package org.glite.voms;

import java.io.IOException;
import java.security.Security;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import javax.net.ssl.X509TrustManager;
import org.apache.log4j.Logger;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:org/glite/voms/VOMSTrustManager.class */
public class VOMSTrustManager implements X509TrustManager {
    private PKIStore store;
    private PKIVerifier verifier;
    boolean stopcalled;
    private static Logger logger = Logger.getLogger(VOMSTrustManager.class.getName());

    public VOMSTrustManager(String str) throws IOException, CertificateException, CRLException {
        this.store = null;
        this.verifier = null;
        this.stopcalled = false;
        this.store = PKIStoreFactory.getStore(str, 2);
        this.verifier = new PKIVerifier(null, this.store);
        this.stopcalled = false;
    }

    public VOMSTrustManager(PKIStore pKIStore) throws IOException, CertificateException, CRLException {
        this.store = null;
        this.verifier = null;
        this.stopcalled = false;
        this.verifier = new PKIVerifier(null, pKIStore);
        this.store = pKIStore;
        this.stopcalled = false;
    }

    public synchronized void stop() {
        if (this.stopcalled) {
            return;
        }
        this.verifier.cleanup();
        this.stopcalled = true;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr == null || str == null || x509CertificateArr.length == 0 || str.length() == 0) {
            throw new IllegalArgumentException("One of the parameters is null or empty.");
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Callying verify:");
            logger.debug("chain is:");
            for (X509Certificate x509Certificate : x509CertificateArr) {
                logger.debug("HAVE TO VERIFY: " + x509Certificate.getSubjectDN());
            }
        }
        if (!this.verifier.verify(x509CertificateArr)) {
            throw new CertificateException("Cannot verify certificate.  See log for details.");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        Hashtable cAs = this.store.getCAs();
        ArrayList arrayList = new ArrayList(cAs.size());
        Enumeration elements = cAs.elements();
        while (elements.hasMoreElements()) {
            arrayList.addAll((Vector) elements.nextElement());
        }
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
    }

    static {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }
}
