package io.helidon.common.tls;

import java.lang.System;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Objects;
import javax.net.ssl.X509TrustManager;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:io/helidon/common/tls/TlsReloadableX509TrustManager.class */
public class TlsReloadableX509TrustManager implements X509TrustManager, TlsReloadableComponent {
    private static final System.Logger LOGGER = System.getLogger(TlsReloadableX509TrustManager.class.getName());
    private volatile X509TrustManager trustManager;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/helidon/common/tls/TlsReloadableX509TrustManager$NotReloadableTrustManager.class */
    public static class NotReloadableTrustManager extends TlsReloadableX509TrustManager {
        /* JADX INFO: Access modifiers changed from: package-private */
        public NotReloadableTrustManager() {
            super(null);
        }

        @Override // io.helidon.common.tls.TlsReloadableX509TrustManager, io.helidon.common.tls.TlsReloadableComponent
        public void reload(Tls tls) {
            if (tls.trustManager().isPresent()) {
                throw new UnsupportedOperationException("Cannot set trust manager if one was not set during server start");
            }
        }

        @Override // io.helidon.common.tls.TlsReloadableX509TrustManager
        void reload(X509TrustManager x509TrustManager) {
            throw new UnsupportedOperationException("Cannot set trust manager if one was not set during server start");
        }
    }

    private TlsReloadableX509TrustManager(X509TrustManager x509TrustManager) {
        this.trustManager = x509TrustManager;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.trustManager.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.trustManager.checkServerTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.trustManager.getAcceptedIssuers();
    }

    @Override // io.helidon.common.tls.TlsReloadableComponent
    public void reload(Tls tls) {
        tls.trustManager().ifPresent(this::reload);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void reload(X509TrustManager x509TrustManager) {
        Objects.requireNonNull(x509TrustManager, "Cannot unset trust store");
        assertValid(x509TrustManager);
        LOGGER.log(System.Logger.Level.DEBUG, "Reloading TLS X509TrustManager");
        this.trustManager = x509TrustManager;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static TlsReloadableX509TrustManager create(X509TrustManager x509TrustManager) {
        if (x509TrustManager instanceof TlsReloadableX509TrustManager) {
            return (TlsReloadableX509TrustManager) x509TrustManager;
        }
        assertValid(x509TrustManager);
        return new TlsReloadableX509TrustManager(x509TrustManager);
    }

    static void assertValid(X509TrustManager x509TrustManager) {
        if (x509TrustManager instanceof TlsReloadableX509TrustManager) {
            throw new IllegalArgumentException();
        }
    }
}
