package com.sun.deploy.security;

import com.sun.deploy.config.Config;
import com.sun.deploy.services.ServiceManager;
import com.sun.deploy.trace.Trace;
import com.sun.deploy.ui.AppInfo;
import java.net.Socket;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;

/* loaded from: input_file:com/sun/deploy/security/X509Extended7DeployTrustManager.class */
public final class X509Extended7DeployTrustManager extends X509ExtendedTrustManager {
    private X509ExtendedTrustManager trustManager;
    private static CertStore rootStore = null;
    private static CertStore sslRootStore = null;
    private static CertStore permanentStore = null;
    private static CertStore sessionStore = null;
    private static CertStore deniedStore = null;
    private static CertStore browserSSLRootStore = null;
    private static boolean isBrowserSSLRootStoreLoaded = false;
    private String[] supportedAlgs = {"HTTPS"};

    public static void reset() {
        rootStore = RootCertStore.getCertStore();
        sslRootStore = SSLRootCertStore.getCertStore();
        permanentStore = DeploySSLCertStore.getCertStore();
        sessionStore = new SessionCertStore("x509Extended7");
        deniedStore = new DeniedCertStore();
        if (Config.getBooleanProperty(Config.SEC_USE_BROWSER_KEYSTORE_KEY)) {
            browserSSLRootStore = ServiceManager.getService().getBrowserSSLRootCertStore();
            isBrowserSSLRootStoreLoaded = false;
        }
    }

    public X509Extended7DeployTrustManager() throws KeyStoreException, NoSuchAlgorithmException, NoSuchProviderException, CertificateException {
        this.trustManager = null;
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509", "SunJSSE");
        trustManagerFactory.init((KeyStore) null);
        this.trustManager = (X509ExtendedTrustManager) trustManagerFactory.getTrustManagers()[0];
    }

    @Override // javax.net.ssl.X509TrustManager
    public synchronized void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        throw new UnsupportedOperationException("The operation is not supported in deploy TM");
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public synchronized void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        throw new UnsupportedOperationException("The operation is not supported in deploy TM");
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public synchronized void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        SSLSocket sSLSocket = (SSLSocket) socket;
        SSLSession handshakeSession = sSLSocket.getHandshakeSession();
        String endpointIdentificationAlgorithm = sSLSocket.getSSLParameters().getEndpointIdentificationAlgorithm();
        String peerHost = handshakeSession.getPeerHost();
        if (endpointIdentificationAlgorithm != null && !isSupportedAlgorithm(endpointIdentificationAlgorithm)) {
            return;
        }
        boolean z = false;
        int i = 0;
        if (this.trustManager == null) {
            throw new IllegalStateException("TrustManager should not be null");
        }
        int i2 = -1;
        try {
            rootStore.load();
            sslRootStore.load();
            permanentStore.load();
            sessionStore.load();
            deniedStore.load();
            if (browserSSLRootStore != null && !isBrowserSSLRootStoreLoaded) {
                browserSSLRootStore.load();
                isBrowserSSLRootStoreLoaded = true;
            }
            if (deniedStore.contains(x509CertificateArr[0])) {
                throw new CertificateException("Certificate has been denied");
            }
            try {
                this.trustManager.checkClientTrusted(x509CertificateArr, str, sSLSocket);
            } catch (CertificateException e) {
                if (sessionStore.contains(x509CertificateArr[0]) || permanentStore.contains(x509CertificateArr[0])) {
                    return;
                }
                if (x509CertificateArr != null && x509CertificateArr.length > 0) {
                    int length = x509CertificateArr.length - 1;
                    if (!rootStore.verify(x509CertificateArr[length]) && !sslRootStore.verify(x509CertificateArr[length]) && (browserSSLRootStore == null || !browserSSLRootStore.verify(x509CertificateArr[length]))) {
                        z = true;
                    }
                }
                for (X509Certificate x509Certificate : x509CertificateArr) {
                    try {
                        x509Certificate.checkValidity();
                    } catch (CertificateExpiredException e2) {
                        i = -1;
                    } catch (CertificateNotYetValidException e3) {
                        i = 1;
                    }
                }
                if (Trace.isAutomationEnabled()) {
                    Trace.msgSecurityPrintln("x509trustmgr.automation.ignoreclientcert");
                    i2 = 0;
                } else if (Config.getBooleanProperty(Config.SEC_HTTPS_DIALOG_WARN_KEY) || z || i != 0 || !CertUtils.checkWildcardDomainList(peerHost, CertUtils.getServername(x509CertificateArr[0]))) {
                    Trace.msgSecurityPrintln("x509trustmgr.check.invalidcert");
                    i2 = TrustDeciderDialog.showDialog(x509CertificateArr, null, 0, x509CertificateArr.length, z, i, null, new AppInfo(), true, peerHost);
                } else {
                    Trace.msgSecurityPrintln("x509trustmgr.check.validcert");
                    i2 = 0;
                }
                if (i2 == 0) {
                    sessionStore.add(x509CertificateArr[0]);
                    sessionStore.save();
                } else if (i2 == 2) {
                    CertStore userCertStore = DeploySSLCertStore.getUserCertStore();
                    userCertStore.load(true);
                    if (userCertStore.add(x509CertificateArr[0])) {
                        userCertStore.save();
                    }
                } else {
                    deniedStore.add(x509CertificateArr[0]);
                    deniedStore.save();
                }
                if (i2 != 0 && i2 != 2) {
                    throw new CertificateException("Java couldn't trust Client");
                }
            }
        } catch (CertificateException e4) {
            throw e4;
        } catch (Throwable th) {
            th.printStackTrace();
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public synchronized void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        throw new UnsupportedOperationException("The operation is not supported in deploy TM");
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public synchronized void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        throw new UnsupportedOperationException("The operation is not supported in deploy TM");
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public synchronized void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        SSLSocket sSLSocket = (SSLSocket) socket;
        SSLSession handshakeSession = sSLSocket.getHandshakeSession();
        String endpointIdentificationAlgorithm = sSLSocket.getSSLParameters().getEndpointIdentificationAlgorithm();
        String peerHost = handshakeSession.getPeerHost();
        if (endpointIdentificationAlgorithm != null && !isSupportedAlgorithm(endpointIdentificationAlgorithm)) {
            return;
        }
        boolean z = false;
        int i = 0;
        if (this.trustManager == null) {
            throw new IllegalStateException("TrustManager should not be null");
        }
        int i2 = -1;
        try {
            rootStore.load();
            sslRootStore.load();
            permanentStore.load();
            sessionStore.load();
            deniedStore.load();
            if (browserSSLRootStore != null && !isBrowserSSLRootStoreLoaded) {
                browserSSLRootStore.load();
                isBrowserSSLRootStoreLoaded = true;
            }
            if (deniedStore.contains(x509CertificateArr[0])) {
                throw new CertificateException("Certificate has been denied");
            }
            try {
                this.trustManager.checkServerTrusted(x509CertificateArr, str, sSLSocket);
            } catch (CertificateException e) {
                if (sessionStore.contains(x509CertificateArr[0]) || permanentStore.contains(x509CertificateArr[0])) {
                    return;
                }
                if (x509CertificateArr != null && x509CertificateArr.length > 0) {
                    int length = x509CertificateArr.length - 1;
                    if (!rootStore.verify(x509CertificateArr[length]) && !sslRootStore.verify(x509CertificateArr[length]) && (browserSSLRootStore == null || !browserSSLRootStore.verify(x509CertificateArr[length]))) {
                        z = true;
                    }
                }
                for (X509Certificate x509Certificate : x509CertificateArr) {
                    try {
                        x509Certificate.checkValidity();
                    } catch (CertificateExpiredException e2) {
                        i = -1;
                    } catch (CertificateNotYetValidException e3) {
                        i = 1;
                    }
                }
                if (Trace.isAutomationEnabled()) {
                    Trace.msgSecurityPrintln("x509trustmgr.automation.ignoreservercert");
                    i2 = 0;
                } else if (Config.getBooleanProperty(Config.SEC_HTTPS_DIALOG_WARN_KEY) || z || i != 0 || !CertUtils.checkWildcardDomainList(peerHost, CertUtils.getServername(x509CertificateArr[0]))) {
                    Trace.msgSecurityPrintln("x509trustmgr.check.invalidcert");
                    i2 = TrustDeciderDialog.showDialog(x509CertificateArr, null, 0, x509CertificateArr.length, z, i, null, new AppInfo(), true, peerHost);
                } else {
                    Trace.msgSecurityPrintln("x509trustmgr.check.validcert");
                    i2 = 0;
                }
                if (i2 == 0) {
                    sessionStore.add(x509CertificateArr[0]);
                    sessionStore.save();
                } else if (i2 == 2) {
                    CertStore userCertStore = DeploySSLCertStore.getUserCertStore();
                    userCertStore.load(true);
                    if (userCertStore.add(x509CertificateArr[0])) {
                        userCertStore.save();
                    }
                } else {
                    deniedStore.add(x509CertificateArr[0]);
                    deniedStore.save();
                }
                if (i2 != 0 && i2 != 2) {
                    throw new CertificateException("Java couldn't trust Server");
                }
            }
        } catch (CertificateException e4) {
            throw e4;
        } catch (Throwable th) {
            th.printStackTrace();
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.trustManager.getAcceptedIssuers();
    }

    private boolean isSupportedAlgorithm(String str) {
        for (int i = 0; i < this.supportedAlgs.length; i++) {
            if (str.equalsIgnoreCase(this.supportedAlgs[i])) {
                return true;
            }
        }
        return false;
    }

    static {
        reset();
    }
}
