package com.tibco.security.ssl;

import com.tibco.security.AXSecurityException;
import com.tibco.security.Cert;
import com.tibco.security.TrustedCerts;
import com.tibco.security.ocsp.OCSPProvider;
import java.io.PrintStream;
import java.security.cert.X509Certificate;
import java.util.Arrays;

/* loaded from: input_file:com/tibco/security/ssl/ExtendedCertificateVerifier.class */
public class ExtendedCertificateVerifier extends DefaultCertificateVerifier {
    public ExtendedCertificateVerifier(TrustedCerts trustedCerts, OCSPProvider oCSPProvider) throws AXSecurityException {
        this(null, trustedCerts, oCSPProvider);
    }

    public ExtendedCertificateVerifier(PrintStream printStream, TrustedCerts trustedCerts, OCSPProvider oCSPProvider) throws AXSecurityException {
        super(printStream, trustedCerts, oCSPProvider);
    }

    @Override // com.tibco.security.ssl.DefaultCertificateVerifier, com.tibco.security.ssl.CertificateVerifier
    public Cert[] authenticateClient(Cert[] certArr) throws AXSecurityException {
        if (certArr.length == 1) {
            if (this.f16700000 == null || this.f16700000.getCertificateList().length == 0) {
                throw new AXSecurityException("client authentication failed: no trusted certificates");
            }
            Cert cert = certArr[0];
            if (cert.getIssuerDN().equals(cert.getSubjectDN())) {
                checkValid(cert);
                if (isTrusted(cert)) {
                    return certArr;
                }
                if (this.f166class != null) {
                    this.f166class.print("Not-trusted certificate: ");
                    this.f166class.print(cert);
                }
                throw new AXSecurityException("client authentication failed: self-signed certificate not in trusted store");
            }
        }
        return super.authenticateClient(certArr);
    }

    @Override // com.tibco.security.ssl.DefaultCertificateVerifier, com.tibco.security.ssl.CertificateVerifier
    public Cert[] authenticateServer(Cert[] certArr) throws AXSecurityException {
        if (certArr.length == 1) {
            if (this.f16700000 == null || this.f16700000.getCertificateList().length == 0) {
                throw new AXSecurityException("server authentication failed: no trusted certificates");
            }
            Cert cert = certArr[0];
            if (cert.getIssuerDN().equals(cert.getSubjectDN())) {
                checkValid(cert);
                if (!isTrusted(cert)) {
                    throw new AXSecurityException("server authentication failed: self-signed certificate not in trusted store");
                }
                if (this.f17200000 != null) {
                    this.f17200000.verify(certArr, this.f16900000, this.f17000000);
                }
                return certArr;
            }
        }
        return super.authenticateServer(certArr);
    }

    protected boolean checkValid(Cert cert) throws AXSecurityException {
        try {
            cert.getCertificate().checkValidity();
            cert.getCertificate().verify(cert.getCertificate().getPublicKey());
            if (this.f171super == null) {
                return true;
            }
            this.f171super.doOCSPValidation(null, new Cert[]{cert});
            return true;
        } catch (Exception e) {
            throw new AXSecurityException(e);
        }
    }

    protected boolean isTrusted(Cert cert) throws AXSecurityException {
        boolean z = false;
        X509Certificate certificate = cert.getCertificate();
        Cert[] certificateList = this.f16700000.getCertificateList();
        int length = certificateList.length;
        int i = 0;
        while (true) {
            if (i < length) {
                Cert cert2 = certificateList[i];
                if (certificate.getSerialNumber().equals(cert2.getCertificate().getSerialNumber()) && certificate.getSubjectDN().equals(cert2.getSubjectDN()) && certificate.getIssuerDN().equals(cert2.getIssuerDN()) && Arrays.equals(cert.getFingerprint(), cert2.getFingerprint())) {
                    z = true;
                    break;
                }
                i++;
            } else {
                break;
            }
        }
        return z;
    }
}
