package at.gv.egiz.bku.spring;

import at.gv.egiz.bku.conf.MoccaConfigurationFacade;
import iaik.logging.TransactionId;
import iaik.pki.PKIException;
import iaik.pki.PKIFactory;
import iaik.pki.PKIProfile;
import iaik.pki.store.truststore.TrustStoreException;
import iaik.pki.store.truststore.TrustStoreFactory;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Set;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.configuration.Configuration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MDC;

/* loaded from: input_file:BKULocal.war:WEB-INF/lib/bkucommon-1.4.1.jar:at/gv/egiz/bku/spring/PKITrustManager.class */
public class PKITrustManager implements X509TrustManager {
    protected PKIProfile pkiProfile;
    Logger log = LoggerFactory.getLogger(PKITrustManager.class);
    protected final ConfigurationFacade configurationFacade = new ConfigurationFacade();

    /* loaded from: input_file:BKULocal.war:WEB-INF/lib/bkucommon-1.4.1.jar:at/gv/egiz/bku/spring/PKITrustManager$ConfigurationFacade.class */
    public class ConfigurationFacade implements MoccaConfigurationFacade {
        private Configuration configuration;
        public static final String SSL_DISSABLE_ALL_CHECKS = "SSL.disableAllChecks";

        public ConfigurationFacade() {
        }

        public boolean disableAllSslChecks() {
            return this.configuration.getBoolean("SSL.disableAllChecks", false);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BKULocal.war:WEB-INF/lib/bkucommon-1.4.1.jar:at/gv/egiz/bku/spring/PKITrustManager$MDCTransactionId.class */
    public static class MDCTransactionId implements TransactionId {
        private MDCTransactionId() {
        }

        @Override // iaik.logging.TransactionId
        public String getLogID() {
            String str = MDC.get("SessionId");
            return str != null ? str : "PKITrustManager";
        }
    }

    public Configuration getConfiguration() {
        return this.configurationFacade.configuration;
    }

    public void setConfiguration(Configuration configuration) {
        this.configurationFacade.configuration = configuration;
    }

    public PKIProfile getPkiProfile() {
        return this.pkiProfile;
    }

    public void setPkiProfile(PKIProfile pKIProfile) {
        this.pkiProfile = pKIProfile;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkServerTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (this.pkiProfile == null) {
            throw new CertificateException("No PKI profile set. Configuration error.");
        }
        if (this.configurationFacade.disableAllSslChecks()) {
            this.log.warn("SSL certificate validation disabled. Accepted certificate {}.", x509CertificateArr[0].getSubjectDN());
            return;
        }
        iaik.x509.X509Certificate[] convertCerts = convertCerts(x509CertificateArr);
        try {
            if (PKIFactory.getInstance().getPKIModule(this.pkiProfile).validateCertificate(new Date(), convertCerts[0], convertCerts, null, new MDCTransactionId()).isCertificateValid()) {
            } else {
                throw new CertificateException("Certificate not valid.");
            }
        } catch (PKIException e) {
            this.log.warn("Failed to validate certificate.", (Throwable) e);
            throw new CertificateException("Failed to validate certificate. " + e.getMessage());
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        if (this.pkiProfile == null) {
            this.log.warn("No PKI profile set. Configuration error.");
            return new X509Certificate[0];
        }
        MDCTransactionId mDCTransactionId = new MDCTransactionId();
        try {
            Set<iaik.x509.X509Certificate> trustedCertificates = TrustStoreFactory.getInstance(this.pkiProfile.getTrustStoreProfile(), mDCTransactionId).getTrustedCertificates(mDCTransactionId);
            return (X509Certificate[]) trustedCertificates.toArray(new X509Certificate[trustedCertificates.size()]);
        } catch (TrustStoreException e) {
            this.log.warn("Failed to get list of accepted issuers.", (Throwable) e);
            return new X509Certificate[0];
        } catch (ClassCastException e2) {
            this.log.error("Failed to cast list of accepted issuers.", (Throwable) e2);
            return new X509Certificate[0];
        }
    }

    private static iaik.x509.X509Certificate[] convertCerts(X509Certificate[] x509CertificateArr) throws CertificateException {
        iaik.x509.X509Certificate[] x509CertificateArr2 = new iaik.x509.X509Certificate[x509CertificateArr.length];
        int i = 0;
        for (X509Certificate x509Certificate : x509CertificateArr) {
            if (x509Certificate instanceof iaik.x509.X509Certificate) {
                int i2 = i;
                i++;
                x509CertificateArr2[i2] = (iaik.x509.X509Certificate) x509Certificate;
            } else {
                int i3 = i;
                i++;
                x509CertificateArr2[i3] = new iaik.x509.X509Certificate(x509Certificate.getEncoded());
            }
        }
        return x509CertificateArr2;
    }
}
