package sun.plugin.security;

import java.security.AccessController;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import sun.plugin.util.PluginSysAction;
import sun.plugin.util.PluginSysUtil;
import sun.plugin.util.Trace;

/* loaded from: input_file:rcp/eclipse/plugins/com.ibm.rcp.j2se.win32.x86_1.4.2.SR2/jre/lib/plugin.jar:sun/plugin/security/X509PluginTrustManager.class */
public final class X509PluginTrustManager implements X509TrustManager {
    private X509TrustManager trustManager;
    private static CertificateStore rootStore;
    private static CertificateStore httpsRootStore;
    private static CertificateStore permanentStore;
    private static CertificateStore sessionStore;
    private static CertificateStore deniedStore;
    static final boolean $assertionsDisabled;
    static Class class$sun$plugin$security$X509PluginTrustManager;

    /* renamed from: sun.plugin.security.X509PluginTrustManager$1, reason: invalid class name */
    /* loaded from: input_file:rcp/eclipse/plugins/com.ibm.rcp.j2se.win32.x86_1.4.2.SR2/jre/lib/plugin.jar:sun/plugin/security/X509PluginTrustManager$1.class */
    class AnonymousClass1 implements PrivilegedExceptionAction {
        private final X509Certificate[] val$chain;
        private final boolean val$theRootCANotValid;
        private final boolean val$theTimeNotValid;
        private final X509PluginTrustManager this$0;

        AnonymousClass1(X509PluginTrustManager x509PluginTrustManager, X509Certificate[] x509CertificateArr, boolean z, boolean z2) throws Exception {
            this.this$0 = x509PluginTrustManager;
            this.val$chain = x509CertificateArr;
            this.val$theRootCANotValid = z;
            this.val$theTimeNotValid = z2;
        }

        @Override // java.security.PrivilegedExceptionAction
        public Object run() throws Exception {
            return PluginSysUtil.execute(new PluginSysAction(this) { // from class: sun.plugin.security.X509PluginTrustManager.2
                private final AnonymousClass1 this$1;

                {
                    this.this$1 = this;
                }

                @Override // sun.plugin.util.PluginSysAction
                public Object execute() throws Exception {
                    TrustDeciderDialog trustDeciderDialog = new TrustDeciderDialog(this.this$1.val$chain, 0, this.this$1.val$chain.length, this.this$1.val$theRootCANotValid, this.this$1.val$theTimeNotValid);
                    trustDeciderDialog.setHttpsDialog(true);
                    return new Integer(trustDeciderDialog.DoModal());
                }
            });
        }
    }

    /* renamed from: sun.plugin.security.X509PluginTrustManager$3, reason: invalid class name */
    /* loaded from: input_file:rcp/eclipse/plugins/com.ibm.rcp.j2se.win32.x86_1.4.2.SR2/jre/lib/plugin.jar:sun/plugin/security/X509PluginTrustManager$3.class */
    class AnonymousClass3 implements PrivilegedExceptionAction {
        private final X509Certificate[] val$chain;
        private final boolean val$theRootCANotValid;
        private final boolean val$theTimeNotValid;
        private final X509PluginTrustManager this$0;

        AnonymousClass3(X509PluginTrustManager x509PluginTrustManager, X509Certificate[] x509CertificateArr, boolean z, boolean z2) throws Exception {
            this.this$0 = x509PluginTrustManager;
            this.val$chain = x509CertificateArr;
            this.val$theRootCANotValid = z;
            this.val$theTimeNotValid = z2;
        }

        @Override // java.security.PrivilegedExceptionAction
        public Object run() throws Exception {
            return PluginSysUtil.execute(new PluginSysAction(this) { // from class: sun.plugin.security.X509PluginTrustManager.4
                private final AnonymousClass3 this$1;

                {
                    this.this$1 = this;
                }

                @Override // sun.plugin.util.PluginSysAction
                public Object execute() throws Exception {
                    TrustDeciderDialog trustDeciderDialog = new TrustDeciderDialog(this.this$1.val$chain, 0, this.this$1.val$chain.length, this.this$1.val$theRootCANotValid, this.this$1.val$theTimeNotValid);
                    trustDeciderDialog.setHttpsDialog(true);
                    return new Integer(trustDeciderDialog.DoModal());
                }
            });
        }
    }

    public static void reset() {
        rootStore = new RootCACertificateStore();
        httpsRootStore = new HttpsRootCACertStore();
        permanentStore = new PluginHttpsCertStore();
        sessionStore = new SessionCertificateStore();
        deniedStore = new DeniedCertificateStore();
    }

    public X509PluginTrustManager() throws KeyStoreException, NoSuchAlgorithmException, NoSuchProviderException, CertificateException {
        this.trustManager = null;
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("IbmX509");
        trustManagerFactory.init((KeyStore) null);
        this.trustManager = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
    }

    @Override // javax.net.ssl.X509TrustManager
    public synchronized void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        boolean z = false;
        boolean z2 = false;
        if (!$assertionsDisabled && this.trustManager == null) {
            throw new AssertionError();
        }
        int i = 1;
        try {
            rootStore.load();
            httpsRootStore.load();
            permanentStore.load();
            sessionStore.load();
            deniedStore.load();
            if (deniedStore.contains(x509CertificateArr[0])) {
                throw new CertificateException("Certificate has been denied");
            }
            try {
                this.trustManager.checkClientTrusted(x509CertificateArr, str);
            } catch (CertificateException e) {
                if (sessionStore.contains(x509CertificateArr[0]) || permanentStore.contains(x509CertificateArr[0])) {
                    return;
                }
                for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
                    if (!rootStore.verify(x509CertificateArr[i2]) && !httpsRootStore.verify(x509CertificateArr[i2])) {
                        z = true;
                    }
                    try {
                        x509CertificateArr[i2].checkValidity();
                    } catch (CertificateExpiredException e2) {
                        z2 = true;
                    } catch (CertificateNotYetValidException e3) {
                        z2 = true;
                    }
                }
                if (Trace.isAutomationEnabled()) {
                    Trace.msgSecurityPrintln("x509trustmgr.automation.ignoreclientcert");
                    i = 0;
                } else {
                    try {
                        i = ((Integer) AccessController.doPrivileged(new AnonymousClass1(this, x509CertificateArr, z, z2))).intValue();
                    } catch (Exception e4) {
                        if (!$assertionsDisabled) {
                            throw new AssertionError();
                        }
                    }
                }
                if (i == 0) {
                    sessionStore.add(x509CertificateArr[0]);
                    sessionStore.save();
                } else if (i == 2) {
                    permanentStore.add(x509CertificateArr[0]);
                    permanentStore.save();
                } else {
                    deniedStore.add(x509CertificateArr[0]);
                    deniedStore.save();
                }
                if (i != 0 && i != 2) {
                    throw new CertificateException("Plugin couldn't trust Client");
                }
            }
        } catch (CertificateException e5) {
            throw e5;
        } catch (Throwable th) {
            th.printStackTrace();
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public synchronized void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        boolean z = false;
        boolean z2 = false;
        if (!$assertionsDisabled && this.trustManager == null) {
            throw new AssertionError();
        }
        int i = 1;
        try {
            rootStore.load();
            httpsRootStore.load();
            permanentStore.load();
            sessionStore.load();
            deniedStore.load();
            if (deniedStore.contains(x509CertificateArr[0])) {
                throw new CertificateException("Certificate has been denied");
            }
            try {
                this.trustManager.checkServerTrusted(x509CertificateArr, str);
            } catch (CertificateException e) {
                if (sessionStore.contains(x509CertificateArr[0]) || permanentStore.contains(x509CertificateArr[0])) {
                    return;
                }
                for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
                    if (!rootStore.verify(x509CertificateArr[i2]) && !httpsRootStore.verify(x509CertificateArr[i2])) {
                        z = true;
                    }
                    try {
                        x509CertificateArr[i2].checkValidity();
                    } catch (CertificateExpiredException e2) {
                        z2 = true;
                    } catch (CertificateNotYetValidException e3) {
                        z2 = true;
                    }
                }
                if (Trace.isAutomationEnabled()) {
                    Trace.msgSecurityPrintln("x509trustmgr.automation.ignoreservercert");
                    i = 0;
                } else {
                    try {
                        i = ((Integer) AccessController.doPrivileged(new AnonymousClass3(this, x509CertificateArr, z, z2))).intValue();
                    } catch (Exception e4) {
                        if (!$assertionsDisabled) {
                            throw new AssertionError();
                        }
                    }
                }
                if (i == 0) {
                    sessionStore.add(x509CertificateArr[0]);
                    sessionStore.save();
                } else if (i == 2) {
                    permanentStore.add(x509CertificateArr[0]);
                    permanentStore.save();
                } else {
                    deniedStore.add(x509CertificateArr[0]);
                    deniedStore.save();
                }
                if (i != 0 && i != 2) {
                    throw new CertificateException("Plugin couldn't trust Server");
                }
            }
        } catch (CertificateException e5) {
            throw e5;
        } catch (Throwable th) {
            th.printStackTrace();
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.trustManager.getAcceptedIssuers();
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$sun$plugin$security$X509PluginTrustManager == null) {
            cls = class$("sun.plugin.security.X509PluginTrustManager");
            class$sun$plugin$security$X509PluginTrustManager = cls;
        } else {
            cls = class$sun$plugin$security$X509PluginTrustManager;
        }
        $assertionsDisabled = !cls.desiredAssertionStatus();
        rootStore = null;
        httpsRootStore = null;
        permanentStore = null;
        sessionStore = null;
        deniedStore = null;
        reset();
    }
}
