package filenet.ws.utils.jsse;

import filenet.vw.base.logging.IPELoggingSubsystems;
import filenet.vw.base.logging.Level;
import filenet.vw.base.logging.Logger;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:filenet/ws/utils/jsse/FnTrustManager.class */
public class FnTrustManager implements X509TrustManager {
    private KeyStore keyStore;
    private String keyStorePath;
    private char[] keyStorePassword;
    private X509TrustManager standardTrustManager;
    protected static Logger logger = Logger.getLogger(IPELoggingSubsystems.CI_WS_SSL);
    private static String m_className = "FnTrustManager";
    boolean autoTrusted;

    public static String _get_FILE_DATE() {
        return "$Date:   10 Sep 2008 10:04:38  $";
    }

    public static String _get_FILE_AUTHOR() {
        return "$Author:   ysoong  $";
    }

    public static String _get_FILE_REVISION() {
        return "$Revision:   1.4  $";
    }

    public FnTrustManager(KeyStore keyStore, String str, char[] cArr, boolean z) throws Exception {
        this.standardTrustManager = null;
        this.autoTrusted = false;
        this.keyStore = keyStore;
        this.keyStorePath = str;
        this.keyStorePassword = cArr;
        this.autoTrusted = z;
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(WSJSSE.getInstance().getTrustManagerAlgorithm());
        trustManagerFactory.init(keyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        for (int i = 0; i < trustManagers.length; i++) {
            if (trustManagers[i] instanceof X509TrustManager) {
                this.standardTrustManager = (X509TrustManager) trustManagers[i];
                return;
            }
        }
        throw new Exception("Couldn't initialize");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            this.standardTrustManager.checkClientTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            if (!this.autoTrusted) {
                throw e;
            }
            handleUntrustedCertificate(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            this.standardTrustManager.checkServerTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            if (!this.autoTrusted) {
                throw e;
            }
            handleUntrustedCertificate(x509CertificateArr, str);
        }
    }

    private void traceCertificates(X509Certificate[] x509CertificateArr, String str) {
        if (logger.isLoggable(Level.FINEST)) {
            StringBuffer stringBuffer = new StringBuffer();
            for (int i = 0; i < x509CertificateArr.length; i++) {
                stringBuffer.append("\nauthType=").append(str).append("\nCertificate chain[" + i + "]:").append(x509CertificateArr[i]);
            }
            if (logger.isFinest()) {
                logger.finest(m_className, "traceCertificates", stringBuffer.toString());
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.standardTrustManager.getAcceptedIssuers();
    }

    private void refreshKeyStore() {
        try {
            this.keyStore = FnJSSESocketFactory.initKeyStore(this.keyStorePath, this.keyStorePassword);
        } catch (Throwable th) {
            logger.finest(m_className, "refreshKeyStore", "Ex:" + th.getMessage());
        }
    }

    /* JADX WARN: Finally extract failed */
    private void handleUntrustedCertificate(X509Certificate[] x509CertificateArr, String str) {
        String str2 = "handleUntrustedCertificate:" + str;
        logger.entering(m_className, str2);
        traceCertificates(x509CertificateArr, str);
        try {
            refreshKeyStore();
            logger.finest(m_className, str2, "Trusting certificates...");
            for (int i = 0; i < x509CertificateArr.length; i++) {
                this.keyStore.setCertificateEntry(x509CertificateArr[i].getIssuerDN().toString(), x509CertificateArr[i]);
            }
            FileOutputStream fileOutputStream = null;
            try {
                try {
                    FileOutputStream fileOutputStream2 = new FileOutputStream(this.keyStorePath);
                    this.keyStore.store(fileOutputStream2, this.keyStorePassword);
                    fileOutputStream2.close();
                    fileOutputStream = null;
                    if (logger.isFinest()) {
                        logger.finest(m_className, str2, "Saved certificates to " + this.keyStorePath);
                    }
                    if (0 != 0) {
                        try {
                            fileOutputStream.close();
                        } catch (Exception e) {
                        }
                    }
                } catch (Throwable th) {
                    logger.warning(m_className, str2, "Failed to store certificates to " + this.keyStorePath + ", ex=" + th.getMessage());
                    if (fileOutputStream != null) {
                        try {
                            fileOutputStream.close();
                        } catch (Exception e2) {
                        }
                    }
                }
            } catch (Throwable th2) {
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                    } catch (Exception e3) {
                    }
                }
                throw th2;
            }
        } catch (Exception e4) {
            logger.throwing(m_className, str2, e4);
        }
        logger.exiting(m_className, str2);
    }
}
