package org.globus.gsi.trustmanager;

import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStoreException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertPathValidatorSpi;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.globus.gsi.X509ProxyCertPathParameters;
import org.globus.gsi.util.CertificateLoadUtil;
import org.globus.gsi.util.CertificateUtil;

/* loaded from: input_file:BOOT-INF/lib/ssl-proxies-2.1.0.jar:org/globus/gsi/trustmanager/PKITrustManager.class */
public class PKITrustManager implements X509TrustManager {
    private CertPathValidatorSpi validator;
    private X509ProxyCertPathParameters parameters;
    private CertPathValidatorResult result;
    private Log logger = LogFactory.getLog(getClass().getCanonicalName());

    public PKITrustManager(CertPathValidatorSpi certPathValidatorSpi, X509ProxyCertPathParameters x509ProxyCertPathParameters) {
        if (certPathValidatorSpi == null) {
            throw new IllegalArgumentException("Validator cannot be null");
        }
        if (x509ProxyCertPathParameters == null) {
            throw new IllegalArgumentException("Parameter cannot be null");
        }
        this.validator = certPathValidatorSpi;
        this.parameters = x509ProxyCertPathParameters;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            this.result = this.validator.engineValidate(CertificateUtil.getCertPath(x509CertificateArr), this.parameters);
        } catch (InvalidAlgorithmParameterException e) {
            throw new CertificateException("Path validation failed: " + e.getMessage(), e);
        } catch (CertPathValidatorException e2) {
            throw new CertificateException("Path validation failed: " + e2.getMessage(), e2);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            this.result = this.validator.engineValidate(CertificateUtil.getCertPath(x509CertificateArr), this.parameters);
        } catch (InvalidAlgorithmParameterException e) {
            throw new CertificateException("Path validation failed. " + e.getMessage(), e);
        } catch (CertPathValidatorException e2) {
            throw new CertificateException("Path validation failed. " + e2.getMessage(), e2);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        try {
            Collection<X509Certificate> trustedCertificates = CertificateLoadUtil.getTrustedCertificates(this.parameters.getTrustStore(), null);
            return (X509Certificate[]) trustedCertificates.toArray(new X509Certificate[trustedCertificates.size()]);
        } catch (KeyStoreException e) {
            this.logger.warn("Unable to load trusted Certificates.  Authentication will fail.", e);
            return new X509Certificate[0];
        }
    }

    public CertPathValidatorResult getValidationResult() {
        return this.result;
    }
}
