package org.jetbrains.idea.svn.auth;

import com.intellij.openapi.diagnostic.Logger;
import com.intellij.util.net.ssl.CertificateManager;
import com.intellij.util.net.ssl.ClientOnlyTrustManager;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.apache.http.client.utils.URIBuilder;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.jetbrains.idea.svn.SvnConfiguration;
import org.jetbrains.idea.svn.history.SvnCommittedChangesProvider;
import org.tmatesoft.svn.core.SVNURL;

/* loaded from: input_file:org/jetbrains/idea/svn/auth/CertificateTrustManager.class */
public class CertificateTrustManager extends ClientOnlyTrustManager {
    private static final Logger LOG = Logger.getInstance(CertificateTrustManager.class);

    @NotNull
    private final AuthenticationService myAuthenticationService;

    @NotNull
    private final SVNURL myRepositoryUrl;

    @NotNull
    private final String myRealm;

    public CertificateTrustManager(@NotNull AuthenticationService authenticationService, @NotNull SVNURL svnurl) {
        if (authenticationService == null) {
            throw new IllegalArgumentException(String.format("Argument for @NotNull parameter '%s' of %s.%s must not be null", "authenticationService", "org/jetbrains/idea/svn/auth/CertificateTrustManager", "<init>"));
        }
        if (svnurl == null) {
            throw new IllegalArgumentException(String.format("Argument for @NotNull parameter '%s' of %s.%s must not be null", "repositoryUrl", "org/jetbrains/idea/svn/auth/CertificateTrustManager", "<init>"));
        }
        this.myAuthenticationService = authenticationService;
        this.myRepositoryUrl = svnurl;
        this.myRealm = new URIBuilder().setScheme(svnurl.getProtocol()).setHost(svnurl.getHost()).setPort(svnurl.getPort()).toString();
    }

    public void checkServerTrusted(@Nullable X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr == null || x509CertificateArr.length <= 0 || x509CertificateArr[0] == null) {
            return;
        }
        X509Certificate x509Certificate = x509CertificateArr[0];
        if (checkPassive(x509Certificate)) {
            return;
        }
        if (!isAcceptedByIdea(x509CertificateArr, str)) {
            checkActive(x509Certificate);
        }
        acknowledge(x509Certificate);
    }

    private boolean checkPassive(@NotNull X509Certificate x509Certificate) throws CertificateEncodingException {
        if (x509Certificate == null) {
            throw new IllegalArgumentException(String.format("Argument for @NotNull parameter '%s' of %s.%s must not be null", "certificate", "org/jetbrains/idea/svn/auth/CertificateTrustManager", "checkPassive"));
        }
        return x509Certificate.equals(SvnConfiguration.RUNTIME_AUTH_CACHE.getDataWithLowerCheck("svn.ssl.server", this.myRealm));
    }

    private static boolean isAcceptedByIdea(@NotNull X509Certificate[] x509CertificateArr, String str) {
        boolean z;
        if (x509CertificateArr == null) {
            throw new IllegalArgumentException(String.format("Argument for @NotNull parameter '%s' of %s.%s must not be null", "chain", "org/jetbrains/idea/svn/auth/CertificateTrustManager", "isAcceptedByIdea"));
        }
        try {
            CertificateManager.getInstance().getTrustManager().checkServerTrusted(x509CertificateArr, str, false, false);
            z = true;
        } catch (CertificateException e) {
            LOG.debug(e);
            z = false;
        }
        return z;
    }

    private void checkActive(@NotNull X509Certificate x509Certificate) throws CertificateException {
        if (x509Certificate == null) {
            throw new IllegalArgumentException(String.format("Argument for @NotNull parameter '%s' of %s.%s must not be null", "certificate", "org/jetbrains/idea/svn/auth/CertificateTrustManager", "checkActive"));
        }
        switch (this.myAuthenticationService.getAuthenticationManager().getInnerProvider().acceptServerAuthentication(this.myRepositoryUrl, this.myRealm, x509Certificate, this.myAuthenticationService.getAuthenticationManager().m66getHostOptionsProvider().getHostOptions(this.myRepositoryUrl).isAuthStorageEnabled())) {
            case 0:
                throw new CertificateException("Server SSL certificate rejected");
            case 1:
            case SvnCommittedChangesProvider.VERSION_WITH_COPY_PATHS_ADDED /* 2 */:
            default:
                return;
        }
    }

    private void acknowledge(@NotNull X509Certificate x509Certificate) throws CertificateEncodingException {
        if (x509Certificate == null) {
            throw new IllegalArgumentException(String.format("Argument for @NotNull parameter '%s' of %s.%s must not be null", "certificate", "org/jetbrains/idea/svn/auth/CertificateTrustManager", "acknowledge"));
        }
        this.myAuthenticationService.getVcs().getSvnConfiguration().acknowledge("cmd.ssl.server", this.myRealm, x509Certificate);
    }

    public X509Certificate[] getAcceptedIssuers() {
        return CertificateManager.getInstance().getTrustManager().getAcceptedIssuers();
    }
}
