package de.adito.trustmanager;

import de.adito.trustmanager.confirmingui.CertificateExceptionDetail;
import de.adito.trustmanager.store.ICustomTrustStore;
import java.net.Socket;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateRevokedException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedTrustManager;

/* loaded from: input_file:de/adito/trustmanager/CustomTrustManager.class */
public abstract class CustomTrustManager extends X509ExtendedTrustManager {
    private final List<X509ExtendedTrustManager> defaultTrustManagers;
    private ICustomTrustStore trustStore;
    private boolean acceptedCert;
    private int countHandledTMs;

    public CustomTrustManager(ICustomTrustStore iCustomTrustStore, Iterable<X509ExtendedTrustManager> iterable) {
        if (iCustomTrustStore == null) {
            throw new NullPointerException("trustStore is null");
        }
        this.trustStore = iCustomTrustStore;
        this.defaultTrustManagers = new ArrayList();
        Iterator<X509ExtendedTrustManager> it = iterable.iterator();
        while (it.hasNext()) {
            this.defaultTrustManagers.add(it.next());
        }
        if (this.defaultTrustManagers.isEmpty()) {
            throw new NullPointerException("no trustManager found");
        }
        this.acceptedCert = false;
        this.countHandledTMs = 0;
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        LinkedList linkedList = new LinkedList();
        Iterator<X509ExtendedTrustManager> it = this.defaultTrustManagers.iterator();
        while (it.hasNext()) {
            linkedList.addAll(Arrays.asList(it.next().getAcceptedIssuers()));
        }
        return (X509Certificate[]) linkedList.toArray(new X509Certificate[0]);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        throw new UnsupportedOperationException("checkClientTrusted");
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) {
        throw new UnsupportedOperationException("checkClientTrusted");
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) {
        throw new UnsupportedOperationException("checkClientTrusted");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        Iterator<X509ExtendedTrustManager> it = this.defaultTrustManagers.iterator();
        while (it.hasNext()) {
            try {
                it.next().checkServerTrusted(x509CertificateArr, str);
                this.acceptedCert = true;
            } catch (CertificateException e) {
                _handleCertificateException(x509CertificateArr, e, null);
            }
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        Iterator<X509ExtendedTrustManager> it = this.defaultTrustManagers.iterator();
        while (it.hasNext()) {
            try {
                it.next().checkServerTrusted(x509CertificateArr, str, socket);
                this.acceptedCert = true;
            } catch (CertificateException e) {
                _handleCertificateException(x509CertificateArr, e, socket.getInetAddress().getHostName());
            }
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        Iterator<X509ExtendedTrustManager> it = this.defaultTrustManagers.iterator();
        while (it.hasNext()) {
            try {
                it.next().checkServerTrusted(x509CertificateArr, str, sSLEngine);
                this.acceptedCert = true;
            } catch (CertificateException e) {
                _handleCertificateException(x509CertificateArr, e, sSLEngine.getPeerHost());
            }
        }
    }

    private void _handleCertificateException(X509Certificate[] x509CertificateArr, CertificateException certificateException, String str) throws CertificateException {
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw certificateException;
        }
        Throwable cause = certificateException.getCause();
        if ((cause instanceof CertPathValidatorException) && (cause.getCause() instanceof CertificateRevokedException)) {
            throw certificateException;
        }
        List<CertificateExceptionDetail.EType> types = CertificateExceptionDetail.createExceptionDetail(x509CertificateArr, certificateException, str).getTypes();
        if (this.defaultTrustManagers.size() != 1 && types.size() == 1 && (types.contains(CertificateExceptionDetail.EType.UNTRUSTED_ROOT) || types.contains(CertificateExceptionDetail.EType.SELF_SIGNED))) {
            if (this.acceptedCert) {
                return;
            }
            if (this.countHandledTMs < this.defaultTrustManagers.size() - 1) {
                this.countHandledTMs++;
                return;
            }
        }
        this.countHandledTMs = 0;
        this.acceptedCert = false;
        _tryCustomTrustManager(x509CertificateArr, certificateException, str);
    }

    private void _tryCustomTrustManager(X509Certificate[] x509CertificateArr, CertificateException certificateException, String str) throws CertificateException {
        X509Certificate x509Certificate = x509CertificateArr[x509CertificateArr.length - 1];
        String hashSHA1 = TrustManagerUtil.hashSHA1(x509Certificate);
        if (this.trustStore.get(hashSHA1) != null) {
            return;
        }
        this.trustStore.add(hashSHA1, x509Certificate, checkCertificateAndShouldPersist(x509CertificateArr, certificateException, str));
    }

    protected abstract boolean checkCertificateAndShouldPersist(X509Certificate[] x509CertificateArr, CertificateException certificateException, String str) throws CertificateException;
}
