package org.forgerock.opendj.ldap;

import com.forgerock.opendj.util.Validator;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.forgerock.opendj.ldap.schema.Schema;

/* loaded from: input_file:org/forgerock/opendj/ldap/TrustManagers.class */
public final class TrustManagers {
    private static final Logger LOG = Logger.getLogger(TrustManagers.class.getName());

    /* loaded from: input_file:org/forgerock/opendj/ldap/TrustManagers$CheckHostName.class */
    private static final class CheckHostName implements X509TrustManager {
        private final X509TrustManager trustManager;
        private final String hostNamePattern;

        private CheckHostName(X509TrustManager x509TrustManager, String str) {
            this.trustManager = x509TrustManager;
            this.hostNamePattern = str;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            verifyHostName(x509CertificateArr);
            this.trustManager.checkClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            verifyHostName(x509CertificateArr);
            this.trustManager.checkServerTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.trustManager.getAcceptedIssuers();
        }

        private boolean hostNameMatchesPattern(String str, String str2) {
            String[] split = str.split("\\.");
            String[] split2 = str2.split("\\.");
            boolean z = split.length == split2.length;
            for (int i = 0; i < split.length && z; i++) {
                String str3 = split[i];
                String str4 = split2[i];
                if (!str4.equals("*")) {
                    z = str3.equalsIgnoreCase(str4);
                }
            }
            return z;
        }

        private void verifyHostName(X509Certificate[] x509CertificateArr) throws CertificateException {
            try {
                if (hostNameMatchesPattern(DN.valueOf(x509CertificateArr[0].getSubjectX500Principal().getName(), Schema.getCoreSchema()).iterator().next().iterator().next().getAttributeValue().toString(), this.hostNamePattern)) {
                } else {
                    throw new CertificateException("The host name contained in the certificate chain subject DN '" + x509CertificateArr[0].getSubjectX500Principal() + "' does not match the host name '" + this.hostNamePattern + "'");
                }
            } catch (Throwable th) {
                TrustManagers.LOG.log(Level.WARNING, "Error parsing subject dn: " + x509CertificateArr[0].getSubjectX500Principal(), th);
            }
        }
    }

    /* loaded from: input_file:org/forgerock/opendj/ldap/TrustManagers$CheckValidatyDates.class */
    private static final class CheckValidatyDates implements X509TrustManager {
        private final X509TrustManager trustManager;

        private CheckValidatyDates(X509TrustManager x509TrustManager) {
            this.trustManager = x509TrustManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            verifyExpiration(x509CertificateArr);
            this.trustManager.checkClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            verifyExpiration(x509CertificateArr);
            this.trustManager.checkServerTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.trustManager.getAcceptedIssuers();
        }

        private void verifyExpiration(X509Certificate[] x509CertificateArr) throws CertificateException {
            Date date = new Date();
            for (X509Certificate x509Certificate : x509CertificateArr) {
                try {
                    x509Certificate.checkValidity(date);
                } catch (CertificateExpiredException e) {
                    TrustManagers.LOG.log(Level.WARNING, "Refusing to trust security certificate \"" + x509Certificate.getSubjectDN().getName() + "\" because it expired on " + String.valueOf(x509Certificate.getNotAfter()));
                    throw e;
                } catch (CertificateNotYetValidException e2) {
                    TrustManagers.LOG.log(Level.WARNING, "Refusing to trust security certificate \"" + x509Certificate.getSubjectDN().getName() + "\" because it is not valid until " + String.valueOf(x509Certificate.getNotBefore()));
                    throw e2;
                }
            }
        }
    }

    /* loaded from: input_file:org/forgerock/opendj/ldap/TrustManagers$DistrustAll.class */
    private static final class DistrustAll implements X509TrustManager {
        private static final DistrustAll INSTANCE = new DistrustAll();

        private DistrustAll() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            throw new CertificateException();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            throw new CertificateException();
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    /* loaded from: input_file:org/forgerock/opendj/ldap/TrustManagers$TrustAll.class */
    private static final class TrustAll implements X509TrustManager {
        private static final TrustAll INSTANCE = new TrustAll();

        private TrustAll() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    public static X509TrustManager checkHostName(String str, X509TrustManager x509TrustManager) {
        Validator.ensureNotNull(x509TrustManager, str);
        return new CheckHostName(x509TrustManager, str);
    }

    public static X509TrustManager checkUsingTrustStore(String str) throws GeneralSecurityException, IOException {
        return checkUsingTrustStore(str, null, null);
    }

    public static X509TrustManager checkUsingTrustStore(String str, char[] cArr, String str2) throws GeneralSecurityException, IOException {
        Validator.ensureNotNull(str);
        File file = new File(str);
        KeyStore keyStore = KeyStore.getInstance(str2 != null ? str2 : KeyStore.getDefaultType());
        FileInputStream fileInputStream = null;
        try {
            fileInputStream = new FileInputStream(file);
            keyStore.load(fileInputStream, cArr);
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e) {
                }
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            X509TrustManager x509TrustManager = null;
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            int length = trustManagers.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                TrustManager trustManager = trustManagers[i];
                if (trustManager instanceof X509TrustManager) {
                    x509TrustManager = (X509TrustManager) trustManager;
                    break;
                }
                i++;
            }
            if (x509TrustManager == null) {
                throw new NoSuchAlgorithmException();
            }
            return x509TrustManager;
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e2) {
                }
            }
            throw th;
        }
    }

    public static X509TrustManager checkValidityDates(X509TrustManager x509TrustManager) {
        Validator.ensureNotNull(x509TrustManager);
        return new CheckValidatyDates(x509TrustManager);
    }

    public static X509TrustManager distrustAll() {
        return DistrustAll.INSTANCE;
    }

    public static X509TrustManager trustAll() {
        return TrustAll.INSTANCE;
    }

    private TrustManagers() {
    }
}
