package com.wm.security.ssl;

import com.wm.security.Util;
import com.wm.security.resources.CertificateExceptionBundle;
import com.wm.util.Config;
import com.wm.util.LocalizedCertificateException;
import iaik.security.ssl.ChainVerifier;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Vector;

/* loaded from: input_file:com/wm/security/ssl/wmChainVerifier.class */
public class wmChainVerifier extends ChainVerifier {
    static final String ALLOW_EXPIRED_CERTIFICATES_PROP = "watt.security.ssl.ignoreExpiredChains";
    static final String ENFORCE_EXTENSION_CHECKS_PROP = "watt.security.cert.enforceExtensionChecks";
    static final boolean ALLOW_EXPIRED_CERTIFICATES_DEFAULT = false;
    static final boolean ENFORCE_EXTENSION_CHECKS_DEFAULT = false;
    static final wmChainVerifier defaultVerifier = new wmChainVerifier();
    protected boolean enforceExtensionChecks;
    protected boolean allowExpiredCertificates;

    public static wmChainVerifier getDefaultVerifier() {
        return defaultVerifier;
    }

    public wmChainVerifier() {
        init();
    }

    protected void init() {
        this.allowExpiredCertificates = System.getProperty(ALLOW_EXPIRED_CERTIFICATES_PROP) == null ? false : Boolean.getBoolean(ALLOW_EXPIRED_CERTIFICATES_PROP);
        this.enforceExtensionChecks = System.getProperty(ENFORCE_EXTENSION_CHECKS_PROP) == null ? false : Boolean.getBoolean(ENFORCE_EXTENSION_CHECKS_PROP);
    }

    public boolean getAllowExpiredCertificate() {
        return this.allowExpiredCertificates;
    }

    public boolean getEnforceExtensionChecks() {
        return this.enforceExtensionChecks;
    }

    public boolean getTrustByDefault() {
        return this.nullTrusted;
    }

    public void setAllowExpiredCertificate(boolean z) {
        this.allowExpiredCertificates = z;
    }

    public void setEnforceExtensionChecks(boolean z) {
        this.enforceExtensionChecks = z;
    }

    public void setTrustByDefault(boolean z) {
        this.nullTrusted = z;
    }

    protected boolean verifyCertificate(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws Exception {
        try {
            x509Certificate.checkValidity();
        } catch (CertificateExpiredException e) {
            if (!this.allowExpiredCertificates) {
                throw e;
            }
        }
        if (isCachedCertificate(x509Certificate) || isTrustedCertificate(x509Certificate)) {
            return true;
        }
        checkExtensions(x509Certificate);
        if (x509Certificate2 == null) {
            return false;
        }
        if (!x509Certificate.getIssuerDN().equals(x509Certificate2.getSubjectDN())) {
            throw new LocalizedCertificateException(CertificateExceptionBundle.class, CertificateExceptionBundle.CERT_CHAIN_BROKEN, "");
        }
        x509Certificate.verify(x509Certificate2.getPublicKey());
        return false;
    }

    protected void checkExtensions(X509Certificate x509Certificate) throws CertificateException {
        if (x509Certificate.hasUnsupportedCriticalExtension() && this.enforceExtensionChecks) {
            throw new LocalizedCertificateException(CertificateExceptionBundle.class, CertificateExceptionBundle.CERT_UNSUPPORTED_CRITICAL_EXT, "");
        }
    }

    public boolean isTrustedChain(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            return this.nullTrusted;
        }
        int length = x509CertificateArr.length;
        for (X509Certificate x509Certificate : x509CertificateArr) {
            if (isTrustedCertificate(x509Certificate)) {
                return true;
            }
        }
        return getIssuerCertificate(x509CertificateArr[length - 1]) != null;
    }

    public void removeTrustedCertificate(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            this.nullTrusted = false;
        } else {
            this.trustedCerts.remove(x509Certificate);
            clearCachedCertificates();
        }
    }

    public void addTrustedCertificate(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            this.nullTrusted = true;
        } else {
            this.trustedCerts.put(x509Certificate, x509Certificate);
        }
    }

    protected boolean isTrustedCertificate(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return this.nullTrusted;
        }
        X509Certificate x509Certificate2 = (X509Certificate) this.trustedCerts.get(x509Certificate);
        if (x509Certificate2 == null) {
            return false;
        }
        return x509Certificate.equals(x509Certificate2);
    }

    protected X509Certificate getIssuerCertificate(X509Certificate x509Certificate) {
        Enumeration keys = this.trustedCerts.keys();
        while (keys.hasMoreElements()) {
            X509Certificate x509Certificate2 = (X509Certificate) keys.nextElement();
            if (x509Certificate.getIssuerDN().equals(x509Certificate2.getSubjectDN())) {
                try {
                    x509Certificate.verify(x509Certificate2.getPublicKey());
                    return x509Certificate2;
                } catch (Exception e) {
                }
            }
        }
        return null;
    }

    public Enumeration getTrustedPrincipals() {
        Vector vector = new Vector();
        Enumeration keys = this.trustedCerts.keys();
        while (keys.hasMoreElements()) {
            vector.addElement(((X509Certificate) keys.nextElement()).getSubjectDN());
        }
        return vector.elements();
    }

    public void loadDefaultAuthorities() {
        X509Certificate[] loadCertificatesFromDir;
        defaultVerifier.clearTrustedCertificates();
        String property = Config.getProperty("watt.security.CADir");
        if (property == null || property.length() == 0 || (loadCertificatesFromDir = Util.loadCertificatesFromDir(property)) == null) {
            return;
        }
        for (X509Certificate x509Certificate : loadCertificatesFromDir) {
            defaultVerifier.addTrustedCertificate(x509Certificate);
        }
    }

    public static void reloadDefaultAuthorities() {
        defaultVerifier.loadDefaultAuthorities();
    }
}
