package net.jini.jeri.ssl;

import com.sun.jini.action.GetPropertyAction;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedAction;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Set;
import java.util.logging.Level;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import net.jini.security.Security;

/* loaded from: input_file:net/jini/jeri/ssl/FilterX509TrustManager.class */
class FilterX509TrustManager extends Utilities implements X509TrustManager {
    private static X509TrustManager trustManager;
    private static final Object lock = new Object();
    private static final String trustManagerFactoryAlgorithm = (String) Security.doPrivileged(new GetPropertyAction("com.sun.jini.jeri.ssl.trustManagerFactoryAlgorithm", TrustManagerFactory.getDefaultAlgorithm()));
    private Set principals;

    /* JADX INFO: Access modifiers changed from: package-private */
    public FilterX509TrustManager(Set set) throws NoSuchAlgorithmException {
        synchronized (lock) {
            if (trustManager == null) {
                trustManager = getTrustManager();
            }
        }
        setPermittedRemotePrincipals(set);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        trustManager.checkClientTrusted(x509CertificateArr, str);
        check(x509CertificateArr);
        if (serverLogger.isLoggable(Level.FINE)) {
            serverLogger.log(Level.FINE, "check client trusted succeeds for auth type {0}\nchain {1}", new Object[]{str, toString(x509CertificateArr)});
        }
    }

    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        trustManager.checkServerTrusted(x509CertificateArr, str);
        check(x509CertificateArr);
        if (clientLogger.isLoggable(Level.FINE)) {
            clientLogger.log(Level.FINE, "check server trusted succeeds for auth type {0}\nchain {1}", new Object[]{str, toString(x509CertificateArr)});
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return trustManager.getAcceptedIssuers();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setPermittedRemotePrincipals(Set set) {
        this.principals = set == null ? null : new HashSet(set);
    }

    private void check(X509Certificate[] x509CertificateArr) throws CertificateException {
        if (this.principals != null && !this.principals.contains(x509CertificateArr[0].getSubjectX500Principal())) {
            throw new CertificateException("Remote principal is not trusted");
        }
    }

    private static X509TrustManager getTrustManager() throws NoSuchAlgorithmException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(trustManagerFactoryAlgorithm);
        Security.doPrivileged(new PrivilegedAction(trustManagerFactory) { // from class: net.jini.jeri.ssl.FilterX509TrustManager.1
            private final TrustManagerFactory val$factory;

            {
                this.val$factory = trustManagerFactory;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                try {
                    this.val$factory.init((KeyStore) null);
                    return null;
                } catch (KeyStoreException e) {
                    Utilities.initLogger.log(Level.WARNING, "Problem initializing JSSE trust manager keystore", (Throwable) e);
                    return null;
                }
            }
        });
        return (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
    }
}
