package org.ldaptive.ssl;

import java.net.Socket;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.stream.Stream;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.PropertyAccessor;

/* loaded from: input_file:WEB-INF/lib/ldaptive-2.1.0.jar:org/ldaptive/ssl/AggregateTrustManager.class */
public class AggregateTrustManager extends X509ExtendedTrustManager {
    protected final Logger logger;
    private final X509ExtendedTrustManager[] trustManagers;
    private final Strategy trustStrategy;

    /* loaded from: input_file:WEB-INF/lib/ldaptive-2.1.0.jar:org/ldaptive/ssl/AggregateTrustManager$Strategy.class */
    public enum Strategy {
        ALL,
        ANY
    }

    public AggregateTrustManager(X509TrustManager... x509TrustManagerArr) {
        this(Strategy.ALL, x509TrustManagerArr);
    }

    public AggregateTrustManager(Strategy strategy, X509TrustManager... x509TrustManagerArr) {
        this.logger = LoggerFactory.getLogger(getClass());
        if (strategy == null) {
            throw new NullPointerException("Strategy cannot be null");
        }
        this.trustStrategy = strategy;
        if (x509TrustManagerArr == null || x509TrustManagerArr.length == 0) {
            throw new NullPointerException("Trust managers cannot be empty or null");
        }
        this.trustManagers = (X509ExtendedTrustManager[]) Stream.of((Object[]) x509TrustManagerArr).map(x509TrustManager -> {
            return x509TrustManager instanceof X509ExtendedTrustManager ? (X509ExtendedTrustManager) x509TrustManager : new X509ExtendedTrustManagerWrapper(x509TrustManager, new DefaultHostnameVerifier());
        }).toArray(i -> {
            return new X509ExtendedTrustManager[i];
        });
    }

    public X509TrustManager[] getTrustManagers() {
        return this.trustManagers;
    }

    public Strategy getTrustStrategy() {
        return this.trustStrategy;
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        CertificateException certificateException = null;
        for (X509ExtendedTrustManager x509ExtendedTrustManager : this.trustManagers) {
            try {
                x509ExtendedTrustManager.checkClientTrusted(x509CertificateArr, str, socket);
                this.logger.debug("checkClientTrusted for {} succeeded", x509ExtendedTrustManager);
            } catch (CertificateException e) {
                this.logger.debug("checkClientTrusted for {} failed", x509ExtendedTrustManager);
                if (this.trustStrategy == Strategy.ALL) {
                    throw e;
                }
                if (certificateException == null) {
                    certificateException = e;
                }
            }
            if (this.trustStrategy == Strategy.ANY) {
                return;
            }
        }
        if (certificateException != null) {
            throw certificateException;
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        CertificateException certificateException = null;
        for (X509ExtendedTrustManager x509ExtendedTrustManager : this.trustManagers) {
            try {
                x509ExtendedTrustManager.checkClientTrusted(x509CertificateArr, str, sSLEngine);
                this.logger.debug("checkClientTrusted for {} succeeded", x509ExtendedTrustManager);
            } catch (CertificateException e) {
                this.logger.debug("checkClientTrusted for {} failed", x509ExtendedTrustManager);
                if (this.trustStrategy == Strategy.ALL) {
                    throw e;
                }
                if (certificateException == null) {
                    certificateException = e;
                }
            }
            if (this.trustStrategy == Strategy.ANY) {
                return;
            }
        }
        if (certificateException != null) {
            throw certificateException;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        CertificateException certificateException = null;
        for (X509ExtendedTrustManager x509ExtendedTrustManager : this.trustManagers) {
            try {
                x509ExtendedTrustManager.checkClientTrusted(x509CertificateArr, str);
                this.logger.debug("checkClientTrusted for {} succeeded", x509ExtendedTrustManager);
            } catch (CertificateException e) {
                this.logger.debug("checkClientTrusted for {} failed", x509ExtendedTrustManager);
                if (this.trustStrategy == Strategy.ALL) {
                    throw e;
                }
                if (certificateException == null) {
                    certificateException = e;
                }
            }
            if (this.trustStrategy == Strategy.ANY) {
                return;
            }
        }
        if (certificateException != null) {
            throw certificateException;
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        CertificateException certificateException = null;
        for (X509ExtendedTrustManager x509ExtendedTrustManager : this.trustManagers) {
            try {
                x509ExtendedTrustManager.checkServerTrusted(x509CertificateArr, str, socket);
                this.logger.debug("checkServerTrusted for {} succeeded", x509ExtendedTrustManager);
            } catch (CertificateException e) {
                this.logger.debug("checkServerTrusted for {} failed", x509ExtendedTrustManager);
                if (this.trustStrategy == Strategy.ALL) {
                    throw e;
                }
                if (certificateException == null) {
                    certificateException = e;
                }
            }
            if (this.trustStrategy == Strategy.ANY) {
                return;
            }
        }
        if (certificateException != null) {
            throw certificateException;
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        CertificateException certificateException = null;
        for (X509ExtendedTrustManager x509ExtendedTrustManager : this.trustManagers) {
            try {
                x509ExtendedTrustManager.checkServerTrusted(x509CertificateArr, str, sSLEngine);
                this.logger.debug("checkServerTrusted for {} succeeded", x509ExtendedTrustManager);
            } catch (CertificateException e) {
                this.logger.debug("checkServerTrusted for {} failed", x509ExtendedTrustManager);
                if (this.trustStrategy == Strategy.ALL) {
                    throw e;
                }
                if (certificateException == null) {
                    certificateException = e;
                }
            }
            if (this.trustStrategy == Strategy.ANY) {
                return;
            }
        }
        if (certificateException != null) {
            throw certificateException;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        CertificateException certificateException = null;
        for (X509ExtendedTrustManager x509ExtendedTrustManager : this.trustManagers) {
            try {
                x509ExtendedTrustManager.checkServerTrusted(x509CertificateArr, str);
                this.logger.debug("checkServerTrusted for {} succeeded", x509ExtendedTrustManager);
            } catch (CertificateException e) {
                this.logger.debug("checkServerTrusted for {} failed", x509ExtendedTrustManager);
                if (this.trustStrategy == Strategy.ALL) {
                    throw e;
                }
                if (certificateException == null) {
                    certificateException = e;
                }
            }
            if (this.trustStrategy == Strategy.ANY) {
                return;
            }
        }
        if (certificateException != null) {
            throw certificateException;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return (X509Certificate[]) Stream.of((Object[]) this.trustManagers).map((v0) -> {
            return v0.getAcceptedIssuers();
        }).toArray(i -> {
            return new X509Certificate[i];
        });
    }

    public String toString() {
        return PropertyAccessor.PROPERTY_KEY_PREFIX + getClass().getName() + "@" + hashCode() + "::trustManagers=" + Arrays.toString(this.trustManagers) + ", trustStrategy=" + this.trustStrategy + "]";
    }
}
