package ch.cyberduck.core.ssl;

import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.log4j.Logger;

/* loaded from: input_file:ch/cyberduck/core/ssl/DefaultX509TrustManager.class */
public class DefaultX509TrustManager extends AbstractX509TrustManager {
    private static final Logger log = Logger.getLogger(DefaultX509TrustManager.class);
    private javax.net.ssl.X509TrustManager system;

    @Override // ch.cyberduck.core.ssl.X509TrustManager
    public DefaultX509TrustManager init() throws IOException {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(KeyStore.getInstance(KeyStore.getDefaultType()));
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers.length == 0) {
                throw new NoSuchAlgorithmException("SunX509 trust manager not supported");
            }
            this.system = (javax.net.ssl.X509TrustManager) trustManagers[0];
            return this;
        } catch (KeyStoreException | NoSuchAlgorithmException e) {
            log.error(String.format("Initialization of trust store failed. %s", e.getMessage()));
            throw new IOException(e);
        }
    }

    @Override // ch.cyberduck.core.ssl.X509TrustManager
    public void verify(String str, X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
        x509CertificateArr[0].checkValidity();
        accept(Arrays.asList(x509CertificateArr));
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.system.checkClientTrusted(x509CertificateArr, str);
        accept(Arrays.asList(x509CertificateArr));
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr != null && log.isDebugEnabled()) {
            log.debug("Server certificate chain:");
            for (int i = 0; i < x509CertificateArr.length; i++) {
                log.debug(String.format("X509Certificate[%d]=%s", Integer.valueOf(i), x509CertificateArr[i]));
            }
        }
        if (x509CertificateArr == null || x509CertificateArr.length != 1) {
            this.system.checkServerTrusted(x509CertificateArr, str);
        } else {
            verify(null, x509CertificateArr, str);
        }
    }
}
