package com.ibm.ws.collective.utility.utils;

import com.ibm.websphere.security.wim.ConfigConstants;
import java.io.PrintStream;
import java.security.MessageDigest;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.abdera.util.Constants;

/* loaded from: input_file:wlp/lib/com.ibm.ws.collective.utility_1.0.10.jar:com/ibm/ws/collective/utility/utils/PromptX509TrustManager.class */
public class PromptX509TrustManager implements X509TrustManager {
    private final Logger logger = Logger.getLogger(PromptX509TrustManager.class.getCanonicalName());
    private final char[] HEX_CHARS = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
    private final ConsoleWrapper stdin;
    private final PrintStream stdout;
    private final TrustManager[] trustManagers;
    private final boolean autoAccept;
    private static Map<String, Boolean> answeredCertificates = new HashMap();

    static void clearAnsweredCertificates() {
        answeredCertificates.clear();
    }

    public PromptX509TrustManager(ConsoleWrapper consoleWrapper, PrintStream printStream, TrustManager[] trustManagerArr, boolean z) {
        this.stdin = consoleWrapper;
        this.stdout = printStream;
        this.trustManagers = trustManagerArr;
        this.autoAccept = z;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    }

    private String getMessage(String str, Object... objArr) {
        return CommandUtils.getMessage(str, objArr);
    }

    private String generateDigest(String str, X509Certificate x509Certificate) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str);
            messageDigest.update(x509Certificate.getEncoded());
            byte[] digest = messageDigest.digest();
            StringBuilder sb = new StringBuilder(3 * digest.length);
            sb.append(this.HEX_CHARS[(digest[0] >> 4) & 15]);
            sb.append(this.HEX_CHARS[(digest[0] % 16) & 15]);
            for (int i = 0 + 1; i < digest.length; i++) {
                sb.append(':');
                sb.append(this.HEX_CHARS[(digest[i] >> 4) & 15]);
                sb.append(this.HEX_CHARS[(digest[i] % 16) & 15]);
            }
            return sb.toString();
        } catch (Exception e) {
            return getMessage("sslTrust.genDigestError", str, e.getMessage());
        } catch (NoClassDefFoundError e2) {
            return getMessage("sslTrust.genDigestError", str, e2.getMessage());
        }
    }

    boolean isYes(String str) {
        String message = getMessage("yes.response.short", new Object[0]);
        String message2 = getMessage("yes.response.full", new Object[0]);
        return "y".equalsIgnoreCase(str) || Constants.YES.equalsIgnoreCase(str) || (message != null && message.length() > 0 && message.equalsIgnoreCase(str)) || (message2 != null && message2.length() > 0 && message2.equalsIgnoreCase(str));
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (this.logger.isLoggable(Level.FINE)) {
            this.logger.fine("Attempting to estalbish trust with target certificate chain:");
            for (int i = 0; i < x509CertificateArr.length; i++) {
                this.logger.fine("Certificate information [" + i + "]:");
                this.logger.fine("  Subject DN: " + x509CertificateArr[i].getSubjectDN());
                this.logger.fine("  Issuer DN: " + x509CertificateArr[i].getIssuerDN());
                this.logger.fine("  Serial number: " + x509CertificateArr[i].getSerialNumber());
                this.logger.fine("");
            }
        }
        if (this.trustManagers != null && this.trustManagers.length > 0) {
            for (int i2 = 0; i2 < this.trustManagers.length; i2++) {
                TrustManager trustManager = this.trustManagers[i2];
                if (trustManager instanceof X509TrustManager) {
                    try {
                        ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, str);
                        this.logger.fine("One of the default trust managers trusts the certificate, accepting...");
                        return;
                    } catch (CertificateException e) {
                    }
                }
            }
        }
        this.logger.fine("None of the default trust managers trusts the certificate...");
        StringBuilder sb = new StringBuilder();
        for (int i3 = 0; i3 < x509CertificateArr.length; i3++) {
            sb.append(generateDigest("MD5", x509CertificateArr[i3]));
            if (i3 < x509CertificateArr.length - 1) {
                sb.append(',');
            }
        }
        String sb2 = sb.toString();
        Boolean bool = answeredCertificates.get(sb2);
        if (bool != null) {
            if (!bool.booleanValue()) {
                throw new CertificateException(getMessage("sslTrust.rejectTrust", new Object[0]));
            }
            return;
        }
        if (this.autoAccept) {
            this.stdout.println();
            this.stdout.println(getMessage("sslTrust.autoAccept", x509CertificateArr[0].getSubjectDN()));
            this.stdout.println();
            answeredCertificates.put(sb2, Boolean.TRUE);
            return;
        }
        this.stdout.println();
        this.stdout.println(getMessage("sslTrust.noDefaultTrust", new Object[0]));
        this.stdout.println();
        this.stdout.println(getMessage("sslTrust.certInfo", new Object[0]));
        for (int i4 = 0; i4 < x509CertificateArr.length; i4++) {
            this.stdout.println(getMessage("sslTrust.cert", "[" + i4 + "]"));
            this.stdout.println(getMessage("sslTrust.certSubjectDN", x509CertificateArr[i4].getSubjectDN()));
            this.stdout.println(getMessage("sslTrust.certIssueDN", x509CertificateArr[i4].getIssuerDN()));
            this.stdout.println(getMessage("sslTrust.certSerial", x509CertificateArr[i4].getSerialNumber()));
            this.stdout.println(getMessage("sslTrust.certExpires", x509CertificateArr[i4].getNotAfter()));
            this.stdout.println(getMessage("sslTrust.certSHADigest", generateDigest(ConfigConstants.CONFIG_MDALGO_SHA1, x509CertificateArr[i4])));
            this.stdout.println(getMessage("sslTrust.certMD5Digest", generateDigest("MD5", x509CertificateArr[i4])));
            this.stdout.println();
        }
        if (!isYes(this.stdin.readText(getMessage("sslTrust.promptToAcceptTrust", new Object[0])))) {
            answeredCertificates.put(sb2, Boolean.FALSE);
            throw new CertificateException(getMessage("sslTrust.rejectTrust", new Object[0]));
        }
        answeredCertificates.put(sb2, Boolean.TRUE);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }
}
