package com.evolveum.polygon.connector.msgraphapi.util;

import java.security.InvalidAlgorithmParameterException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;
import org.identityconnectors.common.logging.Log;
import org.identityconnectors.framework.common.exceptions.ConnectorException;

/* loaded from: input_file:com/evolveum/polygon/connector/msgraphapi/util/PolyTrustManager.class */
public class PolyTrustManager implements X509TrustManager {
    protected static final Log LOG = Log.getLog(PolyTrustManager.class);
    final X509TrustManager primary;
    final X509TrustManager secondary;

    public PolyTrustManager(X509TrustManager x509TrustManager, X509TrustManager x509TrustManager2) {
        this.primary = x509TrustManager;
        this.secondary = x509TrustManager2;
    }

    public PolyTrustManager(X509TrustManager x509TrustManager) {
        this(x509TrustManager, null);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.primary.getAcceptedIssuers();
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            this.primary.checkServerTrusted(x509CertificateArr, str);
        } catch (RuntimeException e) {
            LOG.warn("Exception while using jvm defined trust store: {0}. Attempt to use secondaryTrust manager if provided to handle exception.", new Object[]{e.getLocalizedMessage()});
            if (!(e.getCause() instanceof InvalidAlgorithmParameterException)) {
                throw new ConnectorException("Runtime exception while validating server with CA trust. " + e.getLocalizedMessage());
            }
            if (this.secondary == null) {
                LOG.warn("Secondary trust store either missing or configured to be omitted. About to rethrow exception", new Object[0]);
                throw new ConnectorException("InvalidAlgorithmParameterException exception while validating server with CA trust. " + e.getLocalizedMessage());
            }
            LOG.ok("Fail-over to custom defined thrust store.", new Object[0]);
            this.secondary.checkServerTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.primary.checkClientTrusted(x509CertificateArr, str);
    }
}
