package aQute.bnd.url;

import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Base64;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import javax.net.ssl.X509TrustManager;

/* JADX WARN: Classes with same name are omitted:
  input_file:plugins/biz.aQute.bndlib_5.1.1.202006162103.jar:aQute/bnd/url/LocalTrustManager.class
 */
/* loaded from: input_file:plugins/org.bndtools.headless.build.plugin.ant_5.1.1.202006162103.jar:templates/cnf/plugins/biz.aQute.bnd/biz.aQute.bnd.jar:aQute/bnd/url/LocalTrustManager.class */
class LocalTrustManager implements X509TrustManager {
    static final CertificateFactory cf;
    static final CertPathValidator validator;
    static final X509Certificate[] empty = new X509Certificate[0];
    static final Base64.Decoder DECODER = Base64.getMimeDecoder();
    private Set<TrustAnchor> anchors;
    private List<X509Certificate> trusted;
    private PKIXParameters parameter;
    private boolean verify;

    public LocalTrustManager(boolean z, List<X509Certificate> list) throws InvalidAlgorithmParameterException {
        this.verify = z;
        this.trusted = list;
        if (list.isEmpty()) {
            return;
        }
        this.anchors = (Set) list.stream().map(x509Certificate -> {
            return new TrustAnchor(x509Certificate, null);
        }).collect(Collectors.toSet());
        this.parameter = new PKIXParameters(this.anchors);
        this.parameter.setRevocationEnabled(false);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (this.verify) {
            if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                throw new IllegalArgumentException("null or empty chain");
            }
            if (str == null || str.isEmpty()) {
                throw new IllegalArgumentException("no authentication type");
            }
            try {
                validator.validate(cf.generateCertPath(Arrays.asList(x509CertificateArr)), this.parameter);
            } catch (InvalidAlgorithmParameterException | CertPathValidatorException e) {
                throw new CertificateException(e);
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return (X509Certificate[]) this.trusted.toArray(empty);
    }

    static {
        try {
            cf = CertificateFactory.getInstance("X.509");
            validator = CertPathValidator.getInstance("PKIX");
        } catch (NoSuchAlgorithmException | CertificateException e) {
            throw new RuntimeException(e);
        }
    }
}
