package org.apache.ofbiz.base.util;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.LinkedList;
import java.util.List;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:org/apache/ofbiz/base/util/MultiTrustManager.class */
public class MultiTrustManager implements X509TrustManager {
    public static final String module = MultiTrustManager.class.getName();
    protected List<KeyStore> keystores;

    public MultiTrustManager(KeyStore keyStore) {
        this();
        this.keystores.add(keyStore);
    }

    public MultiTrustManager() {
        this.keystores = new LinkedList();
    }

    public void add(KeyStore keyStore) {
        if (keyStore != null) {
            this.keystores.add(keyStore);
        }
    }

    public int getNumberOfKeyStores() {
        return this.keystores.size();
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (!isTrusted(x509CertificateArr) && !"true".equals(UtilProperties.getPropertyValue("certificate", "client.all-trusted", "true"))) {
            throw new CertificateException("No trusted certificate found");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (!isTrusted(x509CertificateArr) && !"true".equals(UtilProperties.getPropertyValue("certificate", "server.all-trusted", "true"))) {
            throw new CertificateException("No trusted certificate found");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        LinkedList linkedList = new LinkedList();
        for (KeyStore keyStore : this.keystores) {
            try {
                Enumeration<String> aliases = keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                    if (certificateChain != null) {
                        for (Certificate certificate : certificateChain) {
                            if (certificate instanceof X509Certificate) {
                                if (Debug.verboseOn()) {
                                    Debug.logVerbose("Read certificate (chain) : " + ((X509Certificate) certificate).getSubjectX500Principal().getName(), module);
                                }
                                linkedList.add((X509Certificate) certificate);
                            }
                        }
                    } else {
                        Certificate certificate2 = keyStore.getCertificate(nextElement);
                        if (certificate2 != null && (certificate2 instanceof X509Certificate)) {
                            if (Debug.verboseOn()) {
                                Debug.logVerbose("Read certificate : " + ((X509Certificate) certificate2).getSubjectX500Principal().getName(), module);
                            }
                            linkedList.add((X509Certificate) certificate2);
                        }
                    }
                }
            } catch (KeyStoreException e) {
                Debug.logError(e, module);
            }
        }
        return (X509Certificate[]) linkedList.toArray(new X509Certificate[linkedList.size()]);
    }

    protected boolean isTrusted(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr == null) {
            return false;
        }
        for (X509Certificate x509Certificate : getAcceptedIssuers()) {
            for (X509Certificate x509Certificate2 : x509CertificateArr) {
                if (Debug.verboseOn()) {
                    Debug.logVerbose("--- Checking cert: " + x509Certificate.getSubjectX500Principal() + " vs " + x509Certificate2.getSubjectX500Principal(), module);
                }
                if (x509Certificate.equals(x509Certificate2)) {
                    if (!Debug.verboseOn()) {
                        return true;
                    }
                    Debug.logVerbose("--- Found trusted cert: " + x509Certificate.getSerialNumber().toString(16) + " : " + x509Certificate.getSubjectX500Principal(), module);
                    return true;
                }
            }
        }
        return false;
    }
}
