package com.sun.net.ssl.internal.ssl;

import com.sun.net.ssl.X509TrustManager;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;

/* compiled from: [DashoPro-V1.2-120198] */
/* loaded from: input_file:116645-05/SUNWiimc/reloc/$IIM_DOCROOT/jsse.jar:com/sun/net/ssl/internal/ssl/X509TrustManagerImpl.class */
final class X509TrustManagerImpl implements X509TrustManager {
    private Map a = new HashMap();
    private X509Certificate[] b;
    private static final Debug c = Debug.getInstance("ssl");

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509TrustManagerImpl(KeyStore keyStore) throws KeyStoreException {
        Certificate[] certificateChain;
        if (keyStore == null) {
            this.b = new X509Certificate[0];
            return;
        }
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isCertificateEntry(nextElement)) {
                Certificate certificate = keyStore.getCertificate(nextElement);
                if (certificate instanceof X509Certificate) {
                    if (c != null && Debug.isOn("trustmanager")) {
                        System.out.println(new StringBuffer("adding as trusted cert: ").append(certificate).toString());
                    }
                    this.a.put(certificate, certificate);
                }
            } else if (keyStore.isKeyEntry(nextElement) && (certificateChain = keyStore.getCertificateChain(nextElement)) != null && certificateChain.length > 0 && (certificateChain[0] instanceof X509Certificate)) {
                if (c != null && Debug.isOn("trustmanager")) {
                    System.out.println(new StringBuffer("adding private entry as trusted cert: ").append(certificateChain[0]).toString());
                }
                this.a.put(certificateChain[0], certificateChain[0]);
            }
        }
        this.b = new X509Certificate[this.a.size()];
        this.a.values().toArray(this.b);
    }

    private X509Certificate[] a(X509Certificate[] x509CertificateArr) {
        X509Certificate b;
        ArrayList arrayList = new ArrayList(x509CertificateArr.length);
        boolean z = false;
        if (x509CertificateArr.length == 0) {
            return x509CertificateArr;
        }
        Date date = new Date();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            try {
                x509Certificate.checkValidity(date);
            } catch (Exception unused) {
                if (c != null && Debug.isOn("trustmanager")) {
                    System.out.println(new StringBuffer("out of date cert: ").append(x509Certificate).toString());
                }
                X509Certificate a = a(x509Certificate);
                x509Certificate = a;
                if (a == null) {
                    return new X509Certificate[0];
                }
                if (c != null && Debug.isOn("trustmanager")) {
                    System.out.println(new StringBuffer("updated cert with: ").append(x509Certificate).toString());
                }
                z = true;
            }
            arrayList.add(x509Certificate);
        }
        int length = x509CertificateArr.length - 1;
        if (!x509CertificateArr[length].getIssuerDN().equals(x509CertificateArr[length].getSubjectDN()) && (b = b(x509CertificateArr[length])) != null) {
            if (c != null && Debug.isOn("trustmanager")) {
                System.out.println(new StringBuffer("add missing root cert: ").append(b).toString());
            }
            z = true;
            arrayList.add(b);
        }
        return z ? (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]) : x509CertificateArr;
    }

    private void a(X509Certificate x509Certificate, Set set, int i) throws Exception {
        int basicConstraints;
        if (set != null && !set.isEmpty() && set.contains(new String("2.5.29.19")) && (basicConstraints = x509Certificate.getBasicConstraints()) >= 0 && i > 0 && i - 1 > basicConstraints) {
            throw new Exception("Violated basic constraints");
        }
    }

    private void a(X509Certificate x509Certificate, int i) throws Exception {
        Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null || criticalExtensionOIDs.size() == 0) {
            return;
        }
        a(criticalExtensionOIDs);
        a(x509Certificate, criticalExtensionOIDs, i);
        if (i == 0) {
            a(x509Certificate, criticalExtensionOIDs);
        } else {
            b(x509Certificate, criticalExtensionOIDs);
        }
    }

    private void a(X509Certificate x509Certificate, Set set) throws Exception {
        boolean[] keyUsage;
        if (set != null && !set.isEmpty() && set.contains(new String("2.5.29.15")) && (keyUsage = x509Certificate.getKeyUsage()) != null && keyUsage.length > 0 && !keyUsage[0]) {
            throw new Exception("Wrong key usage");
        }
    }

    private void b(X509Certificate x509Certificate, Set set) throws Exception {
        boolean[] keyUsage;
        if (set != null && !set.isEmpty() && set.contains(new String("2.5.29.15")) && (keyUsage = x509Certificate.getKeyUsage()) != null && keyUsage.length > 5 && !keyUsage[5]) {
            throw new Exception("Wrong key usage");
        }
    }

    private void a(Set set) throws Exception {
        if (set.size() == 1) {
            if (!set.contains(new String("2.5.29.19")) && !set.contains(new String("2.5.29.15"))) {
                throw new Exception("Contains unknown critical extensions");
            }
        } else if (set.size() == 2) {
            if (!set.contains(new String("2.5.29.19")) || !set.contains(new String("2.5.29.15"))) {
                throw new Exception("Contains unknown critical extensions");
            }
        }
    }

    @Override // com.sun.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return (X509Certificate[]) this.b.clone();
    }

    private X509Certificate a(X509Certificate x509Certificate) {
        Principal subjectDN = x509Certificate.getSubjectDN();
        Principal issuerDN = x509Certificate.getIssuerDN();
        PublicKey publicKey = x509Certificate.getPublicKey();
        Date date = new Date();
        for (X509Certificate x509Certificate2 : this.a.values()) {
            if (x509Certificate2.getSubjectDN().equals(subjectDN) && x509Certificate2.getIssuerDN().equals(issuerDN) && x509Certificate2.getPublicKey().equals(publicKey)) {
                try {
                    x509Certificate2.checkValidity(date);
                    return x509Certificate2;
                } catch (Exception unused) {
                }
            }
        }
        return null;
    }

    private X509Certificate b(X509Certificate x509Certificate) {
        Principal issuerDN = x509Certificate.getIssuerDN();
        Date date = new Date();
        for (X509Certificate x509Certificate2 : this.a.values()) {
            if (x509Certificate2.getSubjectDN().equals(issuerDN)) {
                try {
                    x509Certificate2.checkValidity(date);
                    return x509Certificate2;
                } catch (Exception unused) {
                    if (c != null && Debug.isOn("trustmanager")) {
                        System.out.println(new StringBuffer("local root cert is invalid: ").append(x509Certificate2).toString());
                    }
                }
            }
        }
        return null;
    }

    @Override // com.sun.net.ssl.X509TrustManager
    public boolean isClientTrusted(X509Certificate[] x509CertificateArr) {
        return b(x509CertificateArr);
    }

    @Override // com.sun.net.ssl.X509TrustManager
    public boolean isServerTrusted(X509Certificate[] x509CertificateArr) {
        return b(x509CertificateArr);
    }

    private boolean b(X509Certificate[] x509CertificateArr) {
        X509Certificate[] a = a(x509CertificateArr);
        for (int i = 0; i < a.length; i++) {
            X509Certificate x509Certificate = a[i];
            try {
                a(x509Certificate, i);
                if (c(x509Certificate)) {
                    if (c == null || !Debug.isOn("trustmanager")) {
                        return true;
                    }
                    System.out.println(new StringBuffer("stop on trusted cert: ").append(x509Certificate).toString());
                    return true;
                }
                Principal issuerDN = x509Certificate.getIssuerDN();
                X509Certificate x509Certificate2 = i + 1 < a.length ? a[i + 1] : x509Certificate;
                if (!issuerDN.equals(x509Certificate2.getSubjectDN())) {
                    if (c == null || !Debug.isOn("trustmanager")) {
                        return false;
                    }
                    System.out.println("issuer != subject DN");
                    return false;
                }
                try {
                    x509Certificate.verify(x509Certificate2.getPublicKey());
                } catch (Exception e) {
                    if (c == null || !Debug.isOn("trustmanager")) {
                        return false;
                    }
                    System.out.println(new StringBuffer("verify failed: ").append(x509Certificate).toString());
                    System.out.println(new StringBuffer("verify exception was: ").append(e).toString());
                    return false;
                }
            } catch (Exception e2) {
                if (c == null || !Debug.isOn("trustmanager")) {
                    return false;
                }
                System.out.println(new StringBuffer("failed critical extension check: ").append(e2).toString());
                return false;
            }
        }
        return false;
    }

    private boolean c(X509Certificate x509Certificate) {
        return this.a.containsKey(x509Certificate);
    }
}
