package org.jenkinsci.remoting.protocol.cert;

import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.net.Socket;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedTrustManager;
import net.jcip.annotations.GuardedBy;
import org.jenkinsci.remoting.util.KeyUtils;

/* loaded from: input_file:WEB-INF/lib/remoting-3309.v27b_9314fd1a_4.jar:org/jenkinsci/remoting/protocol/cert/PublicKeyMatchingX509ExtendedTrustManager.class */
public class PublicKeyMatchingX509ExtendedTrustManager extends X509ExtendedTrustManager {

    @GuardedBy("self")
    private final List<PublicKey> publicKeys;
    private final boolean strictClient;
    private final boolean strictServer;

    public PublicKeyMatchingX509ExtendedTrustManager(PublicKey... publicKeyArr) {
        this(true, true, publicKeyArr);
    }

    public PublicKeyMatchingX509ExtendedTrustManager(boolean z, boolean z2, PublicKey... publicKeyArr) {
        this.publicKeys = new ArrayList(Arrays.asList(publicKeyArr));
        this.strictClient = z;
        this.strictServer = z2;
    }

    public boolean add(@NonNull PublicKey publicKey) {
        synchronized (this.publicKeys) {
            Iterator<PublicKey> it = this.publicKeys.iterator();
            while (it.hasNext()) {
                if (KeyUtils.equals(publicKey, it.next())) {
                    return false;
                }
            }
            this.publicKeys.add(publicKey);
            return true;
        }
    }

    public boolean remove(PublicKey publicKey) {
        synchronized (this.publicKeys) {
            Iterator<PublicKey> it = this.publicKeys.iterator();
            while (it.hasNext()) {
                if (KeyUtils.equals(publicKey, it.next())) {
                    it.remove();
                    return true;
                }
            }
            return false;
        }
    }

    public boolean isTrusted(PublicKey publicKey) {
        synchronized (this.publicKeys) {
            Iterator<PublicKey> it = this.publicKeys.iterator();
            while (it.hasNext()) {
                if (KeyUtils.equals(publicKey, it.next())) {
                    return true;
                }
            }
            return false;
        }
    }

    public void clear() {
        synchronized (this.publicKeys) {
            this.publicKeys.clear();
        }
    }

    private static void validateAuthType(String str) {
        if (str == null) {
            throw new IllegalArgumentException("authType must not be null");
        }
        if (str.isEmpty()) {
            throw new IllegalArgumentException("authType must not be zero-length");
        }
    }

    private static void validateChain(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr == null) {
            throw new IllegalArgumentException("chain must not be null");
        }
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("chain must not be zero-length");
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:28:0x0071, code lost:
    
        if (isTrusted(r0) != false) goto L20;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void checkPublicKey(boolean r10, java.security.cert.X509Certificate[] r11) throws java.security.cert.CertificateException {
        /*
            r9 = this;
            r0 = r11
            r1 = 0
            r0 = r0[r1]
            java.security.PublicKey r0 = r0.getPublicKey()
            r12 = r0
            r0 = r12
            byte[] r0 = r0.getEncoded()
            r13 = r0
            r0 = r13
            if (r0 != 0) goto L40
            java.security.cert.CertificateException r0 = new java.security.cert.CertificateException
            r1 = r0
            java.lang.String r2 = "Public key of the first certificate in chain (subject: '%s') (algorithm: '%s'; format: '%s') does not support binary encoding"
            r3 = 3
            java.lang.Object[] r3 = new java.lang.Object[r3]
            r4 = r3
            r5 = 0
            r6 = r11
            r7 = 0
            r6 = r6[r7]
            javax.security.auth.x500.X500Principal r6 = r6.getSubjectX500Principal()
            r4[r5] = r6
            r4 = r3
            r5 = 1
            r6 = r12
            java.lang.String r6 = r6.getAlgorithm()
            r4[r5] = r6
            r4 = r3
            r5 = 2
            r6 = r12
            java.lang.String r6 = r6.getFormat()
            r4[r5] = r6
            java.lang.String r2 = java.lang.String.format(r2, r3)
            r1.<init>(r2)
            throw r0
        L40:
            r0 = r9
            java.util.List<java.security.PublicKey> r0 = r0.publicKeys
            r1 = r0
            r14 = r1
            monitor-enter(r0)
            r0 = r9
            java.util.List<java.security.PublicKey> r0 = r0.publicKeys     // Catch: java.lang.Throwable -> L7e
            boolean r0 = r0.isEmpty()     // Catch: java.lang.Throwable -> L7e
            if (r0 == 0) goto L6c
            r0 = r10
            if (r0 == 0) goto L62
            r0 = r9
            boolean r0 = r0.strictClient     // Catch: java.lang.Throwable -> L7e
            if (r0 != 0) goto L78
            goto L74
        L62:
            r0 = r9
            boolean r0 = r0.strictServer     // Catch: java.lang.Throwable -> L7e
            if (r0 != 0) goto L78
            goto L74
        L6c:
            r0 = r9
            r1 = r12
            boolean r0 = r0.isTrusted(r1)     // Catch: java.lang.Throwable -> L7e
            if (r0 == 0) goto L78
        L74:
            r0 = r14
            monitor-exit(r0)     // Catch: java.lang.Throwable -> L7e
            return
        L78:
            r0 = r14
            monitor-exit(r0)     // Catch: java.lang.Throwable -> L7e
            goto L86
        L7e:
            r15 = move-exception
            r0 = r14
            monitor-exit(r0)     // Catch: java.lang.Throwable -> L7e
            r0 = r15
            throw r0
        L86:
            java.security.cert.CertificateException r0 = new java.security.cert.CertificateException
            r1 = r0
            java.lang.String r2 = "Public key of the first certificate in chain (subject: %s) is not in the list of trusted keys"
            r3 = 1
            java.lang.Object[] r3 = new java.lang.Object[r3]
            r4 = r3
            r5 = 0
            r6 = r11
            r7 = 0
            r6 = r6[r7]
            javax.security.auth.x500.X500Principal r6 = r6.getSubjectX500Principal()
            r4[r5] = r6
            java.lang.String r2 = java.lang.String.format(r2, r3)
            r1.<init>(r2)
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.jenkinsci.remoting.protocol.cert.PublicKeyMatchingX509ExtendedTrustManager.checkPublicKey(boolean, java.security.cert.X509Certificate[]):void");
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        validateAuthType(str);
        validateChain(x509CertificateArr);
        checkPublicKey(true, x509CertificateArr);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        validateAuthType(str);
        validateChain(x509CertificateArr);
        checkPublicKey(false, x509CertificateArr);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        validateAuthType(str);
        validateChain(x509CertificateArr);
        checkPublicKey(true, x509CertificateArr);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        validateAuthType(str);
        validateChain(x509CertificateArr);
        checkPublicKey(false, x509CertificateArr);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        validateAuthType(str);
        validateChain(x509CertificateArr);
        checkPublicKey(true, x509CertificateArr);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        validateAuthType(str);
        validateChain(x509CertificateArr);
        checkPublicKey(false, x509CertificateArr);
    }

    @Override // javax.net.ssl.X509TrustManager
    @SuppressFBWarnings(value = {"WEAK_TRUST_MANAGER"}, justification = "An intentionally overtrusting manager.")
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}
