package org.glite.security.trustmanager;

import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.Vector;
import javax.net.ssl.X509TrustManager;
import org.apache.log4j.Logger;
import org.glite.security.SecurityContext;

/* loaded from: input_file:org/glite/security/trustmanager/CRLFileTrustManager.class */
public class CRLFileTrustManager implements X509TrustManager {
    private static final Logger LOGGER = Logger.getLogger(CRLFileTrustManager.class.getName());
    ProxyCertPathValidator validator;
    String crlFiles = null;
    Vector trustAnchors = null;
    Properties config = null;

    public CRLFileTrustManager(Vector vector) throws CertificateException, NoSuchProviderException {
        this.validator = null;
        this.validator = new ProxyCertPathValidator(vector);
    }

    public void setChecker(PKIXCertPathChecker pKIXCertPathChecker) {
        this.validator.setCRLChecker((CRLCertChecker) pKIXCertPathChecker);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        LOGGER.debug("Trustmanager is validating a client");
        if (this.validator == null) {
            LOGGER.fatal("Trying to use uninitialized TrustManager");
            throw new CertificateException("Trying to use uninitialized TrustManager");
        }
        LOGGER.debug("PKIXTrustManager::checkClientTrusted");
        SecurityContext currentContext = SecurityContext.getCurrentContext();
        if (currentContext == null) {
            currentContext = new SecurityContext();
            SecurityContext.setCurrentContext(currentContext);
        }
        if (x509CertificateArr != null) {
            currentContext.setUnverifiedCertChain(x509CertificateArr);
        }
        List asList = Arrays.asList(x509CertificateArr);
        Iterator it = asList.iterator();
        LOGGER.debug("The user cert chain is:");
        while (it.hasNext()) {
            LOGGER.debug(it.next());
        }
        try {
            this.validator.check(x509CertificateArr);
            currentContext.setClientCertChain(x509CertificateArr);
            LOGGER.info("Client " + x509CertificateArr[0].getSubjectDN() + " accepted");
        } catch (Exception e) {
            LOGGER.info("Client certificate validation failed for " + x509CertificateArr[0].getSubjectDN() + " reason: " + e.getMessage());
            LOGGER.debug(asList);
            if (e instanceof CertificateException) {
                throw ((CertificateException) e);
            }
            CertificateException certificateException = new CertificateException(e.getMessage());
            certificateException.setStackTrace(e.getStackTrace());
            throw certificateException;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        LOGGER.debug("Trustmanager is validating a server");
        LOGGER.debug("The cert chain is: ");
        checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        LOGGER.debug("getAcceptedIssuers");
        X509Certificate[] cACerts = this.validator.getCACerts();
        LOGGER.debug("returning " + cACerts.length + " ca certs");
        return cACerts;
    }
}
