package org.apache.directory.studio.connection.core.io;

import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.LinkedHashMap;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.directory.api.ldap.model.exception.LdapTlsHandshakeExceptionClassifier;
import org.apache.directory.api.ldap.model.exception.LdapTlsHandshakeFailCause;
import org.apache.directory.studio.connection.core.ConnectionCoreConstants;
import org.apache.directory.studio.connection.core.ConnectionCorePlugin;
import org.apache.directory.studio.connection.core.ICertificateHandler;
import org.apache.directory.studio.connection.core.Messages;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;

/* loaded from: input_file:org/apache/directory/studio/connection/core/io/StudioTrustManager.class */
public class StudioTrustManager implements X509TrustManager {
    private X509TrustManager jvmTrustManager;
    private String host;
    private static /* synthetic */ int[] $SWITCH_TABLE$org$apache$directory$studio$connection$core$ICertificateHandler$TrustLevel;

    public StudioTrustManager(X509TrustManager x509TrustManager) throws Exception {
        this.jvmTrustManager = x509TrustManager;
    }

    public void setHost(String str) {
        this.host = str;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.jvmTrustManager.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            X509TrustManager permanentTrustManager = getPermanentTrustManager();
            if (permanentTrustManager != null) {
                permanentTrustManager.checkServerTrusted(x509CertificateArr, str);
                return;
            }
        } catch (CertificateException unused) {
        }
        try {
            X509TrustManager sessionTrustManager = getSessionTrustManager();
            if (sessionTrustManager != null) {
                sessionTrustManager.checkServerTrusted(x509CertificateArr, str);
                return;
            }
        } catch (CertificateException unused2) {
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        CertificateException certificateException = null;
        try {
            this.jvmTrustManager.checkServerTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            certificateException = e;
            LdapTlsHandshakeFailCause classify = LdapTlsHandshakeExceptionClassifier.classify(e, x509CertificateArr[0]);
            linkedHashMap.put(classify.getReason(), classify);
        }
        try {
            x509CertificateArr[0].checkValidity();
        } catch (CertificateException e2) {
            certificateException = e2;
            LdapTlsHandshakeFailCause classify2 = LdapTlsHandshakeExceptionClassifier.classify(e2, x509CertificateArr[0]);
            linkedHashMap.put(classify2.getReason(), classify2);
        }
        try {
            new DefaultHostnameVerifier().verify(this.host, x509CertificateArr[0]);
        } catch (SSLException e3) {
            certificateException = new CertificateException(e3);
            LdapTlsHandshakeFailCause ldapTlsHandshakeFailCause = new LdapTlsHandshakeFailCause(e3, e3, LdapTlsHandshakeFailCause.LdapApiReason.HOST_NAME_VERIFICATION_FAILED, "Hostname verification failed");
            linkedHashMap.put(ldapTlsHandshakeFailCause.getReason(), ldapTlsHandshakeFailCause);
        }
        if (linkedHashMap.isEmpty()) {
            return;
        }
        switch ($SWITCH_TABLE$org$apache$directory$studio$connection$core$ICertificateHandler$TrustLevel()[ConnectionCorePlugin.getDefault().getCertificateHandler().verifyTrustLevel(this.host, x509CertificateArr, linkedHashMap.values()).ordinal()]) {
            case ConnectionCoreConstants.PREFERENCE_CONNECTIONS_PASSWORDS_KEYSTORE_ON /* 1 */:
                throw certificateException;
            case 2:
                ConnectionCorePlugin.getDefault().getSessionTrustStoreManager().addCertificate(x509CertificateArr[0]);
                return;
            case 3:
                ConnectionCorePlugin.getDefault().getPermanentTrustStoreManager().addCertificate(x509CertificateArr[0]);
                return;
            default:
                return;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.jvmTrustManager.getAcceptedIssuers();
    }

    private X509TrustManager getPermanentTrustManager() throws CertificateException {
        return getTrustManager(ConnectionCorePlugin.getDefault().getPermanentTrustStoreManager().getKeyStore());
    }

    private X509TrustManager getSessionTrustManager() throws CertificateException {
        return getTrustManager(ConnectionCorePlugin.getDefault().getSessionTrustStoreManager().getKeyStore());
    }

    private X509TrustManager getTrustManager(KeyStore keyStore) throws CertificateException {
        try {
            if (!keyStore.aliases().hasMoreElements()) {
                return null;
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            return (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
        } catch (Exception e) {
            throw new CertificateException(Messages.StudioTrustManager_CantCreateTrustManager, e);
        }
    }

    static /* synthetic */ int[] $SWITCH_TABLE$org$apache$directory$studio$connection$core$ICertificateHandler$TrustLevel() {
        int[] iArr = $SWITCH_TABLE$org$apache$directory$studio$connection$core$ICertificateHandler$TrustLevel;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[ICertificateHandler.TrustLevel.valuesCustom().length];
        try {
            iArr2[ICertificateHandler.TrustLevel.Not.ordinal()] = 1;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[ICertificateHandler.TrustLevel.Permanent.ordinal()] = 3;
        } catch (NoSuchFieldError unused2) {
        }
        try {
            iArr2[ICertificateHandler.TrustLevel.Session.ordinal()] = 2;
        } catch (NoSuchFieldError unused3) {
        }
        $SWITCH_TABLE$org$apache$directory$studio$connection$core$ICertificateHandler$TrustLevel = iArr2;
        return iArr2;
    }
}
