package org.minidns.dane.java7;

import java.net.Socket;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.logging.Logger;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import org.minidns.AbstractDNSClient;
import org.minidns.dane.DaneVerifier;

/* loaded from: input_file:org/minidns/dane/java7/DaneExtendedTrustManager.class */
public class DaneExtendedTrustManager extends X509ExtendedTrustManager {
    private static final Logger LOGGER = Logger.getLogger(DaneExtendedTrustManager.class.getName());
    private final X509TrustManager base;
    private final DaneVerifier verifier;

    public static void inject() {
        inject(new DaneExtendedTrustManager());
    }

    public static void inject(DaneExtendedTrustManager daneExtendedTrustManager) {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{daneExtendedTrustManager}, null);
            SSLContext.setDefault(sSLContext);
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public DaneExtendedTrustManager() {
        this(getDefaultTrustManager());
    }

    public DaneExtendedTrustManager(AbstractDNSClient abstractDNSClient) {
        this(abstractDNSClient, getDefaultTrustManager());
    }

    private static X509TrustManager getDefaultTrustManager() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    return (X509TrustManager) trustManager;
                }
            }
            return null;
        } catch (KeyStoreException | NoSuchAlgorithmException e) {
            throw new RuntimeException("X.509 not supported.", e);
        }
    }

    public DaneExtendedTrustManager(X509TrustManager x509TrustManager) {
        this(new DaneVerifier(), x509TrustManager);
    }

    public DaneExtendedTrustManager(AbstractDNSClient abstractDNSClient, X509TrustManager x509TrustManager) {
        this(new DaneVerifier(abstractDNSClient), x509TrustManager);
    }

    public DaneExtendedTrustManager(DaneVerifier daneVerifier, X509TrustManager x509TrustManager) {
        this.verifier = daneVerifier;
        this.base = x509TrustManager;
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        if (this.base == null) {
            LOGGER.warning("DaneExtendedTrustManager invalidly used for client certificate check and no fallback X509TrustManager specified");
            return;
        }
        LOGGER.info("DaneExtendedTrustManager invalidly used for client certificate check forwarding request to fallback X509TrustManage");
        if (this.base instanceof X509ExtendedTrustManager) {
            ((X509ExtendedTrustManager) this.base).checkClientTrusted(x509CertificateArr, str, socket);
        } else {
            this.base.checkClientTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        if (this.verifier.verifyCertificateChain(x509CertificateArr, socket.getInetAddress().getHostName(), socket.getPort())) {
            return;
        }
        if (this.base instanceof X509ExtendedTrustManager) {
            ((X509ExtendedTrustManager) this.base).checkServerTrusted(x509CertificateArr, str, socket);
        } else {
            this.base.checkClientTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        if (this.base == null) {
            LOGGER.warning("DaneExtendedTrustManager invalidly used for client certificate check and no fallback X509TrustManager specified");
            return;
        }
        LOGGER.info("DaneExtendedTrustManager invalidly used for client certificate check, forwarding request to fallback X509TrustManage");
        if (this.base instanceof X509ExtendedTrustManager) {
            ((X509ExtendedTrustManager) this.base).checkClientTrusted(x509CertificateArr, str, sSLEngine);
        } else {
            this.base.checkClientTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        if (this.verifier.verifyCertificateChain(x509CertificateArr, sSLEngine.getPeerHost(), sSLEngine.getPeerPort())) {
            return;
        }
        if (this.base instanceof X509ExtendedTrustManager) {
            ((X509ExtendedTrustManager) this.base).checkServerTrusted(x509CertificateArr, str, sSLEngine);
        } else {
            this.base.checkClientTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (this.base == null) {
            LOGGER.warning("DaneExtendedTrustManager invalidly used for client certificate check and no fallback X509TrustManager specified");
        } else {
            LOGGER.info("DaneExtendedTrustManager invalidly used for client certificate check, forwarding request to fallback X509TrustManage");
            this.base.checkClientTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        LOGGER.info("DaneExtendedTrustManager cannot be used without hostname information, forwarding request to fallback X509TrustManage");
        this.base.checkServerTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.base.getAcceptedIssuers();
    }
}
