package com.huawei.gauss200.jdbc.ssl;

import com.huawei.shade.com.fasterxml.jackson.annotation.JsonProperty;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:com/huawei/gauss200/jdbc/ssl/CheckCertCrlTrustManager.class */
public class CheckCertCrlTrustManager implements X509TrustManager {
    X509TrustManager trustManager;
    String crlFilePath;

    public CheckCertCrlTrustManager(TrustManager trustManager, String str) {
        this.trustManager = (X509TrustManager) trustManager;
        this.crlFilePath = str;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkCertRevoked(x509CertificateArr, CertificateFactory.getInstance("X.509"));
        this.trustManager.checkServerTrusted(x509CertificateArr, str);
    }

    private void checkCertRevoked(X509Certificate[] x509CertificateArr, CertificateFactory certificateFactory) throws CertificateException {
        if (x509CertificateArr == null || x509CertificateArr.length == 0 || certificateFactory == null || this.crlFilePath == null || JsonProperty.USE_DEFAULT_NAME.equals(this.crlFilePath)) {
            return;
        }
        try {
            FileInputStream fileInputStream = new FileInputStream(this.crlFilePath);
            X509CRL x509crl = (X509CRL) certificateFactory.generateCRL(fileInputStream);
            fileInputStream.close();
            for (X509Certificate x509Certificate : x509CertificateArr) {
                if (x509crl.isRevoked(x509Certificate)) {
                    throw new CertificateException("this cert is revoked.");
                }
            }
        } catch (FileNotFoundException | CRLException e) {
            throw new RuntimeException(e);
        } catch (IOException e2) {
            throw new RuntimeException(e2);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}
