package com.maverick.ssl;

import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:com/maverick/ssl/SSLTransportTrustManager.class */
public class SSLTransportTrustManager implements X509TrustManager {
    private KeyStore trustcacerts;

    public SSLTransportTrustManager() {
        try {
            FileInputStream fileInputStream = new FileInputStream(String.valueOf(System.getProperty("java.home")) + "/lib/security/cacerts".replace('/', File.separatorChar));
            this.trustcacerts = KeyStore.getInstance(KeyStore.getDefaultType());
            this.trustcacerts.load(fileInputStream, "changeit".toCharArray());
        } catch (Exception e) {
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        throw new CertificateException("Client certs are not trusted by the custom SSL trust manager.");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if ("true".equalsIgnoreCase(System.getProperty("com.maverick.ssl.allowUntrustedCertificates"))) {
            return;
        }
        if (this.trustcacerts == null) {
            throw new CertificateException("No trust store found!");
        }
        try {
            CertPath generateCertPath = CertificateFactory.getInstance("X.509").generateCertPath(Arrays.asList(x509CertificateArr));
            PKIXParameters pKIXParameters = new PKIXParameters(this.trustcacerts);
            pKIXParameters.setRevocationEnabled(false);
            ((PKIXCertPathValidatorResult) CertPathValidator.getInstance(CertPathValidator.getDefaultType()).validate(generateCertPath, pKIXParameters)).getTrustAnchor().getTrustedCert();
        } catch (Exception e) {
            throw new CertificateException("Certificate chain is not trusted");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }
}
