package org.jivesoftware.smack;

import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Principal;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.net.ssl.X509TrustManager;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:META-INF/repository/kie-eap-distribution-7.5.0-SNAPSHOT.zip:modules/system/layers/bpms/jivesoftware/main/smack-3.1.0.jar:org/jivesoftware/smack/ServerTrustManager.class */
public class ServerTrustManager implements X509TrustManager {
    private static Pattern cnPattern = Pattern.compile("(?i)(cn=)([^,]*)");
    private ConnectionConfiguration configuration;
    private String server;
    private KeyStore trustStore;

    public ServerTrustManager(String str, ConnectionConfiguration connectionConfiguration) {
        this.configuration = connectionConfiguration;
        this.server = str;
        FileInputStream fileInputStream = null;
        try {
            try {
                this.trustStore = KeyStore.getInstance(connectionConfiguration.getTruststoreType());
                fileInputStream = new FileInputStream(connectionConfiguration.getTruststorePath());
                this.trustStore.load(fileInputStream, connectionConfiguration.getTruststorePassword().toCharArray());
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e) {
                    }
                }
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e2) {
                    }
                }
                throw th;
            }
        } catch (Exception e3) {
            e3.printStackTrace();
            connectionConfiguration.setVerifyRootCAEnabled(false);
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e4) {
                }
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        int length = x509CertificateArr.length;
        List<String> peerIdentity = getPeerIdentity(x509CertificateArr[0]);
        if (this.configuration.isVerifyChainEnabled()) {
            Principal principal = null;
            for (int i = length - 1; i >= 0; i--) {
                X509Certificate x509Certificate = x509CertificateArr[i];
                Principal issuerDN = x509Certificate.getIssuerDN();
                Principal subjectDN = x509Certificate.getSubjectDN();
                if (principal != null) {
                    if (!issuerDN.equals(principal)) {
                        throw new CertificateException("subject/issuer verification failed of " + peerIdentity);
                    }
                    try {
                        x509CertificateArr[i].verify(x509CertificateArr[i + 1].getPublicKey());
                    } catch (GeneralSecurityException e) {
                        throw new CertificateException("signature verification failed of " + peerIdentity);
                    }
                }
                principal = subjectDN;
            }
        }
        if (this.configuration.isVerifyRootCAEnabled()) {
            boolean z = false;
            try {
                z = this.trustStore.getCertificateAlias(x509CertificateArr[length - 1]) != null;
                if (!z && length == 1 && this.configuration.isSelfSignedCertificateEnabled()) {
                    System.out.println("Accepting self-signed certificate of remote server: " + peerIdentity);
                    z = true;
                }
            } catch (KeyStoreException e2) {
                e2.printStackTrace();
            }
            if (!z) {
                throw new CertificateException("root certificate not trusted of " + peerIdentity);
            }
        }
        if (this.configuration.isNotMatchingDomainCheckEnabled()) {
            if (peerIdentity.size() == 1 && peerIdentity.get(0).startsWith("*.")) {
                if (!this.server.endsWith(peerIdentity.get(0).replace("*.", ""))) {
                    throw new CertificateException("target verification failed of " + peerIdentity);
                }
            } else if (!peerIdentity.contains(this.server)) {
                throw new CertificateException("target verification failed of " + peerIdentity);
            }
        }
        if (this.configuration.isExpiredCertificatesCheckEnabled()) {
            Date date = new Date();
            for (X509Certificate x509Certificate2 : x509CertificateArr) {
                try {
                    x509Certificate2.checkValidity(date);
                } catch (GeneralSecurityException e3) {
                    throw new CertificateException("invalid date of " + this.server);
                }
            }
        }
    }

    public static List<String> getPeerIdentity(X509Certificate x509Certificate) {
        List<String> subjectAlternativeNames = getSubjectAlternativeNames(x509Certificate);
        if (subjectAlternativeNames.isEmpty()) {
            String name = x509Certificate.getSubjectDN().getName();
            Matcher matcher = cnPattern.matcher(name);
            if (matcher.find()) {
                name = matcher.group(2);
            }
            subjectAlternativeNames = new ArrayList();
            subjectAlternativeNames.add(name);
        }
        return subjectAlternativeNames;
    }

    private static List<String> getSubjectAlternativeNames(X509Certificate x509Certificate) {
        ArrayList arrayList = new ArrayList();
        try {
            if (x509Certificate.getSubjectAlternativeNames() == null) {
                return Collections.emptyList();
            }
        } catch (CertificateParsingException e) {
            e.printStackTrace();
        }
        return arrayList;
    }
}
