package de.bos_bremen.commons.net.http.ssl;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:de/bos_bremen/commons/net/http/ssl/AuthSSLX509TrustManager.class */
public class AuthSSLX509TrustManager implements X509TrustManager {
    private X509TrustManager defaultTrustManager;
    private static final Log LOG = LogFactory.getLog(AuthSSLX509TrustManager.class);

    public AuthSSLX509TrustManager(X509TrustManager x509TrustManager) {
        if (x509TrustManager == null) {
            throw new IllegalArgumentException("Trust manager may not be null");
        }
        this.defaultTrustManager = x509TrustManager;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        LOG.debug("Checking SSL client certificates.");
        logCertChain(x509CertificateArr);
        this.defaultTrustManager.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        LOG.debug("Checking trusted server certificates.");
        logCertChain(x509CertificateArr);
        try {
            this.defaultTrustManager.checkServerTrusted(x509CertificateArr, str);
            LOG.debug("Checking of SSL server certificates suceeded.");
        } catch (CertificateException e) {
            LOG.warn("Checking of trusted certificates failed. Reordering and trying again");
            X509Certificate[] reorder = CertificateChain.reorder(x509CertificateArr);
            logCertChain(reorder);
            this.defaultTrustManager.checkServerTrusted(reorder, str);
            LOG.debug("Checking of reordered SSL server certificates suceeded.");
        }
    }

    private void logCertChain(X509Certificate[] x509CertificateArr) {
        if (!LOG.isDebugEnabled() || x509CertificateArr == null) {
            return;
        }
        for (int i = 0; i < x509CertificateArr.length; i++) {
            X509Certificate x509Certificate = x509CertificateArr[i];
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("Presented certificate #").append(i + 1).append(" in chain: ").append(x509Certificate.getSubjectDN()).append(";");
            stringBuffer.append("subject DN: ").append(x509Certificate.getSubjectDN()).append(";");
            stringBuffer.append("signature Algorithm: ").append(x509Certificate.getSigAlgName()).append(";");
            stringBuffer.append("valid from: ").append(x509Certificate.getNotBefore()).append(";");
            stringBuffer.append("valid until: ").append(x509Certificate.getNotAfter()).append(";");
            stringBuffer.append("issuer: ").append(x509Certificate.getIssuerDN());
            LOG.debug(stringBuffer.toString());
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.defaultTrustManager.getAcceptedIssuers();
    }
}
