package com.wm.security;

import com.wm.security.cert.wmChainVerifier;
import com.wm.util.JournalLogger;
import iaik.security.ssl.ClientTrustDecider;
import iaik.security.ssl.KeyAndCert;
import iaik.security.ssl.SSLCertificate;
import java.io.File;
import java.io.FileInputStream;
import java.security.InvalidKeyException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.CertificateExpiredException;
import java.security.cert.X509Certificate;

/* loaded from: input_file:com/wm/security/wmTrustDecider.class */
public class wmTrustDecider implements ClientTrustDecider {
    static final int SETUP_ERROR = 4;
    public static final String IGNORE_EMPTY_AUTH_LIST_PROP = "watt.security.ssl.client.ignoreEmptyAuthoritiesList";
    public static final String SIGNED_CERT_PROP = "watt.security.signedCert";
    public static final String CA_CERT_PROP = "watt.security.caCert";
    public static final String PRIV_KEY_PROP = "watt.security.privateKey";
    protected wmChainVerifier _verifier;
    protected KeyAndCert _credentials;
    protected SSLCertificate _certChain;
    protected boolean ignoreEmptyAuthList;

    public void init() {
        this._verifier = wmChainVerifier.getDefault();
        if (this._credentials == null) {
            getKeyAndChain();
        }
        if (this._credentials != null && this._credentials.getCertificateChain() != null) {
            this._certChain = new SSLCertificate(this._credentials.getCertificateChain());
        }
        this.ignoreEmptyAuthList = Boolean.getBoolean(IGNORE_EMPTY_AUTH_LIST_PROP);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void getKeyAndChain() {
        this._credentials = null;
        String property = com.wm.util.Config.getProperty(SIGNED_CERT_PROP);
        String property2 = com.wm.util.Config.getProperty(CA_CERT_PROP);
        String property3 = com.wm.util.Config.getProperty(PRIV_KEY_PROP);
        String trim = property == null ? "" : property.trim();
        String trim2 = property2 == null ? "" : property2.trim();
        String trim3 = property3 == null ? "" : property3.trim();
        if (trim.length() == 0 || trim3.length() == 0 || trim2.length() == 0) {
            return;
        }
        File file = new File(trim);
        File file2 = new File(trim3);
        File file3 = new File(trim2);
        if (file.exists() && file2.exists() && file3.exists()) {
            try {
                PrivateKey loadRSAPrivateKey = Util.loadRSAPrivateKey(file2);
                if (trim3 == null) {
                    throw new InvalidKeyException("Private key is either not in the correct format (PKCS#1 or PKCS#8) or is protected");
                }
                FileInputStream fileInputStream = new FileInputStream(file);
                fileInputStream.close();
                FileInputStream fileInputStream2 = new FileInputStream(file3);
                X509Certificate[] x509CertificateArr = {new iaik.x509.X509Certificate(fileInputStream), new iaik.x509.X509Certificate(fileInputStream2)};
                fileInputStream2.close();
                this._credentials = new KeyAndCert(x509CertificateArr, loadRSAPrivateKey);
            } catch (Exception e) {
                JournalLogger.logCritical(4, 6, e);
            } catch (Throwable th) {
                JournalLogger.logDebug(4, 6, th.getMessage());
            }
        }
    }

    public boolean isTrustedPeer(SSLCertificate sSLCertificate) {
        if (sSLCertificate == null) {
            return false;
        }
        try {
            X509Certificate[] convertCertificateChain = iaik.utils.Util.convertCertificateChain(sSLCertificate.getCertificateChain());
            this._verifier.verifyChain(convertCertificateChain);
            return this._verifier.isTrustedChain(convertCertificateChain);
        } catch (CertificateExpiredException e) {
            return false;
        } catch (Throwable th) {
            th.printStackTrace();
            JournalLogger.logDebugPlus(1, 4, 6, th.getMessage());
            return false;
        }
    }

    public PrivateKey getPrivateKey() {
        if (this._credentials != null) {
            return this._credentials.getPrivateKey();
        }
        return null;
    }

    public SSLCertificate getCertificate(byte[] bArr, Principal[] principalArr, String str) {
        if (this._credentials == null || this._credentials.getCertificateChain() == null) {
            return null;
        }
        if (this.ignoreEmptyAuthList && (principalArr == null || principalArr.length == 0)) {
            return this._certChain;
        }
        X509Certificate[] certificateChain = this._credentials.getCertificateChain();
        for (Principal principal : principalArr) {
            for (X509Certificate x509Certificate : certificateChain) {
                if (x509Certificate.getIssuerDN().equals(principal)) {
                    return this._certChain;
                }
            }
        }
        return null;
    }

    public void setKeyAndCert(KeyAndCert keyAndCert) {
        this._credentials = keyAndCert;
    }

    static {
        wmChainVerifier.init();
    }
}
