package lia.util.security;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import lia.Monitor.monitor.AppConfig;

/* loaded from: input_file:lia/util/security/AuthZTrustManager.class */
public class AuthZTrustManager implements X509TrustManager {
    private static final transient Logger logger = Logger.getLogger("lia.util.security.AuthZTrustManager");
    private final X509TrustManager defaultTrustManager;
    private final AuthZManager authorizationManager;

    public AuthZTrustManager() throws NoSuchAlgorithmException, KeyStoreException {
        this(null);
    }

    public AuthZTrustManager(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(AppConfig.getProperty("lia.util.security.AuthZMonitorTrustManagerAlgo", TrustManagerFactory.getDefaultAlgorithm()));
        trustManagerFactory.init(keyStore);
        this.defaultTrustManager = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
        this.authorizationManager = new AuthZManager();
        this.authorizationManager.start();
        logger.log(Level.INFO, "AuthZTrustManager loaded");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (logger.isLoggable(Level.INFO)) {
            logger.log(Level.INFO, new StringBuffer().append("[CHECK-CLIENT]: ").append(x509CertificateArr).append(" Type:").append(str).toString());
        }
        this.defaultTrustManager.checkClientTrusted(x509CertificateArr, str);
        if (logger.isLoggable(Level.INFO)) {
            logger.log(Level.INFO, new StringBuffer().append("[Authentication passed..Continue with authz]: ").append(x509CertificateArr).append(" Type:").append(str).toString());
        }
        String obj = x509CertificateArr[0].getSubjectDN().toString();
        if (this.authorizationManager.checkClient(obj)) {
            logger.log(Level.INFO, new StringBuffer().append(" Client [").append(obj).append("] IS authorized in ").append(this.authorizationManager.getAuthzServer()).toString());
        } else {
            logger.log(Level.INFO, new StringBuffer().append(" Client [").append(obj).append("] it's not authorized in ").append(this.authorizationManager.getAuthzServer()).toString());
            throw new CertificateException(new StringBuffer().append(" Client [").append(obj).append("] it's not authorized in ").append(this.authorizationManager.getAuthzServer()).toString());
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.defaultTrustManager.getAcceptedIssuers();
    }
}
