package com.sonicsw.ws.security.provider;

import java.math.BigInteger;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import java.util.Vector;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:com/sonicsw/ws/security/provider/X509TrustManager.class */
public class X509TrustManager extends com.sonicsw.ws.security.X509TrustManager {
    private static boolean doDebug = false;
    private KeyStore m_trustStore = null;

    @Override // com.sonicsw.ws.security.X509TrustManager
    public void init(KeyStore keyStore) {
        this.m_trustStore = keyStore;
    }

    @Override // com.sonicsw.ws.security.X509TrustManager
    public boolean isTrusted(X509Certificate x509Certificate) {
        return isTrusted(x509Certificate, this.m_trustStore);
    }

    @Override // com.sonicsw.ws.security.X509TrustManager
    public boolean isTrusted(X509Certificate x509Certificate, KeyStore keyStore) {
        X509Certificate[] certificates;
        if (keyStore == null || x509Certificate == null) {
            if (!doDebug) {
                return false;
            }
            System.out.println("X509TrustManager: Trust store or signing certificate not available.");
            return false;
        }
        String name = x509Certificate.getSubjectDN().getName();
        String name2 = x509Certificate.getIssuerDN().getName();
        BigInteger serialNumber = x509Certificate.getSerialNumber();
        if (doDebug) {
            System.out.println("X509TrustManager: Signing certificate with subject DN = " + name);
            System.out.println("X509TrustManager: Signing certificate with issuer DN = " + name2 + " (serial " + serialNumber + ")");
        }
        try {
            x509Certificate.checkValidity(new Date(System.currentTimeMillis()));
            String aliasByIssuerSerialNumber = getAliasByIssuerSerialNumber(name2, serialNumber, keyStore);
            if (aliasByIssuerSerialNumber != null && (certificates = getCertificates(aliasByIssuerSerialNumber, keyStore)) != null && certificates.length > 0 && x509Certificate.equals(certificates[0])) {
                if (!doDebug) {
                    return true;
                }
                System.out.println("X509TrustManager: Signing certificate found in the trust store.");
                return true;
            }
            if (doDebug) {
                System.out.println("X509TrustManager: Signing certificate NOT found in the trust store.");
            }
            String[] aliasesBySubjectDN = getAliasesBySubjectDN(name2, keyStore);
            if (aliasesBySubjectDN == null || aliasesBySubjectDN.length < 1) {
                if (!doDebug) {
                    return false;
                }
                System.out.println("X509TrustManager: No issuer found in the trust store via issuer DN " + name2);
                return false;
            }
            for (String str : aliasesBySubjectDN) {
                X509Certificate[] certificates2 = getCertificates(str, keyStore);
                if (!(certificates2 == null) && !(certificates2.length < 1)) {
                    try {
                        if (doDebug) {
                            System.out.println("X509TrustManager: Validating signing certificate with issuer " + certificates2[0].getSubjectDN().getName());
                        }
                        x509Certificate.verify(certificates2[0].getPublicKey());
                    } catch (Exception e) {
                        if (doDebug) {
                            System.out.println("X509TrustManager: Could not verify signing certificate with issuer " + certificates2[0].getSubjectDN().getName());
                        }
                    }
                } else if (doDebug) {
                    System.out.println("X509TrustManager: KeyStore internal error - could not retrieve certificate(s) via alias " + str);
                }
            }
            if (!doDebug) {
                return false;
            }
            System.out.println("X509TrustManager: Certificate path NOT verified for certificate " + name);
            return false;
        } catch (Exception e2) {
            if (!doDebug) {
                return false;
            }
            System.out.println("X509TrustManager: Invalid certificate - " + e2.getMessage());
            return false;
        }
    }

    @Override // com.sonicsw.ws.security.X509TrustManager
    public boolean isTrusted(X509Certificate[] x509CertificateArr) {
        return false;
    }

    @Override // com.sonicsw.ws.security.X509TrustManager
    public boolean isTrusted(X509Certificate[] x509CertificateArr, KeyStore keyStore) {
        return false;
    }

    private String getAliasByIssuerSerialNumber(String str, BigInteger bigInteger, KeyStore keyStore) {
        Certificate certificate;
        X500Principal x500Principal = new X500Principal(str);
        String name = x500Principal.getName();
        if (doDebug) {
            System.out.println("X509TrustManager: Looking up certificate by issuer (serial number)...");
            System.out.println("X509TrustManager: Issuer DN " + x500Principal.getName());
            System.out.println("X509TrustManager: Serial number " + bigInteger);
        }
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                if (certificateChain == null || certificateChain.length == 0) {
                    certificate = keyStore.getCertificate(nextElement);
                    if (certificate == null) {
                        if (doDebug) {
                            System.out.println("X509TrustManager: KeyStore failure: unable to locate certificate by alias " + nextElement);
                        }
                    }
                } else {
                    certificate = certificateChain[0];
                }
                if (certificate instanceof X509Certificate) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    if (doDebug) {
                        System.out.println("X509TrustManager: Comparing certificate " + x509Certificate.getSubjectX500Principal().getName() + " (" + x509Certificate.getSerialNumber() + ")");
                    }
                    boolean z = false;
                    if (x509Certificate.getSerialNumber().compareTo(bigInteger) == 0) {
                        if (doDebug) {
                            System.out.println("X509TrustManager: Serial number " + x509Certificate.getSerialNumber() + " MATCHED.");
                        }
                        z = x509Certificate.getIssuerX500Principal().getName().equals(name);
                    } else if (doDebug) {
                        System.out.println("X509TrustManager: Serial number " + x509Certificate.getSerialNumber() + " NOT MATCHED.");
                    }
                    if (doDebug) {
                        System.out.println("X509TrustManager: Issuer DN " + x509Certificate.getIssuerX500Principal().getName() + (z ? " MATCHED." : " NOT MATCHED."));
                    }
                    if (z) {
                        return nextElement;
                    }
                }
            }
            return null;
        } catch (KeyStoreException e) {
            return null;
        }
    }

    private String[] getAliasesBySubjectDN(String str, KeyStore keyStore) {
        Certificate certificate;
        String name = new X500Principal(str).getName();
        if (doDebug) {
            System.out.println("X509TrustManager: Retrieving certificate(s) by subject DN: " + name);
        }
        Vector vector = new Vector();
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                if (certificateChain == null || certificateChain.length == 0) {
                    certificate = keyStore.getCertificate(nextElement);
                    if (certificate == null) {
                        return null;
                    }
                    new Certificate[1][0] = certificate;
                } else {
                    certificate = certificateChain[0];
                }
                if (certificate instanceof X509Certificate) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    boolean equals = x509Certificate.getSubjectX500Principal().getName().equals(name);
                    if (equals) {
                        vector.add(nextElement);
                    }
                    if (doDebug) {
                        System.out.println("X509TrustManager: Certificate " + x509Certificate.getSubjectX500Principal().getName() + (equals ? " - MATCHED." : " - NOT MATCHED."));
                    }
                }
            }
        } catch (KeyStoreException e) {
        }
        String[] strArr = new String[vector.size()];
        for (int i = 0; i < vector.size(); i++) {
            strArr[i] = (String) vector.elementAt(i);
        }
        return strArr;
    }

    private X509Certificate[] getCertificates(String str, KeyStore keyStore) {
        Certificate[] certificateArr = null;
        try {
            certificateArr = keyStore.getCertificateChain(str);
            if (certificateArr == null || certificateArr.length == 0) {
                Certificate certificate = keyStore.getCertificate(str);
                if (certificate == null) {
                    return null;
                }
                certificateArr = new Certificate[]{certificate};
            }
        } catch (KeyStoreException e) {
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[certificateArr.length];
        for (int i = 0; i < certificateArr.length; i++) {
            x509CertificateArr[i] = (X509Certificate) certificateArr[i];
        }
        return x509CertificateArr;
    }
}
