package tw.com.draytek.acs.ssl;

import java.io.ByteArrayInputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.axis.Constants;
import org.apache.axis.encoding.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:tw/com/draytek/acs/ssl/DraytekX509TrustManager.class */
public class DraytekX509TrustManager implements X509TrustManager {
    private X509TrustManager standardTrustManager;
    private static final Log LOG = LogFactory.getLog(DraytekX509TrustManager.class);

    public DraytekX509TrustManager(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
        this.standardTrustManager = null;
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers.length == 0) {
            throw new NoSuchAlgorithmException("no trust manager found");
        }
        this.standardTrustManager = (X509TrustManager) trustManagers[0];
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.standardTrustManager.checkClientTrusted(x509CertificateArr, str);
    }

    private static X509Certificate getComodorCertificate() throws CertificateException {
        return getCertificate("-----BEGIN CERTIFICATE-----MIIGCDCCA/CgAwIBAgIQKy5u6tl1NmwUim7bo3yMBzANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQwMjEyMDAwMDAwWhcNMjkwMjExMjM1OTU5WjCBkDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI7CAhnhoFmk6zg1jSz9AdDTScBkxwtiBUUWOqigwAwCfx3M28ShbXcDow+G+eMGnD4LgYqbSRutA776S9uMIO3Vzl5ljj4Nr0zCsLdFXlIvNN5IJGS0Qa4Al/e+Z96e0HqnU4A7fK31llVvl0cKfIWLIpeNs4TgllfQcBhglo/uLQeTnaG6ytHNe+nEKpooIZFNb5JPJaXyejXdJtxGpdCsWTWM/06RQ1A/WZMebFEh7lgUq/51UHg+TLAchhP6a5i84DuUHoVS3AOTJBhuyydRReZw3iVDpA3hSqXttn7IzW3uLh0nc13cRTCAquOyQQuvvUSH2rnlG51/ruWFgqUCAwEAAaOCAWUwggFhMB8GA1UdIwQYMBaAFLuvfgI9+qbxPISOre44mOzZMjLUMB0GA1UdDgQWBBSQr2o6lFoL2JDqElZz30O0Oija5zAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECATBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggrBgEFBQcBAQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAE4rdk+SHGI2ibp3wScF9BzWRJ2pmj6q1WZmAT7qSeaiNbz69t2Vjpk1mA42GHWx3d1Qcnyu3HeIzg/3kCDKo2cuH1Z/e+FE6kKVxF0NAVBGFfKBiVlsit2M8RKhjTpCipj4SzR7JzsItG8kO3KdY3RYPBpsP0/HEZrIqPW1N+8QRcZs2eBelSaz662jue5/DJpmNXMyYE7l3YphLG5SEXdoltMYdVEVABt0iN3hxzgEQyjpFv3ZBdRdRydg1vs4O2xyopT4Qhrf7W8GjEXCBgCq5Ojc2bXhc3js9iPc0d1sjhqPpepUfJa3w/5Vjo1JXvxku88+vZbrac2/4EjxYoIQ5QxGV/Iz2tDIY+3GH5QFlkoakdH368+PUq4NCNk+qKBR6cGHdNXJ93SrLlP7u3r7l+L4HyaPs9Kg4DdbKDsx5Q5XLVq4rXmsXiBmGqW5prU5wfWYQ//u+aen/e7KJD2AFsQXj4rBYKEMrltDR5FL1ZoXX/nUh8HCjLfn4g8wGTeGrODcQgPmlKidrv0PJFGUzpII0fxQ8ANAe4hZ7Q7drNJ3gjTcBpUC2JD5Leo31Rpg0Gcg19hCC0Wvgmje3WYkN5AplBlGGSW4gNfL1IYoakRwJiNiqZ+Gb7+6kHDSVneFeO/qJakXzlByjAA6quPbYzSf+AZxAeKCINT+b72x-----END CERTIFICATE-----");
    }

    private static X509Certificate getMyvigorBkCertificate() throws CertificateException {
        return getCertificate("-----BEGIN CERTIFICATE-----MIICpzCCAhCgAwIBAgIJALDrp5hJTQM9MA0GCSqGSIb3DQEBCwUAMGQxCzAJBgNVBAYTAlRXMQ8wDQYDVQQIDAZUYWl3YW4xEDAOBgNVBAcMB0hzaW5DaHUxEjAQBgNVBAoMCU15Vmlnb3JCSzEeMBwGA1UEAwwVbXl2aWdvcmJrLmRyYXl0ZWsuY29tMB4XDTE2MDcyNzAyNDMyOVoXDTI2MDcyNTAyNDMyOVowZDELMAkGA1UEBhMCVFcxDzANBgNVBAgMBlRhaXdhbjEQMA4GA1UEBwwHSHNpbkNodTESMBAGA1UECgwJTXlWaWdvckJLMR4wHAYDVQQDDBVteXZpZ29yYmsuZHJheXRlay5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMikWaxfI/etkTlYo7hwfwV5ImTfuuSIhGqJhLuna1cOnb0V0uVPneu2EaiJHYmSGnG+rSudvKnSFCFaU/F0a/zfg+88KDzwi09g0wELB1+q3goPAbVj//aSOzq3u+BPMi/ONMsje2dVm0A+qeyKKZH6uFpai3G3RNHxQaRxn6LTAgMBAAGjYTBfMB0GA1UdDgQWBBQJ68w1XKgVoawGOGoTvwhr3ppZuDAfBgNVHSMEGDAWgBQJ68w1XKgVoawGOGoTvwhr3ppZuDAMBgNVHRMEBTADAQH/MA8GA1UdEQQIMAaHBKwQAjwwDQYJKoZIhvcNAQELBQADgYEATMCxYDg+KzrVJfRqiUALyFmn9RZy8WP02qGYF/nO+h67WLxhN921YeghniSjeb0MdFxkgdZ6gIawfsqvQlk4yfhH5urKS4w3Wm6Uc0Wzta8dEPBSu2/9ObTzn9NBbVyoLlR0SJrWN21zjSl8mLrIJCWyd939VYbg9okom+JjlwE=-----END CERTIFICATE-----");
    }

    private static X509Certificate getTestCertificate() throws CertificateException {
        return getCertificate("-----BEGIN CERTIFICATE-----MIICoTCCAgqgAwIBAgIJAPMWHeLfcN0gMA0GCSqGSIb3DQEBBQUAMGExCzAJBgNVBAYTAlRXMQ8wDQYDVQQIEwZUYWl3YW4xEDAOBgNVBAcTB0hzaW5DaHUxFDASBgNVBAoTC3Rlc3Qgc2VydmVyMRkwFwYDVQQDExB0ZXN0LmRyYXl0ZWsuY29tMB4XDTE2MDcyODAzMTIyNVoXDTI2MDcyNjAzMTIyNVowYTELMAkGA1UEBhMCVFcxDzANBgNVBAgTBlRhaXdhbjEQMA4GA1UEBxMHSHNpbkNodTEUMBIGA1UEChMLdGVzdCBzZXJ2ZXIxGTAXBgNVBAMTEHRlc3QuZHJheXRlay5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKret2gFgBsFGVmI45exF/f2TNMcWneF99y2Ef7hqFdbs/khGscKfqSMTakvDN7rh1xRt9liPoE1aXb0+Qkm07gXhSWDZbhG3bi+VyauKS+CZevSxteACpKezLgpIiWo6IREA/u/nB+A6f208/uElR58GJ6GxfQpJY/qTltXcQJXAgMBAAGjYTBfMB0GA1UdDgQWBBSyzQ3TGOxR9GAOA3ZPX+/ljsBekDAfBgNVHSMEGDAWgBSyzQ3TGOxR9GAOA3ZPX+/ljsBekDAMBgNVHRMEBTADAQH/MA8GA1UdEQQIMAaHBKwQAqAwDQYJKoZIhvcNAQEFBQADgYEAPRoOfutZoV9em11dSXyGT56mO1jBwXfNNfPPK9m6QoyZmhlI5l4VDOE/5EFwoI7swb5trDiaL2FLxlAM1vVutB3K48gQFxO/HpmagtZx+4GgQ8dGUCirXjNBvLIHrYx8NKpefaQBBO4VsYu4h+pRhp5gP87BlqzhjJYkv8f0w9U=-----END CERTIFICATE-----");
    }

    private static X509Certificate getCertificate(String str) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.decode(str.replaceAll("-----BEGIN CERTIFICATE-----", Constants.URI_LITERAL_ENC).replaceAll("-----END CERTIFICATE-----", Constants.URI_LITERAL_ENC))));
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        boolean z = false;
        if (x509CertificateArr != null) {
            try {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Server certificate chain:");
                    for (int i = 0; i < x509CertificateArr.length; i++) {
                        LOG.debug("X509Certificate[" + i + "]=" + x509CertificateArr[i]);
                    }
                }
            } catch (Exception e) {
                e.printStackTrace();
                throw new CertificateException();
            }
        }
        if (x509CertificateArr == null || x509CertificateArr.length != 1) {
            this.standardTrustManager.checkServerTrusted(x509CertificateArr, str);
        } else {
            x509CertificateArr[0].checkValidity();
        }
        for (X509Certificate x509Certificate : x509CertificateArr) {
            for (X509Certificate x509Certificate2 : getAcceptedIssuers()) {
                if (x509Certificate.equals(x509Certificate2)) {
                    z = true;
                }
            }
            if ((x509Certificate instanceof X509Certificate) && x509Certificate.getSubjectDN().toString().indexOf(".draytek.com") != -1) {
                z = new String(x509Certificate.getSubjectDN().toString()).matches("^CN=(auth|myvigor).draytek.com.*OU=Domain Control Validated.*");
            }
        }
        if (z) {
            return;
        }
        System.err.println("Invalid Certificate");
        throw new CertificateException();
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.standardTrustManager.getAcceptedIssuers();
    }
}
