package org.gcube.vomanagement.vomsapi.impl.ssl;

import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import javax.net.ssl.X509TrustManager;
import org.apache.log4j.Logger;
import org.globus.gsi.TrustedCertificates;

/* loaded from: input_file:org/gcube/vomanagement/vomsapi/impl/ssl/MyX509TrustManager.class */
class MyX509TrustManager implements X509TrustManager {
    private static Logger logger = Logger.getLogger(MyX509TrustManager.class);
    private X509Certificate[] certificateAuthorities;
    private Set trustAnchors = new HashSet();

    public MyX509TrustManager(X509Certificate[] x509CertificateArr) throws IOException {
        this.certificateAuthorities = x509CertificateArr;
        for (X509Certificate x509Certificate : TrustedCertificates.loadCertificates("/etc/grid-security/certificates/")) {
            this.trustAnchors.add(new TrustAnchor(x509Certificate, null));
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        logger.debug("getAcceptedIssuers()");
        return this.certificateAuthorities;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        logger.debug("checkClientTrusted()");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        logger.debug("checkServerTrusted(certs: " + x509CertificateArr.length + ", authType=" + str + ")");
        for (int i = 0; i < x509CertificateArr.length; i++) {
            logger.debug("cert[" + i + "]=" + x509CertificateArr[i].getSubjectX500Principal().toString());
        }
        try {
            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) this.trustAnchors);
            pKIXParameters.setRevocationEnabled(false);
            CertPathValidator.getInstance("PKIX").validate(CertificateFactory.getInstance("X.509").generateCertPath(Arrays.asList(x509CertificateArr)), pKIXParameters);
        } catch (InvalidAlgorithmParameterException e) {
            logger.error(e.getMessage(), e);
        } catch (NoSuchAlgorithmException e2) {
            logger.error(e2.getMessage(), e2);
        } catch (CertPathValidatorException e3) {
            logger.error(e3.getMessage(), e3);
            CertificateException certificateException = new CertificateException(e3.getMessage());
            certificateException.setStackTrace(e3.getStackTrace());
            throw certificateException;
        }
        logger.debug("server is trusted");
    }
}
