package org.apache.directory.studio.connection.core.io;

import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.directory.studio.connection.core.ConnectionCoreConstants;
import org.apache.directory.studio.connection.core.ConnectionCorePlugin;
import org.apache.directory.studio.connection.core.ICertificateHandler;
import org.apache.directory.studio.connection.core.Messages;
import org.apache.http.conn.ssl.BrowserCompatHostnameVerifier;

/* loaded from: input_file:org/apache/directory/studio/connection/core/io/StudioTrustManager.class */
public class StudioTrustManager implements X509TrustManager {
    private X509TrustManager jvmTrustManager;
    private String host;

    /* renamed from: org.apache.directory.studio.connection.core.io.StudioTrustManager$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/directory/studio/connection/core/io/StudioTrustManager$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$directory$studio$connection$core$ICertificateHandler$TrustLevel = new int[ICertificateHandler.TrustLevel.values().length];

        static {
            try {
                $SwitchMap$org$apache$directory$studio$connection$core$ICertificateHandler$TrustLevel[ICertificateHandler.TrustLevel.Permanent.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$directory$studio$connection$core$ICertificateHandler$TrustLevel[ICertificateHandler.TrustLevel.Session.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$directory$studio$connection$core$ICertificateHandler$TrustLevel[ICertificateHandler.TrustLevel.Not.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public StudioTrustManager(X509TrustManager x509TrustManager) throws Exception {
        this.jvmTrustManager = x509TrustManager;
    }

    public void setHost(String str) {
        this.host = str;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.jvmTrustManager.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            X509TrustManager permanentTrustManager = getPermanentTrustManager();
            if (permanentTrustManager != null) {
                permanentTrustManager.checkServerTrusted(x509CertificateArr, str);
                return;
            }
        } catch (CertificateException e) {
        }
        try {
            X509TrustManager sessionTrustManager = getSessionTrustManager();
            if (sessionTrustManager != null) {
                sessionTrustManager.checkServerTrusted(x509CertificateArr, str);
                return;
            }
        } catch (CertificateException e2) {
        }
        ArrayList arrayList = new ArrayList();
        try {
            this.jvmTrustManager.checkServerTrusted(x509CertificateArr, str);
        } catch (CertificateException e3) {
            if (e3 instanceof CertificateExpiredException) {
                arrayList.add(ICertificateHandler.FailCause.CertificateExpired);
            } else if (e3 instanceof CertificateNotYetValidException) {
                arrayList.add(ICertificateHandler.FailCause.CertificateNotYetValid);
            } else {
                if (x509CertificateArr[0].getIssuerX500Principal().equals(x509CertificateArr[0].getSubjectX500Principal())) {
                    arrayList.add(ICertificateHandler.FailCause.SelfSignedCertificate);
                } else {
                    arrayList.add(ICertificateHandler.FailCause.NoValidCertificationPath);
                }
                try {
                    x509CertificateArr[0].checkValidity();
                } catch (CertificateException e4) {
                    if (e4 instanceof CertificateExpiredException) {
                        arrayList.add(ICertificateHandler.FailCause.CertificateExpired);
                    } else if (e4 instanceof CertificateNotYetValidException) {
                        arrayList.add(ICertificateHandler.FailCause.CertificateNotYetValid);
                    }
                }
            }
        }
        try {
            new BrowserCompatHostnameVerifier().verify(this.host, x509CertificateArr[0]);
        } catch (SSLException e5) {
            arrayList.add(ICertificateHandler.FailCause.HostnameVerificationFailed);
        }
        if (arrayList.isEmpty()) {
            return;
        }
        switch (AnonymousClass1.$SwitchMap$org$apache$directory$studio$connection$core$ICertificateHandler$TrustLevel[ConnectionCorePlugin.getDefault().getCertificateHandler().verifyTrustLevel(this.host, x509CertificateArr, arrayList).ordinal()]) {
            case ConnectionCoreConstants.PREFERENCE_NETWORK_PROVIDER_APACHE_DIRECTORY_LDAP_API /* 1 */:
                ConnectionCorePlugin.getDefault().getPermanentTrustStoreManager().addCertificate(x509CertificateArr[0]);
                return;
            case 2:
                ConnectionCorePlugin.getDefault().getSessionTrustStoreManager().addCertificate(x509CertificateArr[0]);
                return;
            case 3:
                throw new CertificateException(Messages.error__untrusted_certificate);
            default:
                return;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.jvmTrustManager.getAcceptedIssuers();
    }

    private X509TrustManager getPermanentTrustManager() throws CertificateException {
        return getTrustManager(ConnectionCorePlugin.getDefault().getPermanentTrustStoreManager().getKeyStore());
    }

    private X509TrustManager getSessionTrustManager() throws CertificateException {
        return getTrustManager(ConnectionCorePlugin.getDefault().getSessionTrustStoreManager().getKeyStore());
    }

    private X509TrustManager getTrustManager(KeyStore keyStore) throws CertificateException {
        try {
            if (!keyStore.aliases().hasMoreElements()) {
                return null;
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            return (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
        } catch (Exception e) {
            throw new CertificateException(Messages.StudioTrustManager_CantCreateTrustManager, e);
        }
    }
}
