package com.ibm.systemz.db2.tuning.client;

import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
import org.apache.hc.client5.http.ssl.DefaultHostnameVerifier;
import org.apache.hc.core5.ssl.TrustStrategy;
import org.eclipse.dstore.core.util.ssl.DStoreKeyStore;
import org.eclipse.jface.dialogs.MessageDialogWithToggle;
import org.eclipse.jface.preference.IPreferenceStore;
import org.eclipse.rse.core.comm.ISystemKeystoreProvider;
import org.eclipse.rse.core.comm.SystemKeystoreProviderManager;
import org.eclipse.swt.widgets.Display;

/* loaded from: input_file:com/ibm/systemz/db2/tuning/client/TrustManager.class */
public class TrustManager implements TrustStrategy, HostnameVerifier {
    private KeyStore keyStore;
    private IPreferenceStore hostnameVerificationPreferenceStore;
    private String hostnameVerificationPreferenceId;
    private String connectionName;
    private DefaultHostnameVerifier hostnameVerifier = new DefaultHostnameVerifier();
    private boolean hostnameVerificationFailureShown = false;
    private List<Certificate> trustedCerts = new ArrayList();
    private List<Certificate> untrustedCerts = new ArrayList();
    private List<Exception> verifyExceptions = new ArrayList();

    public TrustManager(String str, IPreferenceStore iPreferenceStore, String str2) {
        this.connectionName = str;
        this.hostnameVerificationPreferenceStore = iPreferenceStore;
        this.hostnameVerificationPreferenceId = str2;
        loadTrustedCertificates();
    }

    public void loadTrustedCertificates() {
        this.trustedCerts.clear();
        try {
            ISystemKeystoreProvider defaultProvider = SystemKeystoreProviderManager.getInstance().getDefaultProvider();
            this.keyStore = DStoreKeyStore.getKeyStore(defaultProvider.getKeyStorePath(), defaultProvider.getKeyStorePassword());
            Enumeration<String> aliases = this.keyStore.aliases();
            while (aliases.hasMoreElements()) {
                this.trustedCerts.add(this.keyStore.getCertificate(aliases.nextElement()));
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public KeyStore getKeyStore() {
        return this.keyStore;
    }

    public List<Certificate> getUntrustedCerts() {
        return this.untrustedCerts;
    }

    public List<Exception> getVerifyExceptions() {
        return this.verifyExceptions;
    }

    public boolean isTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.untrustedCerts.clear();
        this.verifyExceptions.clear();
        for (int i = 0; i < x509CertificateArr.length; i++) {
            X509Certificate x509Certificate = x509CertificateArr[i];
            boolean z = false;
            Tracer.trace(getClass(), 3, "Verifying certificate " + i + ": " + getCertificateName(x509Certificate));
            if (this.trustedCerts.size() > 0) {
                for (int i2 = 0; i2 < this.trustedCerts.size(); i2++) {
                    X509Certificate x509Certificate2 = (X509Certificate) this.trustedCerts.get(i2);
                    try {
                        Tracer.trace(getClass(), 3, "\t verifying against " + getCertificateName(x509Certificate2));
                        if (x509Certificate2.equals(x509Certificate)) {
                            Tracer.trace(getClass(), 3, "\t\t Verification Success: certificates are identical");
                            z = true;
                        } else if (x509Certificate.getEncoded().length == x509Certificate2.getEncoded().length) {
                            Tracer.trace(getClass(), 3, "\t\t Signature lengths match");
                            x509Certificate.verify(x509Certificate2.getPublicKey());
                            Tracer.trace(getClass(), 3, "\t\t Verification Success: public key verified ");
                            z = true;
                        } else {
                            Tracer.trace(getClass(), 3, "\t\t Verification Failure: Signature lengths do not match");
                        }
                    } catch (Exception e) {
                        Tracer.trace(getClass(), 3, "\t\t Verification Failure: " + e.getMessage());
                    }
                }
            }
            if (!z) {
                Tracer.trace(getClass(), 3, "Found untrusted certificate: " + x509Certificate.getSubjectX500Principal().getName());
                this.untrustedCerts.add(x509Certificate);
            }
        }
        if (this.trustedCerts.size() == 0 || this.untrustedCerts.size() > 0) {
            throw new CertificateException();
        }
        return true;
    }

    private String getCertificateName(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectX500Principal() != null ? x509Certificate.getSubjectX500Principal().getName() : x509Certificate.toString();
    }

    @Override // javax.net.ssl.HostnameVerifier
    public boolean verify(final String str, SSLSession sSLSession) {
        if (this.hostnameVerifier.verify(str, sSLSession) || this.hostnameVerificationFailureShown) {
            return true;
        }
        this.hostnameVerificationFailureShown = true;
        final Display display = Display.getCurrent() == null ? Display.getDefault() : Display.getCurrent();
        display.asyncExec(new Runnable() { // from class: com.ibm.systemz.db2.tuning.client.TrustManager.1
            @Override // java.lang.Runnable
            public void run() {
                boolean z = TrustManager.this.hostnameVerificationPreferenceStore.contains(TrustManager.this.hostnameVerificationPreferenceId) && "always".equals(TrustManager.this.hostnameVerificationPreferenceStore.getString(TrustManager.this.hostnameVerificationPreferenceId));
                if (z) {
                    return;
                }
                MessageDialogWithToggle.openWarning(display.getActiveShell(), Messages.TrustManager_failedHostnameValidationTitle, MessageFormat.format(Messages.TrustManager_failedHostnameValidationMessage, TrustManager.this.connectionName, str), Messages.TrustManager_failedHostnameValidationToggle, z, TrustManager.this.hostnameVerificationPreferenceStore, TrustManager.this.hostnameVerificationPreferenceId);
            }
        });
        return true;
    }
}
