package org.eclipse.ecf.internal.ssl;

import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Dictionary;
import javax.net.ssl.X509TrustManager;
import org.eclipse.osgi.service.security.TrustEngine;
import org.osgi.framework.BundleActivator;
import org.osgi.framework.BundleContext;
import org.osgi.util.tracker.ServiceTracker;
import org.osgi.util.tracker.ServiceTrackerCustomizer;

/* loaded from: input_file:org/eclipse/ecf/internal/ssl/ECFTrustManager.class */
public class ECFTrustManager implements X509TrustManager, BundleActivator {
    private static volatile BundleContext context;
    private volatile ServiceTracker trustEngineTracker = null;
    static Class class$0;
    static Class class$1;

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        verify(x509CertificateArr, str);
        Certificate certificate = null;
        for (TrustEngine trustEngine : getTrustEngines()) {
            try {
                certificate = trustEngine.findTrustAnchor(x509CertificateArr);
                if (certificate != null) {
                    return;
                }
            } catch (IOException unused) {
                ECFCertificateException eCFCertificateException = new ECFCertificateException("Error occurs when finding trust anchor in the cert chain", x509CertificateArr, str);
                eCFCertificateException.initCause(eCFCertificateException);
                throw eCFCertificateException;
            }
        }
        if (certificate == null) {
            throw new ECFCertificateException("Valid cert chain, but no trust certificate found!", x509CertificateArr, str);
        }
    }

    private void verify(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        int length = x509CertificateArr.length;
        for (int i = 0; i < length; i++) {
            X509Certificate x509Certificate = x509CertificateArr[i];
            try {
                if (i != length - 1) {
                    x509Certificate.verify(x509CertificateArr[i + 1].getPublicKey());
                } else if (x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN())) {
                    x509Certificate.verify(x509Certificate.getPublicKey());
                }
            } catch (Exception e) {
                ECFCertificateException eCFCertificateException = new ECFCertificateException("Certificate chain is not valid", x509CertificateArr, str);
                eCFCertificateException.initCause(e);
                throw eCFCertificateException;
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        throw new UnsupportedOperationException("Not implemented yet");
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }

    public void start(BundleContext bundleContext) throws Exception {
        context = bundleContext;
        Class<?> cls = class$0;
        if (cls == null) {
            try {
                cls = Class.forName("javax.net.ssl.SSLSocketFactory");
                class$0 = cls;
            } catch (ClassNotFoundException unused) {
                throw new NoClassDefFoundError(bundleContext.getMessage());
            }
        }
        bundleContext.registerService(cls.getName(), new ECFSSLSocketFactory(), (Dictionary) null);
    }

    public void stop(BundleContext bundleContext) throws Exception {
        if (this.trustEngineTracker != null) {
            this.trustEngineTracker.close();
            this.trustEngineTracker = null;
        }
        context = null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private TrustEngine[] getTrustEngines() {
        if (this.trustEngineTracker == null) {
            BundleContext bundleContext = context;
            Class<?> cls = class$1;
            if (cls == null) {
                try {
                    cls = Class.forName("org.eclipse.osgi.service.security.TrustEngine");
                    class$1 = cls;
                } catch (ClassNotFoundException unused) {
                    throw new NoClassDefFoundError(getMessage());
                }
            }
            this.trustEngineTracker = new ServiceTracker(bundleContext, cls.getName(), (ServiceTrackerCustomizer) null);
            this.trustEngineTracker.open();
        }
        Object[] services = this.trustEngineTracker.getServices();
        TrustEngine[] trustEngineArr = new TrustEngine[services.length];
        System.arraycopy(services, 0, trustEngineArr, 0, services.length);
        return trustEngineArr;
    }
}
