package com.ibm.etcd.client.config;

import com.google.common.io.ByteSource;
import io.netty.handler.ssl.util.SimpleTrustManagerFactory;
import io.netty.util.internal.EmptyArrays;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/ibm/etcd/client/config/ComposeTrustManagerFactory.class */
public class ComposeTrustManagerFactory extends SimpleTrustManagerFactory {
    private static final Logger logger = LoggerFactory.getLogger(ComposeTrustManagerFactory.class);
    private final TrustManager tm;

    public ComposeTrustManagerFactory(String str, final String str2, ByteSource byteSource) throws CertificateException, IOException {
        super(str);
        X509Certificate x509Certificate;
        if (byteSource == null) {
            x509Certificate = null;
        } else {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            InputStream openStream = byteSource.openStream();
            Throwable th = null;
            try {
                try {
                    x509Certificate = (X509Certificate) certificateFactory.generateCertificate(openStream);
                    if (openStream != null) {
                        if (0 != 0) {
                            try {
                                openStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            openStream.close();
                        }
                    }
                } finally {
                }
            } catch (Throwable th3) {
                if (openStream != null) {
                    if (th != null) {
                        try {
                            openStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        openStream.close();
                    }
                }
                throw th3;
            }
        }
        final X509Certificate x509Certificate2 = x509Certificate;
        this.tm = new X509TrustManager() { // from class: com.ibm.etcd.client.config.ComposeTrustManagerFactory.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str3) {
                ComposeTrustManagerFactory.logger.info("Accepting a client certificate: " + x509CertificateArr[0].getSubjectDN());
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str3) throws CertificateException {
                X509Certificate x509Certificate3 = x509CertificateArr[0];
                if (!x509Certificate3.getSubjectDN().getName().equalsIgnoreCase(str2) && !x509Certificate3.getSubjectDN().getName().equalsIgnoreCase("CN=" + str2)) {
                    throw new CertificateException("Certificate with unknown deployment: " + x509Certificate3.getSubjectDN().getName());
                }
                if (x509Certificate2 != null) {
                    if (!x509Certificate3.getIssuerDN().equals(x509Certificate2.getIssuerDN())) {
                        throw new CertificateException("Certificate Issuers do not match: " + x509Certificate3.getIssuerDN());
                    }
                    if (!x509Certificate3.equals(x509Certificate2)) {
                        try {
                            x509Certificate3.verify(x509Certificate2.getPublicKey());
                        } catch (Exception e) {
                            throw new CertificateException("Certificate not trusted", e);
                        }
                    }
                }
                x509Certificate3.checkValidity();
                if (ComposeTrustManagerFactory.logger.isDebugEnabled()) {
                    ComposeTrustManagerFactory.logger.debug("Accepting a server certificate: " + x509Certificate3.getSubjectDN().getName());
                }
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return x509Certificate2 != null ? new X509Certificate[]{x509Certificate2} : EmptyArrays.EMPTY_X509_CERTIFICATES;
            }
        };
    }

    protected TrustManager[] engineGetTrustManagers() {
        return new TrustManager[]{this.tm};
    }

    protected void engineInit(KeyStore keyStore) throws Exception {
    }

    protected void engineInit(ManagerFactoryParameters managerFactoryParameters) throws Exception {
    }
}
