package com.appiancorp.security.ssl;

import com.appiancorp.security.ssl.CertificateData;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/appiancorp/security/ssl/ServiceBackedTrustManager.class */
public class ServiceBackedTrustManager implements X509TrustManager {
    private static Logger LOG = Logger.getLogger(ServiceBackedTrustManager.class);
    private static final String DEFAULT_TRUST_MANAGER_ERROR_MESSAGE = "Default trust manager failed.";
    private final ClientAndTrustedCertificateService certificateService;
    private X509TrustManager trustManager;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServiceBackedTrustManager(ClientAndTrustedCertificateService clientAndTrustedCertificateService) {
        this.certificateService = clientAndTrustedCertificateService;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            getOrCreateTrustManager().checkClientTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            throw e;
        } catch (Exception e2) {
            LOG.warn(DEFAULT_TRUST_MANAGER_ERROR_MESSAGE, e2);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            getOrCreateTrustManager().checkServerTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            throw e;
        } catch (Exception e2) {
            LOG.warn(DEFAULT_TRUST_MANAGER_ERROR_MESSAGE, e2);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        try {
            return getOrCreateTrustManager().getAcceptedIssuers();
        } catch (Exception e) {
            LOG.warn(DEFAULT_TRUST_MANAGER_ERROR_MESSAGE, e);
            return new X509Certificate[0];
        }
    }

    private X509TrustManager getOrCreateTrustManager() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        if (this.trustManager == null || !this.certificateService.isTrustedCertCacheValid()) {
            incrementInitializationCount();
            this.trustManager = initializeTrustManager();
            this.certificateService.setTrustedCertCacheToValid();
        }
        return this.trustManager;
    }

    protected void incrementInitializationCount() {
    }

    private X509TrustManager initializeTrustManager() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        for (CertificateData certificateData : this.certificateService.getAllCertificatesByType(CertificateData.CertificateType.TRUSTED)) {
            keyStore.setCertificateEntry(certificateData.getAlias(), this.certificateService.deserializeCertificateChain(certificateData.getSerializedCertificateChain()).get(0));
        }
        int i = 0;
        Iterator<X509Certificate> it = getDefaultTrustedCerts().iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            keyStore.setCertificateEntry("default-" + i2, it.next());
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        return (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
    }

    private List<X509Certificate> getDefaultTrustedCerts() throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        ArrayList arrayList = new ArrayList();
        trustManagerFactory.init((KeyStore) null);
        Arrays.asList(trustManagerFactory.getTrustManagers()).forEach(trustManager -> {
            arrayList.addAll(Arrays.asList(((X509TrustManager) trustManager).getAcceptedIssuers()));
        });
        return arrayList;
    }
}
