package com.huawei.oozie.ssl;

import com.huawei.oozie.conf.ClientConfiguration;
import io.netty.util.internal.StringUtil;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.net.ssl.X509TrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/huawei/oozie/ssl/OozieX509TrustManager.class */
public class OozieX509TrustManager implements X509TrustManager {
    private static final Logger LOG = LoggerFactory.getLogger(OozieX509TrustManager.class);

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (!ClientConfiguration.getInstance().enableCheckCertificate()) {
            LOG.info("Trust all https certificate");
            return;
        }
        LOG.info("Start to check https certificate");
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            LOG.error("Null or zero-length certificate chain.");
            throw new CertificateException();
        }
        if (StringUtil.isNullOrEmpty(str)) {
            LOG.error("Null or zero-length authType.");
            throw new CertificateException();
        }
        checkCertificateCacertsCa(x509CertificateArr);
        checkCertificateValidity(x509CertificateArr[x509CertificateArr.length - 1]);
    }

    private void checkCertificateCacertsCa(X509Certificate[] x509CertificateArr) throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException {
        String property = System.getProperty(ClientConfiguration.SSL_TRUST_STORE_PASSWORD);
        String property2 = System.getProperty(ClientConfiguration.SSL_TRUST_STORE_FILE);
        if (StringUtil.isNullOrEmpty(property2) || StringUtil.isNullOrEmpty(property)) {
            LOG.error("The passwords or trust store is empty.");
            throw new CertificateException();
        }
        doCheckCacertsCa(x509CertificateArr, property, property2);
    }

    /* JADX WARN: Finally extract failed */
    private void doCheckCacertsCa(X509Certificate[] x509CertificateArr, String str, String str2) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        int length = x509CertificateArr.length;
        try {
            FileInputStream fileInputStream = new FileInputStream(str2);
            Throwable th = null;
            try {
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(fileInputStream, str.toCharArray());
                if (!(keyStore.getCertificateAlias(x509CertificateArr[length - 1]) != null)) {
                    LOG.error("The ca.crt is not in trustStore.");
                    throw new CertificateException();
                }
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
            } catch (Throwable th3) {
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                throw th3;
            }
        } catch (IOException e) {
            LOG.error("Get trustStore failed or file not found.", e);
            throw new IOException();
        } catch (KeyStoreException e2) {
            LOG.error("Get trustStore or get cert alias name failed.", e2);
            throw new KeyStoreException();
        } catch (NoSuchAlgorithmException e3) {
            LOG.error("Load trustStore failed.", e3);
            throw new NoSuchAlgorithmException();
        } catch (CertificateException e4) {
            LOG.error("Load trustStore failed.", e4);
            throw new CertificateException();
        }
    }

    private void checkCertificateValidity(X509Certificate x509Certificate) {
        try {
            x509Certificate.checkValidity(new Date());
        } catch (CertificateExpiredException e) {
            LOG.error("Certificate Expired", e);
        } catch (CertificateNotYetValidException e2) {
            LOG.error("Certificate is not yet valid.", e2);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}
