package iaik.jigsaw.https;

import iaik.security.ssl.SSLCertificate;
import iaik.security.ssl.ServerTrustDecider;
import iaik.x509.SimpleChainVerifier;
import iaik.x509.X509Certificate;
import java.security.cert.CertificateException;

/* loaded from: input_file:iaik/jigsaw/https/JigsawServerTrustDecider.class */
public class JigsawServerTrustDecider implements ServerTrustDecider {
    private static final boolean DEBUG = true;
    private boolean requireCertificate = false;
    private boolean requireTrustedRoot = false;
    private SimpleChainVerifier chainVerifier = new SimpleChainVerifier();

    public boolean isTrustedPeer(SSLCertificate sSLCertificate) {
        System.out.println("JigawServerTrustDecider: isTrustedPeer() called");
        if (sSLCertificate == null) {
            if (this.requireCertificate) {
                System.out.println("No client certificate, refusing connection");
                return false;
            }
            System.out.println("No client certificate, may connect anyway.");
            return true;
        }
        try {
            if (this.chainVerifier.verifyChain(castCertificates(sSLCertificate.getCertificateChain()))) {
                System.out.println("Client certificate has chain a trusted root, good.");
                return true;
            }
            if (this.requireTrustedRoot) {
                System.out.println("No trusted root certificate, connection NOT allowed!");
                return false;
            }
            System.out.println("No trusted root certificate, but connect allowed anyway.");
            return true;
        } catch (CertificateException e) {
            System.out.println("Exception during chain verification, returning false");
            System.out.println(e);
            return false;
        }
    }

    private static X509Certificate[] castCertificates(Object[] objArr) {
        X509Certificate[] x509CertificateArr = new X509Certificate[objArr.length];
        for (int i = 0; i < objArr.length; i += DEBUG) {
            x509CertificateArr[i] = (X509Certificate) objArr[i];
        }
        return x509CertificateArr;
    }

    public void setRequireCertificate(boolean z) {
        System.out.println(new StringBuffer("setRequireCertificate to ").append(z).toString());
        this.requireCertificate = z;
    }

    public void setRequireTrustedRoot(boolean z) {
        System.out.println(new StringBuffer("setRequireTrustedRoot to ").append(z).toString());
        this.requireTrustedRoot = z;
    }

    public void setTrustedSigners(java.security.cert.X509Certificate[] x509CertificateArr) {
        this.chainVerifier = new SimpleChainVerifier();
        for (int i = 0; i < x509CertificateArr.length; i += DEBUG) {
            addTrustedSigner(x509CertificateArr[i]);
        }
    }

    public void addTrustedSigner(java.security.cert.X509Certificate x509Certificate) {
        System.out.println(new StringBuffer("Adding dn: ").append(x509Certificate.getSubjectDN()).toString());
        this.chainVerifier.addTrustedCertificate((X509Certificate) x509Certificate);
    }
}
