package de.epikur.shared.security;

import de.epikur.shared.SharedDirs;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.annotation.Nullable;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:de/epikur/shared/security/CustomTrustManager.class */
public class CustomTrustManager implements X509TrustManager {

    @Nullable
    private static X509Certificate[] trustedOwnCaCerts;

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        boolean z = false;
        if (trustedOwnCaCerts != null) {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                z = z || isTrusted(x509Certificate, trustedOwnCaCerts);
            }
        }
        if (!z) {
            throw new CertificateException();
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }

    private boolean isTrusted(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr) {
        for (X509Certificate x509Certificate2 : x509CertificateArr) {
            if (x509Certificate.getSubjectDN().equals(x509Certificate2.getSubjectDN()) && x509Certificate.equals(x509Certificate2)) {
                return true;
            }
        }
        for (X509Certificate x509Certificate3 : x509CertificateArr) {
            if (x509Certificate.getIssuerDN().equals(x509Certificate3.getSubjectDN())) {
                try {
                    x509Certificate.verify(x509Certificate3.getPublicKey());
                    return true;
                } catch (Exception e) {
                }
            }
        }
        return false;
    }

    static {
        Path resolve = Paths.get(SharedDirs.getHomeDir() + File.separatorChar + SharedDirs.getEpikurDir() + File.separatorChar, new String[0]).resolve("keys").resolve("cacerts.jks");
        if (Files.exists(resolve, new LinkOption[0])) {
            try {
                InputStream newInputStream = Files.newInputStream(resolve, new OpenOption[0]);
                try {
                    KeyStore keyStore = KeyStore.getInstance("JKS");
                    keyStore.load(newInputStream, "changeit".toCharArray());
                    trustedOwnCaCerts = new X509Certificate[]{(X509Certificate) keyStore.getCertificate("s1as")};
                    if (newInputStream != null) {
                        newInputStream.close();
                    }
                } finally {
                }
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                System.err.println(e.getMessage());
            }
        }
    }
}
