package ch.cyberduck.core;

import ch.cyberduck.core.exception.ConnectionCanceledException;
import ch.cyberduck.core.ssl.CertificateStoreX509KeyManager;
import ch.cyberduck.core.ssl.KeychainX509KeyManager;
import java.io.IOException;
import java.security.Principal;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.SSLException;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;

/* loaded from: input_file:ch/cyberduck/core/DefaultCertificateStore.class */
public class DefaultCertificateStore implements CertificateStore {
    private final DefaultHostnameVerifier verifier = new DefaultHostnameVerifier();

    @Override // ch.cyberduck.core.CertificateStore
    public X509Certificate choose(String[] strArr, Principal[] principalArr, Host host, String str) throws ConnectionCanceledException {
        try {
            CertificateStoreX509KeyManager init = new KeychainX509KeyManager(host, this).init();
            String[] clientAliases = init.getClientAliases(strArr, principalArr);
            if (null == clientAliases) {
                throw new ConnectionCanceledException(String.format("No certificate matching issuer %s found", Arrays.toString(principalArr)));
            }
            if (0 < clientAliases.length) {
                return init.getCertificate(clientAliases[0], strArr, principalArr);
            }
            return null;
        } catch (IOException e) {
            throw new ConnectionCanceledException(e);
        }
    }

    @Override // ch.cyberduck.core.CertificateStore
    public boolean display(List<X509Certificate> list) {
        return false;
    }

    @Override // ch.cyberduck.core.CertificateStore
    public boolean isTrusted(String str, List<X509Certificate> list) {
        if (list.isEmpty()) {
            return false;
        }
        Iterator<X509Certificate> it = list.iterator();
        while (it.hasNext()) {
            try {
                it.next().checkValidity();
            } catch (CertificateExpiredException e) {
                return false;
            } catch (CertificateNotYetValidException e2) {
                return false;
            }
        }
        try {
            this.verifier.verify(str, list.get(0));
            return true;
        } catch (SSLException e3) {
            return false;
        }
    }
}
