package com.sun.cacao.agent.trust;

import com.sun.cacao.agent.JmxClient;
import java.io.File;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:120676-02/SUNWcacao/reloc/SUNWcacao/lib/cacao_cacao.jar:com/sun/cacao/agent/trust/CacaoTrustManager.class */
public class CacaoTrustManager implements X509TrustManager {
    private static Logger logger = Logger.getLogger("com.sun.cacao.agent.trust");
    private X509TrustManager[] tms = null;
    private long lastModifDate = 0;
    private boolean initialized = false;
    private X509Certificate[] acceptedIssuers = null;

    public synchronized void init() throws IOException, GeneralSecurityException {
        if (logger.isLoggable(Level.FINE)) {
            logger.fine("cacao trust manager initializing...");
        }
        if (this.initialized) {
            throw new IllegalStateException("already initialized");
        }
        this.lastModifDate = getTrustStoreLastModified();
        this.tms = createTrustManagers();
        this.initialized = true;
        if (logger.isLoggable(Level.FINE)) {
            logger.fine("cacao trust manager initialized");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public synchronized X509Certificate[] getAcceptedIssuers() {
        if (logger.isLoggable(Level.FINER)) {
            logger.finer("processing request to return accepted CAs...");
        }
        reloadTrustStore();
        if (this.acceptedIssuers == null) {
            ArrayList arrayList = new ArrayList();
            if (this.tms != null) {
                for (int i = 0; i < this.tms.length; i++) {
                    X509Certificate[] acceptedIssuers = this.tms[i].getAcceptedIssuers();
                    if (acceptedIssuers != null) {
                        for (X509Certificate x509Certificate : acceptedIssuers) {
                            arrayList.add(x509Certificate);
                        }
                    }
                }
            }
            this.acceptedIssuers = (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        }
        return this.acceptedIssuers;
    }

    @Override // javax.net.ssl.X509TrustManager
    public synchronized void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (str == null || x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw new IllegalArgumentException();
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.finer("processing request to validate a client certificate...");
        }
        reloadTrustStore();
        if (this.tms != null) {
            for (int i = 0; i < this.tms.length; i++) {
                try {
                    this.tms[i].checkClientTrusted(x509CertificateArr, str);
                    return;
                } catch (CertificateException e) {
                }
            }
        }
        throw new CertificateException(new StringBuffer().append("no trust found for [").append(x509CertificateArr[0] == null ? "null" : x509CertificateArr[0].getSubjectDN().getName()).append("]").toString());
    }

    @Override // javax.net.ssl.X509TrustManager
    public synchronized void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (str == null || x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw new IllegalArgumentException();
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.finer("processing request to validate a server certificate...");
        }
        reloadTrustStore();
        if (this.tms != null) {
            for (int i = 0; i < this.tms.length; i++) {
                try {
                    this.tms[i].checkServerTrusted(x509CertificateArr, str);
                    return;
                } catch (CertificateException e) {
                }
            }
        }
        throw new CertificateException(new StringBuffer().append("no trust found for [").append(x509CertificateArr[0] == null ? "null" : x509CertificateArr[0].getSubjectDN().getName()).append("]").toString());
    }

    private X509TrustManager[] createTrustManagers() throws IOException, GeneralSecurityException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
        trustManagerFactory.init(TrustUtils.loadTrustStore());
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        X509TrustManager[] x509TrustManagerArr = null;
        if (trustManagers != null) {
            x509TrustManagerArr = new X509TrustManager[trustManagers.length];
            for (int i = 0; i < x509TrustManagerArr.length; i++) {
                x509TrustManagerArr[i] = (X509TrustManager) trustManagers[i];
            }
        }
        return x509TrustManagerArr;
    }

    private long getTrustStoreLastModified() {
        return new File(JmxClient.getStringParameter(null, JmxClient.TRUSTSTORE_FILE_KEY)).lastModified();
    }

    private void reloadTrustStore() {
        if (!this.initialized) {
            throw new IllegalStateException("not initialized yet");
        }
        try {
            long trustStoreLastModified = getTrustStoreLastModified();
            if (trustStoreLastModified != this.lastModifDate) {
                if (logger.isLoggable(Level.FINE)) {
                    logger.fine("truststore modified, reloading...");
                }
                this.tms = createTrustManagers();
                this.lastModifDate = trustStoreLastModified;
                this.acceptedIssuers = null;
                if (logger.isLoggable(Level.FINE)) {
                    logger.fine("truststore reloaded");
                }
            }
        } catch (Exception e) {
            logger.warning(new StringBuffer().append("error while verifying/reloading truststore : ").append(e.getMessage()).toString());
        }
    }
}
