package com.liferay.portal.json.web.service.client.internal;

import com.liferay.portal.kernel.util.ArrayUtil;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:com/liferay/portal/json/web/service/client/internal/X509TrustManagerImpl.class */
public class X509TrustManagerImpl implements X509TrustManager {
    private final X509TrustManager _defaultX509TrustManager;
    private final X509TrustManager _extraX509TrustManager;
    private final boolean _trustSelfSignedCertificates;

    public X509TrustManagerImpl() {
        try {
            this._defaultX509TrustManager = _getX509TrustManager(null);
            this._extraX509TrustManager = null;
            this._trustSelfSignedCertificates = true;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public X509TrustManagerImpl(KeyStore keyStore, boolean z) {
        try {
            this._defaultX509TrustManager = _getX509TrustManager(null);
            if (keyStore != null) {
                this._extraX509TrustManager = _getX509TrustManager(keyStore);
            } else {
                this._extraX509TrustManager = null;
            }
            this._trustSelfSignedCertificates = z;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (this._trustSelfSignedCertificates && x509CertificateArr.length == 1) {
            return;
        }
        try {
            this._defaultX509TrustManager.checkClientTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            if (this._extraX509TrustManager == null) {
                throw e;
            }
            this._extraX509TrustManager.checkClientTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (this._trustSelfSignedCertificates && x509CertificateArr.length == 1) {
            return;
        }
        try {
            this._defaultX509TrustManager.checkServerTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            if (this._extraX509TrustManager == null) {
                throw e;
            }
            this._extraX509TrustManager.checkServerTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this._extraX509TrustManager != null ? (X509Certificate[]) ArrayUtil.append((Object[]) this._defaultX509TrustManager.getAcceptedIssuers(), (Object[]) this._extraX509TrustManager.getAcceptedIssuers()) : this._defaultX509TrustManager.getAcceptedIssuers();
    }

    private X509TrustManager _getX509TrustManager(KeyStore keyStore) throws Exception {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        return null;
    }
}
