package org.glite.security.trustmanager;

import java.io.IOException;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import javax.net.ssl.X509TrustManager;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.crypto.digests.MD5Digest;

/* loaded from: input_file:org/glite/security/trustmanager/OpensslTrustmanager.class */
public class OpensslTrustmanager implements X509TrustManager {
    private static final Logger LOGGER = Logger.getLogger(OpensslTrustmanager.class);
    private OpensslCertPathValidator m_validator;

    public OpensslTrustmanager(String str, boolean z) throws IOException, CertificateException, ParseException, NoSuchProviderException {
        this.m_validator = null;
        this.m_validator = new OpensslCertPathValidator(str, z);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        LOGGER.debug("CheckClientTrusted cert=" + x509CertificateArr + " string= " + str);
        try {
            this.m_validator.check(x509CertificateArr);
        } catch (Exception e) {
            LOGGER.info("The certificate validation for [" + x509CertificateArr[0].getSubjectDN() + "] failed: " + e.getMessage());
            throw new CertificateException("The certificate validation failed because: " + e.getMessage(), e);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        LOGGER.debug("CheckServerTrusted cert=" + x509CertificateArr + " string= " + str);
        checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        LOGGER.debug("getAcceptedIssuers");
        if (this.m_validator == null) {
            return null;
        }
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("getAcceptedIssuers returning:");
            X509Certificate[] cACerts = this.m_validator.getCACerts();
            for (int i = 0; i < cACerts.length; i++) {
                LOGGER.debug(i + ": " + cACerts[i].getSubjectDN());
            }
        }
        return this.m_validator.getCACerts();
    }

    public static String getOpenSSLCAHash(X509Name x509Name) {
        byte[] dEREncoded = x509Name.getDEREncoded();
        MD5Digest mD5Digest = new MD5Digest();
        mD5Digest.update(dEREncoded, 0, dEREncoded.length);
        byte[] bArr = new byte[16];
        mD5Digest.doFinal(bArr, 0);
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(String.format("%02x", Integer.valueOf(bArr[3] & 255)));
        stringBuffer.append(String.format("%02x", Integer.valueOf(bArr[2] & 255)));
        stringBuffer.append(String.format("%02x", Integer.valueOf(bArr[1] & 255)));
        stringBuffer.append(String.format("%02x", Integer.valueOf(bArr[0] & 255)));
        return stringBuffer.toString();
    }

    public void checkUpdate() throws IOException, CertificateException, ParseException {
        if (this.m_validator != null) {
            this.m_validator.checkUpdate();
        }
    }

    public static String getOpenSSLCAHash(X509Certificate x509Certificate) {
        return getOpenSSLCAHash(x509Certificate.getSubjectDN());
    }
}
