package won.cryptography.ssl;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.http.ssl.TrustStrategy;

/* loaded from: input_file:WEB-INF/lib/won-core-0.2.jar:won/cryptography/ssl/TrustManagerWrapperWithStrategy.class */
public class TrustManagerWrapperWithStrategy implements X509TrustManager {
    private TrustStrategy trustStrategy;

    public TrustManagerWrapperWithStrategy(TrustStrategy trustStrategy) {
        this.trustStrategy = trustStrategy;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            X509TrustManager defaultTrustManager = getDefaultTrustManager();
            if (defaultTrustManager != null) {
                try {
                    defaultTrustManager.checkClientTrusted(x509CertificateArr, str);
                } catch (CertificateException e) {
                    if (!this.trustStrategy.isTrusted(x509CertificateArr, str)) {
                        throw new CertificateException("Client is not trusted neither by strategy nor by default trust manager");
                    }
                }
            }
        } catch (Exception e2) {
            throw new RuntimeException("trust manager could not be initialized", e2);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            X509TrustManager defaultTrustManager = getDefaultTrustManager();
            if (defaultTrustManager != null) {
                try {
                    defaultTrustManager.checkServerTrusted(x509CertificateArr, str);
                } catch (CertificateException e) {
                    if (!this.trustStrategy.isTrusted(x509CertificateArr, str)) {
                        throw new CertificateException("Server is not trusted neither by strategy nor by default trust manager");
                    }
                }
            }
        } catch (Exception e2) {
            throw new RuntimeException("trust manager could not be initialized", e2);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        try {
            X509TrustManager defaultTrustManager = getDefaultTrustManager();
            if (defaultTrustManager == null) {
                throw new RuntimeException("default trust manager is not found");
            }
            return defaultTrustManager.getAcceptedIssuers();
        } catch (Exception e) {
            throw new RuntimeException("trust manager could not be initialized with dynamic key store", e);
        }
    }

    private static X509TrustManager getDefaultTrustManager() throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
        trustManagerFactory.init((KeyStore) null);
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        return null;
    }
}
