package com.atlassian.bamboo.security.ssl;

import com.atlassian.bamboo.util.Narrow;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/atlassian/bamboo/security/ssl/DefaultTrustManager.class */
public class DefaultTrustManager implements X509TrustManager {
    private final X509TrustManager defaultTrustManager = getDefaultTrustManager();
    private static final Logger log = Logger.getLogger(DefaultTrustManager.class);

    private static X509TrustManager getDefaultTrustManager() throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            X509TrustManager x509TrustManager = (X509TrustManager) Narrow.downTo(trustManager, X509TrustManager.class);
            if (x509TrustManager != null) {
                return x509TrustManager;
            }
        }
        throw new NoSuchAlgorithmException("Cannot find default trust manager.");
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.defaultTrustManager.getAcceptedIssuers();
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.defaultTrustManager.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            this.defaultTrustManager.checkServerTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            if (x509CertificateArr.length > 0) {
                log.warn("Untrusted certificate (issued by [" + x509CertificateArr[0].getIssuerDN().toString() + "]). Consider registering new Certificate Authority (CA)", e);
            } else {
                log.warn("Empty certificate chain", e);
            }
            throw e;
        }
    }
}
