package net.shibboleth.utilities.jetty94;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CRL;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.ssl.SslContextFactory;

/* loaded from: input_file:net/shibboleth/utilities/jetty94/DelegateToApplicationSslContextFactory.class */
public class DelegateToApplicationSslContextFactory extends SslContextFactory.Server {
    private boolean advertiseIssuers;

    public DelegateToApplicationSslContextFactory() {
        setWantClientAuth(true);
        setValidateCerts(false);
    }

    public void setAdvertiseIssuers(boolean z) {
        this.advertiseIssuers = z;
    }

    protected TrustManager[] getTrustManagers(final KeyStore keyStore, Collection<? extends CRL> collection) throws Exception {
        return new TrustManager[]{new X509TrustManager() { // from class: net.shibboleth.utilities.jetty94.DelegateToApplicationSslContextFactory.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                if (!DelegateToApplicationSslContextFactory.this.advertiseIssuers || keyStore == null) {
                    return new X509Certificate[0];
                }
                ArrayList arrayList = new ArrayList();
                try {
                    Enumeration<String> aliases = keyStore.aliases();
                    while (aliases.hasMoreElements()) {
                        String nextElement = aliases.nextElement();
                        if (keyStore.isCertificateEntry(nextElement)) {
                            Certificate certificate = keyStore.getCertificate(nextElement);
                            if (certificate instanceof X509Certificate) {
                                arrayList.add((X509Certificate) certificate);
                            }
                        }
                    }
                } catch (KeyStoreException e) {
                    Log.getLogger(DelegateToApplicationSslContextFactory.class).warn(e);
                }
                return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
            }
        }};
    }
}
