        try {
            this.fPKIXTrustManager.checkServerTrusted(x509CertificateArr, str, sSLEngine);
        } catch (Exception e) {
            computeUntrustedCertificates(x509CertificateArr);
            throw e;
        }
    }

    private void computeUntrustedCertificates(X509Certificate[] x509CertificateArr) {
        this.fUntrustedCertificates.clear();
        ArrayList arrayList = new ArrayList();
        try {
            Enumeration<String> aliases = this.fKeyStore.aliases();
            while (aliases.hasMoreElements()) {
                Certificate certificate = this.fKeyStore.getCertificate(aliases.nextElement());
                if (certificate instanceof X509Certificate) {
                    arrayList.add((X509Certificate) certificate);
                }
            }
        } catch (KeyStoreException e) {
            PICLUtils.logError(e);
        }
        for (X509Certificate x509Certificate : x509CertificateArr) {
            boolean z = false;
            for (int i = 0; i < arrayList.size() && !z; i++) {
                X509Certificate x509Certificate2 = (X509Certificate) arrayList.get(i);
                if (x509Certificate == x509Certificate2) {
                    z = true;
                } else {
                    try {
                        x509Certificate.verify(x509Certificate2.getPublicKey());
                        z = x509Certificate.getEncoded().length == x509Certificate2.getEncoded().length;
                    } catch (Throwable th) {
                    }
                }
            }
            if (!z) {
                this.fUntrustedCertificates.add(x509Certificate);
            }
        }
    }
}
