package org.jetbrains.idea.svn.auth;

import com.intellij.openapi.diagnostic.Logger;
import com.intellij.util.net.ssl.CertificateManager;
import com.intellij.util.net.ssl.ClientOnlyTrustManager;
import com.intellij.util.net.ssl.ConfirmingTrustManager;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.apache.http.client.utils.URIBuilder;
import org.jetbrains.annotations.NonNls;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.idea.svn.SvnConfiguration;
import org.jetbrains.idea.svn.api.Url;
import org.jetbrains.idea.svn.history.SvnCommittedChangesProvider;

/* loaded from: input_file:org/jetbrains/idea/svn/auth/CertificateTrustManager.class */
public class CertificateTrustManager extends ClientOnlyTrustManager {
    private static final Logger LOG = Logger.getInstance(CertificateTrustManager.class);

    @NonNls
    private static final String CMD_SSL_SERVER = "cmd.ssl.server";

    @NotNull
    private final AuthenticationService myAuthenticationService;

    @NotNull
    private final Url myRepositoryUrl;

    @NotNull
    private final String myRealm;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.jetbrains.idea.svn.auth.CertificateTrustManager$1, reason: invalid class name */
    /* loaded from: input_file:org/jetbrains/idea/svn/auth/CertificateTrustManager$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$jetbrains$idea$svn$auth$AcceptResult = new int[AcceptResult.values().length];

        static {
            try {
                $SwitchMap$org$jetbrains$idea$svn$auth$AcceptResult[AcceptResult.ACCEPTED_PERMANENTLY.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$jetbrains$idea$svn$auth$AcceptResult[AcceptResult.ACCEPTED_TEMPORARILY.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$jetbrains$idea$svn$auth$AcceptResult[AcceptResult.REJECTED.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public CertificateTrustManager(@NotNull AuthenticationService authenticationService, @NotNull Url url) {
        if (authenticationService == null) {
            $$$reportNull$$$0(0);
        }
        if (url == null) {
            $$$reportNull$$$0(1);
        }
        this.myAuthenticationService = authenticationService;
        this.myRepositoryUrl = url;
        this.myRealm = new URIBuilder().setScheme(url.getProtocol()).setHost(url.getHost()).setPort(url.getPort()).toString();
    }

    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr == null || x509CertificateArr.length <= 0 || x509CertificateArr[0] == null) {
            return;
        }
        X509Certificate x509Certificate = x509CertificateArr[0];
        if (checkPassive(x509Certificate)) {
            return;
        }
        if (!isAcceptedByIdea(x509CertificateArr, str)) {
            checkActive(x509Certificate);
        }
        acknowledge(x509Certificate);
    }

    private boolean checkPassive(@NotNull X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            $$$reportNull$$$0(2);
        }
        return x509Certificate.equals(SvnConfiguration.RUNTIME_AUTH_CACHE.getDataWithLowerCheck(CMD_SSL_SERVER, this.myRealm));
    }

    private static boolean isAcceptedByIdea(X509Certificate[] x509CertificateArr, String str) {
        boolean z;
        if (x509CertificateArr == null) {
            $$$reportNull$$$0(3);
        }
        try {
            CertificateManager.getInstance().getTrustManager().checkServerTrusted(x509CertificateArr, str, ConfirmingTrustManager.CertificateConfirmationParameters.doNotAskConfirmation());
            z = true;
        } catch (CertificateException e) {
            LOG.debug(e);
            z = false;
        }
        return z;
    }

    private void checkActive(@NotNull X509Certificate x509Certificate) throws CertificateException {
        if (x509Certificate == null) {
            $$$reportNull$$$0(4);
        }
        switch (AnonymousClass1.$SwitchMap$org$jetbrains$idea$svn$auth$AcceptResult[this.myAuthenticationService.getAuthenticationManager().getProvider().acceptServerAuthentication(this.myRepositoryUrl, this.myRealm, x509Certificate, this.myAuthenticationService.getAuthenticationManager().getHostOptions(this.myRepositoryUrl).isAuthStorageEnabled()).ordinal()]) {
            case 1:
            case SvnCommittedChangesProvider.VERSION_WITH_COPY_PATHS_ADDED /* 2 */:
            default:
                return;
            case SvnCommittedChangesProvider.VERSION_WITH_REPLACED_PATHS /* 3 */:
                throw new CertificateException("Server SSL certificate rejected");
        }
    }

    private void acknowledge(@NotNull X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            $$$reportNull$$$0(5);
        }
        this.myAuthenticationService.getVcs().getSvnConfiguration().acknowledge(CMD_SSL_SERVER, this.myRealm, x509Certificate);
    }

    public X509Certificate[] getAcceptedIssuers() {
        return CertificateManager.getInstance().getTrustManager().getAcceptedIssuers();
    }

    private static /* synthetic */ void $$$reportNull$$$0(int i) {
        Object[] objArr = new Object[3];
        switch (i) {
            case 0:
            default:
                objArr[0] = "authenticationService";
                break;
            case 1:
                objArr[0] = "repositoryUrl";
                break;
            case SvnCommittedChangesProvider.VERSION_WITH_COPY_PATHS_ADDED /* 2 */:
            case 4:
            case 5:
                objArr[0] = "certificate";
                break;
            case SvnCommittedChangesProvider.VERSION_WITH_REPLACED_PATHS /* 3 */:
                objArr[0] = "chain";
                break;
        }
        objArr[1] = "org/jetbrains/idea/svn/auth/CertificateTrustManager";
        switch (i) {
            case 0:
            case 1:
            default:
                objArr[2] = "<init>";
                break;
            case SvnCommittedChangesProvider.VERSION_WITH_COPY_PATHS_ADDED /* 2 */:
                objArr[2] = "checkPassive";
                break;
            case SvnCommittedChangesProvider.VERSION_WITH_REPLACED_PATHS /* 3 */:
                objArr[2] = "isAcceptedByIdea";
                break;
            case 4:
                objArr[2] = "checkActive";
                break;
            case 5:
                objArr[2] = "acknowledge";
                break;
        }
        throw new IllegalArgumentException(String.format("Argument for @NotNull parameter '%s' of %s.%s must not be null", objArr));
    }
}
