package com.unboundid.util.ssl;

import com.unboundid.util.Debug;
import com.unboundid.util.NotMutable;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.PrintStream;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Iterator;
import java.util.concurrent.ConcurrentHashMap;
import javax.net.ssl.X509TrustManager;
import org.apache.batik.util.SVGConstants;
import org.springframework.beans.propertyeditors.CustomBooleanEditor;

@ThreadSafety(level = ThreadSafetyLevel.COMPLETELY_THREADSAFE)
@NotMutable
/* loaded from: input_file:WEB-INF/lib/unboundid-ldapsdk-1.1.4.jar:com/unboundid/util/ssl/PromptTrustManager.class */
public final class PromptTrustManager implements X509TrustManager {
    private final boolean examineValidityDates;
    private final ConcurrentHashMap<String, Boolean> acceptedCerts;
    private final InputStream in;
    private final PrintStream out;
    private final String acceptedCertsFile;

    public PromptTrustManager() {
        this(null, true, null, null);
    }

    public PromptTrustManager(String str) {
        this(str, true, null, null);
    }

    public PromptTrustManager(String str, boolean z, InputStream inputStream, PrintStream printStream) {
        this.acceptedCertsFile = str;
        this.examineValidityDates = z;
        if (inputStream == null) {
            this.in = System.in;
        } else {
            this.in = inputStream;
        }
        if (printStream == null) {
            this.out = System.out;
        } else {
            this.out = printStream;
        }
        this.acceptedCerts = new ConcurrentHashMap<>();
        if (str != null) {
            BufferedReader bufferedReader = null;
            try {
                try {
                    File file = new File(str);
                    if (file.exists()) {
                        bufferedReader = new BufferedReader(new FileReader(file));
                        while (true) {
                            String readLine = bufferedReader.readLine();
                            if (readLine == null) {
                                break;
                            } else {
                                this.acceptedCerts.put(readLine, false);
                            }
                        }
                    }
                    if (bufferedReader != null) {
                        try {
                            bufferedReader.close();
                        } catch (Exception e) {
                            Debug.debugException(e);
                        }
                    }
                } catch (Throwable th) {
                    if (bufferedReader != null) {
                        try {
                            bufferedReader.close();
                        } catch (Exception e2) {
                            Debug.debugException(e2);
                        }
                    }
                    throw th;
                }
            } catch (Exception e3) {
                Debug.debugException(e3);
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (Exception e4) {
                        Debug.debugException(e4);
                    }
                }
            }
        }
    }

    private void writeCacheFile() throws IOException {
        File file = new File(this.acceptedCertsFile + ".new");
        BufferedWriter bufferedWriter = null;
        try {
            bufferedWriter = new BufferedWriter(new FileWriter(file));
            Iterator<String> it = this.acceptedCerts.keySet().iterator();
            while (it.hasNext()) {
                bufferedWriter.write(it.next());
                bufferedWriter.newLine();
            }
            if (bufferedWriter != null) {
                bufferedWriter.close();
            }
            File file2 = new File(this.acceptedCertsFile);
            if (file2.exists()) {
                File file3 = new File(this.acceptedCertsFile + ".previous");
                if (file3.exists()) {
                    file3.delete();
                }
                file2.renameTo(file3);
            }
            file.renameTo(file2);
        } catch (Throwable th) {
            if (bufferedWriter != null) {
                bufferedWriter.close();
            }
            throw th;
        }
    }

    private synchronized void checkCertificateChain(X509Certificate[] x509CertificateArr) throws CertificateException {
        String readLine;
        Date date = new Date();
        int length = x509CertificateArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            X509Certificate x509Certificate = x509CertificateArr[i];
            Boolean bool = this.acceptedCerts.get(StaticUtils.toLowerCase(StaticUtils.toHex(x509Certificate.getSignature())));
            if (bool == null) {
                i++;
            } else {
                if (bool.booleanValue() || !this.examineValidityDates) {
                    return;
                }
                if (!date.before(x509Certificate.getNotBefore()) && !date.after(x509Certificate.getNotAfter())) {
                    return;
                }
            }
        }
        X509Certificate x509Certificate2 = x509CertificateArr[0];
        this.out.println(SSLMessages.INFO_PROMPT_HEADING.get());
        this.out.println(SSLMessages.INFO_PROMPT_SUBJECT.get(String.valueOf(x509Certificate2.getSubjectX500Principal())));
        this.out.println(SSLMessages.INFO_PROMPT_ISSUER.get(String.valueOf(x509Certificate2.getIssuerX500Principal())));
        this.out.println(SSLMessages.INFO_PROMPT_VALIDITY.get(String.valueOf(x509Certificate2.getNotBefore()), String.valueOf(x509Certificate2.getNotAfter())));
        boolean z = false;
        if (date.before(x509Certificate2.getNotBefore())) {
            z = true;
            this.out.println();
            this.out.println(SSLMessages.WARNING_PROMPT_NOT_YET_VALID.get());
            this.out.println();
        } else if (date.after(x509Certificate2.getNotAfter())) {
            z = true;
            this.out.println();
            this.out.println(SSLMessages.WARNING_PROMPT_EXPIRED.get());
            this.out.println();
        }
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(this.in));
        while (true) {
            try {
                this.out.println();
                this.out.println(SSLMessages.INFO_PROMPT_MESSAGE.get());
                this.out.flush();
                readLine = bufferedReader.readLine();
            } catch (CertificateException e) {
                throw e;
            } catch (Exception e2) {
                Debug.debugException(e2);
            }
            if (readLine.equalsIgnoreCase(SVGConstants.SVG_Y_ATTRIBUTE) || readLine.equalsIgnoreCase(CustomBooleanEditor.VALUE_YES)) {
                break;
            }
            if (readLine.equalsIgnoreCase("n") || readLine.equalsIgnoreCase(CustomBooleanEditor.VALUE_NO)) {
                throw new CertificateException(SSLMessages.ERR_CERTIFICATE_REJECTED_BY_USER.get());
                break;
            }
        }
        this.acceptedCerts.put(StaticUtils.toLowerCase(StaticUtils.toHex(x509Certificate2.getSignature())), Boolean.valueOf(z));
        if (this.acceptedCertsFile != null) {
            try {
                writeCacheFile();
            } catch (Exception e3) {
                Debug.debugException(e3);
            }
        }
    }

    public boolean examineValidityDates() {
        return this.examineValidityDates;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkCertificateChain(x509CertificateArr);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkCertificateChain(x509CertificateArr);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}
