package com.ibm.etools.iwd.core.internal.security;

import com.ibm.etools.iwd.core.Activator;
import com.ibm.etools.iwd.core.internal.debug.CoreLogger;
import com.ibm.etools.iwd.core.internal.debug.CoreTracer;
import com.ibm.etools.iwd.core.internal.messages.Messages;
import com.ibm.etools.iwd.core.internal.security.IWDX509CertPathValidatorResult;
import java.io.IOException;
import java.net.URL;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import javax.net.ssl.X509TrustManager;
import org.eclipse.core.runtime.FileLocator;
import org.eclipse.core.runtime.Path;
import org.eclipse.core.runtime.Platform;
import org.eclipse.osgi.util.NLS;
import org.osgi.framework.Bundle;

/* loaded from: input_file:com/ibm/etools/iwd/core/internal/security/IWDX509TrustManager.class */
public class IWDX509TrustManager implements X509TrustManager {
    private static final String CERTIFICATE_TYPE = "X.509";
    private static final String ALGORITHM_TYPE = "PKIX";
    private static final String TRUSTED_KEYSTORE = "iwdcerts";

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        IWDX509CertPathValidatorResult iWDX509CertPathValidatorResult;
        IWDX509CertPathValidatorResult.Status status;
        CertPathValidator certPathValidator;
        KeyStore keyStore;
        Bundle bundle;
        if (CoreTracer.getDefault().InformationTracingEnabled) {
            CoreTracer.getDefault().traceMethod(1, "IWDX509TrustManager", "checkServerTrusted", "certs=[" + Arrays.toString(x509CertificateArr) + "] authType=[" + str + "]");
        }
        CertificateFactory certificateFactory = CertificateFactory.getInstance(CERTIFICATE_TYPE);
        if (CoreTracer.getDefault().InformationTracingEnabled) {
            CoreTracer.getDefault().traceMethod(1, "IWDX509TrustManager", "checkServerTrusted", "certificateFactory=[" + certificateFactory + "]");
        }
        CertPath generateCertPath = certificateFactory.generateCertPath(Arrays.asList(x509CertificateArr));
        if (CoreTracer.getDefault().InformationTracingEnabled) {
            CoreTracer.getDefault().traceMethod(1, "IWDX509TrustManager", "checkServerTrusted", "certPath=[" + generateCertPath + "]");
        }
        boolean z = false;
        Throwable th = null;
        CertPath certPath = null;
        Certificate certificate = null;
        int i = -1;
        String str2 = TRUSTED_KEYSTORE;
        String property = System.getProperty("IWD.Security.IgnorePredefined.KeyStore");
        if (property != null && Boolean.valueOf(property).booleanValue()) {
            str2 = String.valueOf(str2) + "_ignore";
        }
        try {
            certPathValidator = CertPathValidator.getInstance(ALGORITHM_TYPE);
            if (CoreTracer.getDefault().InformationTracingEnabled) {
                CoreTracer.getDefault().traceMethod(1, "IWDX509TrustManager", "checkServerTrusted", "certPathValidator=[" + certPathValidator + "]");
            }
            keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            if (CoreTracer.getDefault().InformationTracingEnabled) {
                CoreTracer.getDefault().traceMethod(1, "IWDX509TrustManager", "checkServerTrusted", "keystore=[" + keyStore + "]");
            }
            bundle = Platform.getBundle(Activator.PLUGIN_ID);
        } catch (IOException e) {
            CoreLogger.getDefault().logException(e);
            if (CoreTracer.getDefault().ErrorTracingEnabled) {
                CoreTracer.getDefault().traceMessage(4, e);
            }
            th = e;
        } catch (InvalidAlgorithmParameterException e2) {
            CoreLogger.getDefault().logException(e2);
            if (CoreTracer.getDefault().ErrorTracingEnabled) {
                CoreTracer.getDefault().traceMessage(4, e2);
            }
            th = e2;
        } catch (KeyStoreException e3) {
            CoreLogger.getDefault().logException(e3);
            if (CoreTracer.getDefault().ErrorTracingEnabled) {
                CoreTracer.getDefault().traceMessage(4, e3);
            }
            th = e3;
        } catch (NoSuchAlgorithmException e4) {
            CoreLogger.getDefault().logException(e4);
            if (CoreTracer.getDefault().ErrorTracingEnabled) {
                CoreTracer.getDefault().traceMessage(4, e4);
            }
            th = e4;
        } catch (CertPathValidatorException e5) {
            if (CoreTracer.getDefault().InformationTracingEnabled) {
                CoreTracer.getDefault().traceMessage(1, e5);
            }
            th = e5;
            certPath = e5.getCertPath();
            if (certPath != null) {
                List<? extends Certificate> certificates = certPath.getCertificates();
                int size = certificates.size();
                if (size > 0) {
                    i = e5.getIndex();
                    certificate = i >= 0 ? certificates.get(i) : certificates.get(size - 1);
                }
                if (CoreTracer.getDefault().InformationTracingEnabled) {
                    CoreTracer.getDefault().traceMethod(1, "IWDX509TrustManager", "checkServerTrusted", "nastyCertPath=[" + certPath + "] size=[" + size + "] nastyIndex=[" + i + "] nastyCert=[" + certificate + "]");
                }
            }
        } catch (CertificateException e6) {
            CoreLogger.getDefault().logException(e6);
            if (CoreTracer.getDefault().ErrorTracingEnabled) {
                CoreTracer.getDefault().traceMessage(4, e6);
            }
            th = e6;
        }
        if (bundle == null) {
            throw new CertificateException(NLS.bind(Messages.X509_NO_SUCH_BUNDLE, Activator.PLUGIN_ID));
        }
        URL find = FileLocator.find(bundle, new Path(str2), (Map) null);
        if (find == null) {
            throw new CertificateException(NLS.bind(Messages.X509_NO_SUCH_TRUSTED_KEYSTORE, new String[]{str2, Activator.PLUGIN_ID}));
        }
        keyStore.load(find.openStream(), new char[]{'g', 'r', 'u', 'n', 't', 'i', 'e', 's'});
        PKIXParameters pKIXParameters = new PKIXParameters(keyStore);
        pKIXParameters.setRevocationEnabled(false);
        if (CoreTracer.getDefault().InformationTracingEnabled) {
            CoreTracer.getDefault().traceMethod(1, "IWDX509TrustManager", "checkServerTrusted", "parameters=[" + pKIXParameters + "]");
        }
        certPathValidator.validate(generateCertPath, pKIXParameters);
        z = true;
        if (!z) {
            if (certPath == null) {
                certPath = generateCertPath;
                List<? extends Certificate> certificates2 = generateCertPath.getCertificates();
                i = certificates2.size() - 1;
                if (i >= 0) {
                    certificate = certificates2.get(i);
                }
                if (CoreTracer.getDefault().InformationTracingEnabled) {
                    CoreTracer.getDefault().traceMethod(1, "IWDX509TrustManager", "checkServerTrusted", "nastyCertPath=[" + certPath + "] nastyIndex=[" + i + "] nastyCert=[" + certificate + "]");
                }
            }
            try {
                z = IWDX509CertRegistry.instance().isTrusted(certificate);
            } catch (KeyStoreException e7) {
                CoreLogger.getDefault().logException(e7);
                if (CoreTracer.getDefault().ErrorTracingEnabled) {
                    CoreTracer.getDefault().traceMessage(4, e7);
                }
            }
        }
        if (!z && certPath != null) {
            IWDX509CertPathValidatorResult[] validate = IWDX509CertPathValidatorRegistry.instance().validate(certPath, i, null, th);
            if (validate.length > 0 && (status = (iWDX509CertPathValidatorResult = validate[validate.length - 1]).getStatus()) != IWDX509CertPathValidatorResult.Status.ABSTAINED && status != IWDX509CertPathValidatorResult.Status.REJECTED) {
                z = true;
                try {
                    if (status == IWDX509CertPathValidatorResult.Status.VALID_FOR_SESSION) {
                        IWDX509CertRegistry.instance().trustCertificateTransiently(iWDX509CertPathValidatorResult.getCertificate());
                    } else if (status == IWDX509CertPathValidatorResult.Status.VALID_FOR_WORKSPACE) {
                        IWDX509CertRegistry.instance().trustCertificatePersistently(iWDX509CertPathValidatorResult.getCertificate());
                    }
                } catch (KeyStoreException e8) {
                    CoreLogger.getDefault().logException(e8);
                    if (CoreTracer.getDefault().ErrorTracingEnabled) {
                        CoreTracer.getDefault().traceMessage(4, e8);
                    }
                }
            }
        }
        if (CoreTracer.getDefault().InformationTracingEnabled) {
            CoreTracer.getDefault().traceMethod(1, "IWDX509TrustManager", "checkServerTrusted", "valid=[" + z + "]");
        }
        if (z) {
            return;
        }
        if (th != null) {
            throw new CertificateException(th);
        }
    }
}
