package com.azure.security.keyvault.jca;

import java.io.IOException;
import java.net.Socket;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:com/azure/security/keyvault/jca/KeyVaultTrustManager.class */
public class KeyVaultTrustManager extends X509ExtendedTrustManager {
    private X509TrustManager defaultTrustManager;
    private KeyStore keyStore;

    public KeyVaultTrustManager(KeyStore keyStore) {
        this.keyStore = keyStore;
        if (this.keyStore == null) {
            try {
                this.keyStore = KeyStore.getInstance("AzureKeyVault");
                this.keyStore.load(null, null);
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                e.printStackTrace();
            }
        }
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX", "SunJSSE");
            trustManagerFactory.init(keyStore);
            this.defaultTrustManager = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
        } catch (KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException e2) {
            e2.printStackTrace();
        }
        if (this.defaultTrustManager == null) {
            try {
                TrustManagerFactory trustManagerFactory2 = TrustManagerFactory.getInstance("PKIX", "IbmJSSE");
                trustManagerFactory2.init(keyStore);
                this.defaultTrustManager = (X509TrustManager) trustManagerFactory2.getTrustManagers()[0];
            } catch (KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException e3) {
                e3.printStackTrace();
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        boolean z = true;
        try {
            this.defaultTrustManager.checkClientTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            z = false;
        }
        if (z) {
            return;
        }
        String str2 = null;
        try {
            str2 = this.keyStore.getCertificateAlias(x509CertificateArr[0]);
        } catch (KeyStoreException e2) {
            e2.printStackTrace();
        }
        if (str2 == null) {
            throw new CertificateException("Unable to verify in keystore");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        boolean z = true;
        try {
            this.defaultTrustManager.checkServerTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            z = false;
        }
        if (z) {
            return;
        }
        String str2 = null;
        try {
            str2 = this.keyStore.getCertificateAlias(x509CertificateArr[0]);
        } catch (KeyStoreException e2) {
            e2.printStackTrace();
        }
        if (str2 == null) {
            throw new CertificateException("Unable to verify in keystore");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        checkServerTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        checkServerTrusted(x509CertificateArr, str);
    }
}
