package avoware.zimbra.tray.ssl;

import avoware.zimbra.tray.ZimbraSettingsDialog;
import avoware.zimbra.tray.ZimbraTray;
import java.awt.Component;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.UUID;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import javax.swing.Icon;
import javax.swing.JOptionPane;

/* loaded from: input_file:avoware/zimbra/tray/ssl/TrustManagerImpl.class */
public class TrustManagerImpl implements X509TrustManager {
    private X509TrustManager defaultX509TrustManager;
    private X509TrustManager customX509TrustManager;
    private static final String KEYSTORE_FILE = "cacerts";
    private static final char[] KEYSTORE_PWD = {'c', 'h', 'a', 'n', 'g', 'e', 'i', 't'};
    private KeyStore ks;

    public TrustManagerImpl() throws Exception {
        this.defaultX509TrustManager = null;
        this.customX509TrustManager = null;
        this.ks = null;
        this.defaultX509TrustManager = initializeTrustManager(null);
        this.ks = KeyStore.getInstance("JKS");
        try {
            this.ks.load(new FileInputStream(new File(ZimbraTray.SETTINGS_FOLDER, KEYSTORE_FILE)), KEYSTORE_PWD);
        } catch (FileNotFoundException e) {
            this.ks.load(null, KEYSTORE_PWD);
        }
        this.customX509TrustManager = initializeTrustManager(this.ks);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            this.defaultX509TrustManager.checkClientTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            if (this.customX509TrustManager == null) {
                throw e;
            }
            this.customX509TrustManager.checkClientTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            this.defaultX509TrustManager.checkServerTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            if (this.customX509TrustManager == null) {
                throw e;
            }
            try {
                this.customX509TrustManager.checkClientTrusted(x509CertificateArr, str);
            } catch (CertificateException e2) {
                X509Certificate ca = getCA(x509CertificateArr);
                String str2 = "<html><table cellspacing=8 cellpadding=0 border=0 width=400><tr><td colspan=2 color=red><strong>Certificate of the resource requested is not trusted!</strong></td></tr><tr><td valign=top><strong>Subject:</strong></td><td valign=top>" + ca.getSubjectX500Principal().toString() + "</td></tr><tr><td valign=top><nobr><strong>Valid&nbsp;from:</strong></nobr></td><td valign=top>" + ca.getNotBefore().toString() + "</td></tr><tr><td valign=top><strong>Valid&nbsp;to:</strong></td><td valign=top>" + ca.getNotAfter().toString() + "</td></tr><tr><td colspan=2>Do you want to trust it?</td></tr></table></html>";
                Object[] objArr = {"Yes, always", "Yes, once", "No"};
                switch (JOptionPane.showOptionDialog((Component) null, str2, "Warning", -1, 2, (Icon) null, objArr, objArr[2])) {
                    case 0:
                        try {
                            this.ks.setCertificateEntry(UUID.randomUUID().toString(), ca);
                            this.ks.store(new FileOutputStream(new File(ZimbraTray.SETTINGS_FOLDER, KEYSTORE_FILE)), KEYSTORE_PWD);
                            this.customX509TrustManager = initializeTrustManager(this.ks);
                            return;
                        } catch (Exception e3) {
                            throw new CertificateException(e3);
                        }
                    case ZimbraSettingsDialog.RET_OK /* 1 */:
                        return;
                    default:
                        throw e2;
                }
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        X509Certificate[] acceptedIssuers = this.defaultX509TrustManager.getAcceptedIssuers();
        X509Certificate[] acceptedIssuers2 = this.customX509TrustManager != null ? this.customX509TrustManager.getAcceptedIssuers() : new X509Certificate[0];
        X509Certificate[] x509CertificateArr = new X509Certificate[acceptedIssuers.length + acceptedIssuers2.length];
        System.arraycopy(acceptedIssuers, 0, x509CertificateArr, 0, acceptedIssuers.length);
        System.arraycopy(acceptedIssuers2, 0, x509CertificateArr, acceptedIssuers.length, acceptedIssuers2.length);
        return x509CertificateArr;
    }

    private X509Certificate getCA(X509Certificate[] x509CertificateArr) {
        X509Certificate x509Certificate = x509CertificateArr[x509CertificateArr.length - 1];
        return x509Certificate.getSubjectX500Principal().equals(x509Certificate.getIssuerX500Principal()) ? x509Certificate : x509CertificateArr[0];
    }

    private X509TrustManager initializeTrustManager(KeyStore keyStore) throws Exception {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509", "SunJSSE");
        trustManagerFactory.init(keyStore);
        trustManagerFactory.getTrustManagers();
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        for (int i = 0; i < trustManagers.length; i++) {
            if (trustManagers[i] instanceof X509TrustManager) {
                return (X509TrustManager) trustManagers[i];
            }
        }
        throw new Exception("Couldn't initialize TrustManager");
    }
}
