package org.apache.catalina.realm;

import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:ldaprealm.jar:org/apache/catalina/realm/LDAPRealmTrustManager.class */
public class LDAPRealmTrustManager implements X509TrustManager {
    private boolean certChecking;
    private boolean debugMessages;
    private X509Certificate[] acceptedIssuers;
    private boolean junk = false;

    public LDAPRealmTrustManager() {
        this.certChecking = false;
        this.debugMessages = false;
        String property = Security.getProperty("ssl.LDAPRealmTrustManager.debug");
        if (property != null && property.equalsIgnoreCase("on")) {
            this.debugMessages = true;
            log("debug messages on");
        }
        log("constructor called");
        log("for jdk 1.4 and higher instantiated.");
        String property2 = Security.getProperty("ssl.LDAPRealmTrustManager.file");
        property2 = property2 == null ? "" : property2;
        String property3 = Security.getProperty("ssl.LDAPRealmTrustManager.password");
        property3 = property3 == null ? "" : property3;
        if (property2.length() == 0 || property3.length() == 0) {
            this.certChecking = false;
            this.acceptedIssuers = new X509Certificate[0];
            log("Certificate checking is off");
            return;
        }
        this.certChecking = true;
        log("Certificate checking is on");
        try {
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(new FileInputStream(property2), property3.toCharArray());
            Enumeration<String> aliases = keyStore.aliases();
            this.acceptedIssuers = new X509Certificate[keyStore.size()];
            int i = 0;
            while (aliases.hasMoreElements()) {
                this.acceptedIssuers[i] = (X509Certificate) keyStore.getCertificate(aliases.nextElement());
                i++;
            }
        } catch (Exception e) {
            this.acceptedIssuers = null;
            System.out.println(e);
        }
        System.out.println("keystore file " + property2 + " read.");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        log("checkServerTrusted has been called.");
        log("property set to " + Security.getProperty("ssl.trustFile"));
        if (this.certChecking) {
            if (this.acceptedIssuers == null || x509CertificateArr == null || str == null) {
                throw new IllegalArgumentException("chain or authType is null");
            }
            for (X509Certificate x509Certificate : x509CertificateArr) {
                if (isTrusted(x509Certificate)) {
                    return;
                }
            }
            throw new CertificateException("Certificate chain not trusted.");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        log("checkClientTrusted has been called-trusting.");
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        log("getAcceptedIssuers has been called.");
        return this.acceptedIssuers;
    }

    private boolean isTrusted(X509Certificate x509Certificate) {
        if (this.acceptedIssuers == null) {
            return false;
        }
        for (int i = 0; i < this.acceptedIssuers.length; i++) {
            if (this.acceptedIssuers[i].equals(x509Certificate)) {
                return true;
            }
        }
        return false;
    }

    private void log(String str) {
        if (this.debugMessages) {
            System.out.println("LDAPRealmTrustManager " + str);
        }
    }
}
