package com.sun.management.viperimpl.util.security;

import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* JADX WARN: Classes with same name are omitted:
  input_file:112945-39/SUNWmcc/reloc/usr/sadm/lib/smc/lib/console_rt.jar:com/sun/management/viperimpl/util/security/SMCX509TrustManager.class
  input_file:112945-39/SUNWmccom/reloc/usr/sadm/lib/smc/lib/server_rt.jar:com/sun/management/viperimpl/util/security/SMCX509TrustManager.class
 */
/* loaded from: input_file:112945-39/SUNWwbapi/reloc/usr/sadm/lib/wbem.jar:com/sun/management/viperimpl/util/security/SMCX509TrustManager.class */
public class SMCX509TrustManager implements X509TrustManager {
    private X509TrustManager trustManager;
    private static CertificateStore rootStore = null;
    private static CertificateStore permanentStore = null;
    private static CertificateStore sessionStore = null;
    private static CertificateStore deniedStore = null;

    public static void reset() {
        rootStore = new RootCACertificateStore();
        permanentStore = new SMCCertificateStore();
        sessionStore = new SessionCertificateStore();
        deniedStore = new DeniedCertificateStore();
    }

    public SMCX509TrustManager() throws KeyStoreException, NoSuchAlgorithmException, NoSuchProviderException, CertificateException {
        this.trustManager = null;
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509", "SunJSSE");
        trustManagerFactory.init(rootStore.getKeyStore());
        this.trustManager = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
    }

    @Override // javax.net.ssl.X509TrustManager
    public synchronized void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    }

    @Override // javax.net.ssl.X509TrustManager
    public synchronized void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        boolean z = false;
        boolean z2 = false;
        int i = 1;
        try {
            rootStore.load();
            permanentStore.load();
            sessionStore.load();
            deniedStore.load();
            if (deniedStore.contains(x509CertificateArr[0])) {
                throw new CertificateException("Certificate has been denied");
            }
            try {
                this.trustManager.checkServerTrusted(x509CertificateArr, str);
            } catch (CertificateException e) {
                if (sessionStore.contains(x509CertificateArr[0]) || permanentStore.contains(x509CertificateArr[0])) {
                    return;
                }
                for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
                    if (!rootStore.verify(x509CertificateArr[i2])) {
                        z = true;
                    }
                    try {
                        x509CertificateArr[i2].checkValidity();
                    } catch (CertificateExpiredException e2) {
                        z2 = true;
                    } catch (CertificateNotYetValidException e3) {
                        z2 = true;
                    }
                }
                String property = System.getProperty("com.sun.smc.security.gui");
                if (property == null || !property.equals("yes")) {
                    i = 0;
                } else {
                    try {
                        i = new TrustDeciderDialog(x509CertificateArr, 0, x509CertificateArr.length, z, z2).DoModal();
                    } catch (Exception e4) {
                    }
                }
                if (i == 0) {
                    sessionStore.add(x509CertificateArr[0]);
                    sessionStore.save();
                } else if (i == 2) {
                    permanentStore.add(x509CertificateArr[0]);
                    permanentStore.save();
                } else {
                    deniedStore.add(x509CertificateArr[0]);
                    deniedStore.save();
                }
                if (i == 0 && i != 2) {
                    throw new CertificateException("SMC Console couldn't trust Server");
                }
            }
        } catch (CertificateException e5) {
            throw e5;
        } catch (Throwable th) {
            th.printStackTrace();
            if (i == 0) {
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.trustManager.getAcceptedIssuers();
    }

    static {
        reset();
    }
}
