package cn.mzhong.springboot.hotssl.tomcat;

import cn.mzhong.springboot.hotssl.util.KeyStoreLoader;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;
import org.springframework.beans.factory.annotation.Value;

/* loaded from: input_file:cn/mzhong/springboot/hotssl/tomcat/DefaultX509TrustManager.class */
public class DefaultX509TrustManager implements X509TrustManager {

    @Value("${server.ssl.trust-store}")
    private String trustStore;

    @Value("${server.ssl.trust-store-password}")
    private String trustStorePassword = "";

    @Value("${server.ssl.trust-store-type:JKS}")
    private String trustStoreType;

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        KeyStore load = KeyStoreLoader.load(this.trustStore, this.trustStorePassword, this.trustStoreType);
        for (X509Certificate x509Certificate : x509CertificateArr) {
            if (load.getCertificateAlias(x509Certificate) != null) {
                return;
            }
        }
        throw new CertificateException();
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}
