package com.sun.net.ssl.internal.ssl;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertificateException;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import javax.net.ssl.X509TrustManager;
import sun.security.validator.KeyStores;
import sun.security.validator.PKIXValidator;
import sun.security.validator.Validator;

/* loaded from: input_file:118668-02/SUNWj5rt/reloc/jdk/instances/jdk1.5.0/jre/lib/jsse.jar:com/sun/net/ssl/internal/ssl/X509TrustManagerImpl.class */
final class X509TrustManagerImpl implements X509TrustManager {
    private final String validatorType;
    private final Collection trustedCerts;
    private final PKIXBuilderParameters pkixParams;
    private volatile Validator clientValidator;
    private volatile Validator serverValidator;
    private static final boolean checkRevocation = Debug.getBooleanProperty("com.sun.net.ssl.checkRevocation", false);
    private static final Debug debug = Debug.getInstance("ssl");

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509TrustManagerImpl(String str, KeyStore keyStore) throws KeyStoreException {
        this.validatorType = str;
        this.pkixParams = null;
        if (keyStore == null) {
            this.trustedCerts = Collections.EMPTY_SET;
        } else {
            this.trustedCerts = KeyStores.getTrustedCerts(keyStore);
        }
        showTrustedCerts();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509TrustManagerImpl(String str, PKIXBuilderParameters pKIXBuilderParameters) {
        this.validatorType = str;
        this.pkixParams = pKIXBuilderParameters;
        Validator validator = getValidator(Validator.VAR_TLS_SERVER);
        this.trustedCerts = validator.getTrustedCertificates();
        this.serverValidator = validator;
        showTrustedCerts();
    }

    private void showTrustedCerts() {
        if (debug == null || !Debug.isOn("trustmanager")) {
            return;
        }
        for (X509Certificate x509Certificate : this.trustedCerts) {
            System.out.println("adding as trusted cert:");
            System.out.println("  Subject: " + ((Object) x509Certificate.getSubjectX500Principal()));
            System.out.println("  Issuer:  " + ((Object) x509Certificate.getIssuerX500Principal()));
            System.out.println("  Algorithm: " + x509Certificate.getPublicKey().getAlgorithm() + "; Serial number: 0x" + x509Certificate.getSerialNumber().toString(16));
            System.out.println("  Valid from " + ((Object) x509Certificate.getNotBefore()) + " until " + ((Object) x509Certificate.getNotAfter()));
            System.out.println();
        }
    }

    private Validator getValidator(String str) {
        Validator validator;
        if (this.pkixParams == null) {
            validator = Validator.getInstance(this.validatorType, str, this.trustedCerts);
            if (validator instanceof PKIXValidator) {
                ((PKIXValidator) validator).getParameters().setRevocationEnabled(checkRevocation);
            }
        } else {
            validator = Validator.getInstance(this.validatorType, str, this.pkixParams);
        }
        return validator;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        Validator validator = this.clientValidator;
        if (validator == null) {
            synchronized (this) {
                validator = this.clientValidator;
                if (validator == null) {
                    validator = getValidator(Validator.VAR_TLS_CLIENT);
                    this.clientValidator = validator;
                }
            }
        }
        X509Certificate[] validate = validator.validate(x509CertificateArr);
        if (debug == null || !Debug.isOn("trustmanager")) {
            return;
        }
        System.out.println("Found trusted certificate:");
        System.out.println(validate[validate.length - 1]);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        Validator validator = this.serverValidator;
        if (validator == null) {
            synchronized (this) {
                validator = this.serverValidator;
                if (validator == null) {
                    validator = getValidator(Validator.VAR_TLS_SERVER);
                    this.serverValidator = validator;
                }
            }
        }
        X509Certificate[] validate = validator.validate(x509CertificateArr, null, str);
        if (debug == null || !Debug.isOn("trustmanager")) {
            return;
        }
        System.out.println("Found trusted certificate:");
        System.out.println(validate[validate.length - 1]);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        X509Certificate[] x509CertificateArr = new X509Certificate[this.trustedCerts.size()];
        this.trustedCerts.toArray(x509CertificateArr);
        return x509CertificateArr;
    }
}
