package won.cryptography.ssl;

import java.lang.invoke.MethodHandles;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.apache.http.ssl.TrustStrategy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import won.cryptography.service.TrustStoreService;

/* loaded from: input_file:WEB-INF/lib/won-core-0.5.jar:won/cryptography/ssl/TOFUStrategy.class */
public class TOFUStrategy implements TrustStrategy {
    private TrustStoreService trustStoreService;
    private AliasGenerator aliasGenerator = new AliasFromFingerprintGenerator();
    private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());

    public void setTrustStoreService(TrustStoreService trustStoreService) {
        this.trustStoreService = trustStoreService;
    }

    public void setAliasGenerator(AliasGenerator aliasGenerator) {
        this.aliasGenerator = aliasGenerator;
    }

    @Override // org.apache.http.ssl.TrustStrategy
    public boolean isTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr == null || x509CertificateArr.length < 1) {
            return false;
        }
        X509Certificate x509Certificate = x509CertificateArr[0];
        String generateAlias = this.aliasGenerator.generateAlias(x509Certificate);
        if (this.trustStoreService.isCertKnown(x509Certificate)) {
            return true;
        }
        try {
            this.trustStoreService.addCertificate(generateAlias, x509Certificate, false);
            logger.info("Certificate for " + generateAlias + " is added based on TOFU and from now on it is trusted!");
            return true;
        } catch (Exception e) {
            logger.warn("Certificate could not be added as trusted for TOFU for alias " + generateAlias, (Throwable) e);
            return false;
        }
    }
}
