package com.sun.net.ssl.internal.ssl;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Set;
import javax.net.ssl.X509TrustManager;
import sun.security.validator.KeyStores;
import sun.security.validator.PKIXValidator;
import sun.security.validator.Validator;

/* compiled from: DashoA12275 */
/* loaded from: input_file:efixes/PK83758_Hpux_PaRISC/components/prereq.jdk/update.jar:/java/jre/lib/backup/jsse.jar.hpux:com/sun/net/ssl/internal/ssl/X509TrustManagerImpl.class */
final class X509TrustManagerImpl implements X509TrustManager {
    private final String b;
    private final Set c;
    private volatile Validator d;
    private volatile Validator e;
    private static final boolean a = Debug.a("com.sun.net.ssl.checkRevocation", false);
    private static final Debug f = Debug.getInstance("ssl");

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509TrustManagerImpl(String str, KeyStore keyStore) throws KeyStoreException {
        this.b = str;
        if (keyStore == null) {
            this.c = Collections.EMPTY_SET;
        } else {
            this.c = KeyStores.getTrustedCerts(keyStore);
        }
        if (f == null || !Debug.isOn("trustmanager")) {
            return;
        }
        for (X509Certificate x509Certificate : this.c) {
            System.out.println("adding as trusted cert:");
            System.out.println(new StringBuffer().append("  Subject: ").append(x509Certificate.getSubjectX500Principal()).toString());
            System.out.println(new StringBuffer().append("  Issuer:  ").append(x509Certificate.getIssuerX500Principal()).toString());
            System.out.println(new StringBuffer().append("  Algorithm: ").append(x509Certificate.getPublicKey().getAlgorithm()).append("; Serial number: 0x").append(x509Certificate.getSerialNumber().toString(16)).toString());
            System.out.println(new StringBuffer().append("  Valid from ").append(x509Certificate.getNotBefore()).append(" until ").append(x509Certificate.getNotAfter()).toString());
            System.out.println();
        }
    }

    private void a(Validator validator) {
        if (validator instanceof PKIXValidator) {
            ((PKIXValidator) validator).getParameters().setRevocationEnabled(a);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        Validator validator = this.d;
        if (validator == null) {
            synchronized (this) {
                if (validator == null) {
                    validator = Validator.getInstance(this.b, "tls client", this.c);
                    a(validator);
                    this.d = validator;
                }
            }
        }
        X509Certificate[] validate = validator.validate(x509CertificateArr);
        if (f == null || !Debug.isOn("trustmanager")) {
            return;
        }
        System.out.println("Found trusted certificate:");
        System.out.println(validate[validate.length - 1]);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        Validator validator = this.e;
        if (validator == null) {
            synchronized (this) {
                if (validator == null) {
                    validator = Validator.getInstance(this.b, "tls server", this.c);
                    a(validator);
                    this.e = validator;
                }
            }
        }
        X509Certificate[] validate = validator.validate(x509CertificateArr, null, str);
        if (f == null || !Debug.isOn("trustmanager")) {
            return;
        }
        System.out.println("Found trusted certificate:");
        System.out.println(validate[validate.length - 1]);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        X509Certificate[] x509CertificateArr = new X509Certificate[this.c.size()];
        this.c.toArray(x509CertificateArr);
        return x509CertificateArr;
    }
}
