package org.wso2.carbon.identity.core.util;

import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.base.ServerConfiguration;
import org.wso2.carbon.identity.base.IdentityException;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.identity.core-5.17.109.jar:org/wso2/carbon/identity/core/util/ClientAuthX509TrustManager.class */
public class ClientAuthX509TrustManager implements X509TrustManager {
    private X509TrustManager trustManager;
    private static Log log = LogFactory.getLog(ClientAuthX509TrustManager.class);
    private static final ServerConfiguration config = ServerConfiguration.getInstance();
    private static final String TRUST_STORE_LOCATION = config.getFirstProperty("Security.TrustStore.Location");
    private static final String TRUST_STORE_TYPE = config.getFirstProperty("Security.TrustStore.Type");

    public ClientAuthX509TrustManager() throws Exception {
        setupTrustManager();
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            if (Boolean.parseBoolean(System.getProperty(IdentityUtil.PROP_TRUST_STORE_UPDATE_REQUIRED))) {
                setupTrustManager();
            }
            this.trustManager.checkClientTrusted(x509CertificateArr, str);
        } catch (Exception e) {
            throw new CertificateException("Error occurred while setting up trust manager." + e.getCause(), e);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.trustManager.checkServerTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        try {
            setupTrustManager();
        } catch (Exception e) {
            log.error("Error occurred while reloading trust-store.");
        }
        return this.trustManager.getAcceptedIssuers();
    }

    private void setupTrustManager() throws Exception {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        FileInputStream fileInputStream = new FileInputStream(TRUST_STORE_LOCATION);
        Throwable th = null;
        try {
            KeyStore keyStore = KeyStore.getInstance(TRUST_STORE_TYPE);
            keyStore.load(fileInputStream, null);
            trustManagerFactory.init(keyStore);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    this.trustManager = (X509TrustManager) trustManager;
                    System.setProperty(IdentityUtil.PROP_TRUST_STORE_UPDATE_REQUIRED, Boolean.FALSE.toString());
                    if (fileInputStream != null) {
                        if (0 == 0) {
                            fileInputStream.close();
                            return;
                        }
                        try {
                            fileInputStream.close();
                            return;
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                            return;
                        }
                    }
                    return;
                }
            }
            throw new IdentityException("No X509TrustManager in TrustManagerFactory");
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (0 != 0) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }
}
