package org.apache.commons.ssl;

import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/axis2-client-1.6.1.wso2v7.jar:org/apache/commons/ssl/Java14TrustManagerWrapper.class
  input_file:WEB-INF/lib/commons-httpclient-3.1.0.wso2v1.jar:org/apache/commons/ssl/Java14TrustManagerWrapper.class
 */
/* loaded from: input_file:WEB-INF/lib/not-yet-commons-ssl-0.3.9.jar:org/apache/commons/ssl/Java14TrustManagerWrapper.class */
public class Java14TrustManagerWrapper implements X509TrustManager {
    private final X509TrustManager trustManager;
    private final TrustChain trustChain;
    private final SSL ssl;

    public Java14TrustManagerWrapper(X509TrustManager x509TrustManager, TrustChain trustChain, SSL ssl) {
        this.trustManager = x509TrustManager;
        this.trustChain = trustChain;
        this.ssl = ssl;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.ssl.setCurrentClientChain(x509CertificateArr);
        CertificateException certificateException = null;
        try {
            this.trustManager.checkClientTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            certificateException = e;
        }
        testShouldWeThrow(certificateException, x509CertificateArr);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.ssl.setCurrentServerChain(x509CertificateArr);
        CertificateException certificateException = null;
        try {
            this.trustManager.checkServerTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            certificateException = e;
        }
        testShouldWeThrow(certificateException, x509CertificateArr);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.trustManager.getAcceptedIssuers();
    }

    private void testShouldWeThrow(CertificateException certificateException, X509Certificate[] x509CertificateArr) throws CertificateException {
        if (certificateException != null) {
            if (getRootThrowable(certificateException) instanceof CertificateExpiredException) {
                if (this.ssl.getCheckExpiry()) {
                    throw certificateException;
                }
            } else if (!this.trustChain.contains(TrustMaterial.TRUST_ALL)) {
                throw certificateException;
            }
        }
        for (X509Certificate x509Certificate : x509CertificateArr) {
            if (this.ssl.getCheckExpiry()) {
                x509Certificate.checkValidity();
            }
            if (this.ssl.getCheckCRL()) {
                Certificates.checkCRL(x509Certificate);
            }
        }
    }

    private static Throwable getRootThrowable(Throwable th) {
        if (th == null) {
            return th;
        }
        Throwable cause = th.getCause();
        while (true) {
            Throwable th2 = cause;
            if (th2 == null || th.equals(th2)) {
                break;
            }
            th = th2;
            cause = th.getCause();
        }
        return th;
    }
}
