package com.ibm.ws.serverstatus.internal;

import com.ibm.websphere.ras.ProtectedString;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.ManualTrace;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.X509TrustManager;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@TraceOptions
/* loaded from: input_file:com/ibm/ws/serverstatus/internal/TrustManager.class */
public class TrustManager implements X509TrustManager {
    private static TraceComponent tc = Tr.register(TrustManager.class, "serverStatus", "com.ibm.ws.serverstatus.internal.resources.SStatus");
    private static final String CLASSNAME = "com.ibm.ws.serverstatus.internal.TrustManager";
    private KeyStore keystore = null;
    private char[] keystorePassword = null;
    static final long serialVersionUID = 947739659289123716L;

    public TrustManager(String str, ProtectedString protectedString) {
        loadKeystore(str, protectedString);
    }

    public KeyManager[] getKeyManagers() {
        if (this.keystore == null) {
            return null;
        }
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(this.keystore, this.keystorePassword);
            return keyManagerFactory.getKeyManagers();
        } catch (Exception e) {
            FFDCFilter.processException(e, CLASSNAME, "69", this, new Object[0]);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unable to get key manager, will use default: " + e.getMessage(), new Object[0]);
            }
            FFDCFilter.processException(e, "com.ibm.ws.serverstatus.internal.TrustManager.getKeyManagers", "69", this);
            return null;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkKeystore(x509CertificateArr);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkKeystore(x509CertificateArr);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }

    @ManualTrace
    private void loadKeystore(String str, ProtectedString protectedString) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "loadKeystore {filename=" + str + "}", new Object[0]);
        }
        FileInputStream fileInputStream = null;
        File file = new File(str);
        try {
        } catch (Exception e) {
            FFDCFilter.processException(e, CLASSNAME, "169", this, new Object[]{str, protectedString});
            try {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Error reading keystore file " + file.getCanonicalFile() + ": " + e.getMessage(), new Object[0]);
                }
                FFDCFilter.processException(e, "com.ibm.ws.serverstatus.internal.TrustManager.loadKeystore", "163", this);
            } catch (IOException e2) {
                FFDCFilter.processException(e2, CLASSNAME, "180", this, new Object[]{str, protectedString});
                FFDCFilter.processException(e2, "com.ibm.ws.serverstatus.internal.TrustManager.loadKeystore", "171", this);
            }
            if (0 != 0) {
                try {
                    fileInputStream.close();
                } catch (Exception e3) {
                    FFDCFilter.processException(e3, CLASSNAME, "189", this, new Object[]{str, protectedString});
                }
            }
        }
        if (file.length() <= 0) {
            throw new Exception("Keystore file specified could not be found: " + str);
        }
        FileInputStream fileInputStream2 = new FileInputStream(str);
        if (protectedString.toString() != null) {
            this.keystorePassword = protectedString.getChars();
        }
        this.keystore = KeyStore.getInstance(KeyStore.getDefaultType());
        this.keystore.load(fileInputStream2, this.keystorePassword);
        fileInputStream2.close();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Keystore loaded with total number of entries: " + this.keystore.size(), new Object[0]);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "loadKeystore");
        }
    }

    private void checkKeystore(X509Certificate[] x509CertificateArr) throws CertificateException {
        if (this.keystore == null) {
            throw new CertificateException("No keystore defined for the Trust Manager");
        }
        try {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                if (this.keystore.getCertificateAlias(x509Certificate) != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Certificate chain found in keystore", new Object[0]);
                        return;
                    }
                    return;
                }
            }
            throw new CertificateException("Certificate chain not found in keystore");
        } catch (Exception e) {
            FFDCFilter.processException(e, CLASSNAME, "227", this, new Object[]{x509CertificateArr});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, e.getMessage(), new Object[0]);
            }
            FFDCFilter.processException(e, "com.ibm.ws.serverstatus.internal.TrustManager.checkKeystore", "171", this);
            throw new CertificateException(e.getMessage());
        }
    }
}
