package usda.weru.util.ssl;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.net.ssl.X509TrustManager;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/**
 *
 * @author mark
 */
public class WepsTrustManager implements X509TrustManager {
    private static final Logger logger = LogManager.getLogger(WepsTrustManager.class);
    private final List<X509Certificate> localJavaCerts;

    public WepsTrustManager (List<X509Certificate> defaultCerts) {
        this.localJavaCerts = defaultCerts;
    }

    @Override
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }

    @Override
    public void checkClientTrusted(X509Certificate[] certs, String authType) {
    }

    @Override
    public void checkServerTrusted(X509Certificate[] siteCerts, String authType) throws CertificateException {

        String subjectName = siteCerts[0].getSubjectDN().getName();
        // accept theses certs from the sites we use,
        // even if not in local cert chain.
        if (subjectName.contains("arcgisonline.com") || 
            subjectName.contains("nationalmap.gov") ||
            subjectName.contains("blm.gov")) {

//            System.out.println("WepsTrustManager: accepting: "+subjectName);
//            logger.info("WepsTrustManager: accepting: "+subjectName);
        } else {
//            System.out.println("WepsTrustManager: passing to default");
//            logger.info("WepsTrustManager: passing to default");
            boolean foundCert = false;
            for (X509Certificate siteCert : siteCerts) {
                //System.out.println("    Certificate subject dn:"+c.getSubjectDN()+"\n               issuer dn:"+c.getIssuerDN());
                //logger.info("    Certificate subject dn:"+c.getSubjectDN()+"\n               issuer dn:"+c.getIssuerDN());

                if (localJavaCerts != null) {
                    for (X509Certificate localCert : localJavaCerts) {
//                                String t2 = localCert.getIssuerDN().getName();
//                                String t3 = localCert.getSubjectDN().getName();
//                                System.out.println("t2:"+t2);
//                                System.out.println("t3:"+t3);
                        if (siteCert.getIssuerDN().getName().contentEquals(localCert.getSubjectDN().getName())) {
                            foundCert = true;
                            break;
                        }
                    }
                }
                if (foundCert) {
//                    System.out.println("    local Certificate match found:"+siteCert.getIssuerDN());
//                    logger.info("    local Certificate match found:"+siteCert.getIssuerDN());
                    break;
                }
            }
            if (!foundCert) {
//                System.out.println("    local Certificate match NOT found");
//                logger.info("    local Certificate match NOT found");
                throw new CertificateException();
            }
        }
    }
    
}