package org.openanzo.rdf.utils;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.Socket;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.LinkedHashSet;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import org.openanzo.exceptions.AnzoException;
import org.openanzo.exceptions.ExceptionConstants;
import org.openanzo.rdf.Password;

/* loaded from: input_file:org/openanzo/rdf/utils/AnzoTrustManager.class */
public class AnzoTrustManager extends X509ExtendedTrustManager {
    private static final String FAILED_TO_INITIALIZE_TRUST_MANAGER = "Failed to initialize trust manager";
    private X509TrustManager x509tm;
    private X509TrustManager defaultTm;
    TrustManager[] tms;
    X509Certificate[] mergedCerts;
    private boolean trustAll;
    String trustStore;
    Password trustStorePassword;
    String trustStoreType;
    private static final String ANZO_DIR = ".anzo";
    private static final String DEFAULT_CLIENT_TRUST = "client.ts";

    public AnzoTrustManager(boolean z, String str, Password password, String str2) throws AnzoException {
        initWithProps(z, str, password, str2);
    }

    public AnzoTrustManager(boolean z, TrustManager[] trustManagerArr) throws AnzoException {
        if (trustManagerArr == null) {
            initWithProps(z, null, null, null);
            return;
        }
        try {
            init(z, trustManagerArr);
        } catch (Exception e) {
            throw new AnzoException(ExceptionConstants.IO.ERROR_HTTP_CONNECTION, e, FAILED_TO_INITIALIZE_TRUST_MANAGER);
        }
    }

    public AnzoTrustManager(boolean z, byte[] bArr, Password password, String str) throws AnzoException {
        ByteArrayInputStream byteArrayInputStream;
        if (bArr != null) {
            try {
                byteArrayInputStream = new ByteArrayInputStream(bArr);
            } catch (Exception e) {
                throw new AnzoException(ExceptionConstants.IO.ERROR_HTTP_CONNECTION, e, FAILED_TO_INITIALIZE_TRUST_MANAGER);
            }
        } else {
            byteArrayInputStream = null;
        }
        init(z, null, password, str, byteArrayInputStream);
    }

    private void initWithProps(boolean z, String str, Password password, String str2) throws AnzoException {
        String property;
        FileInputStream fileInputStream = null;
        String str3 = str;
        try {
            if (AnzoCollections.empty(str3)) {
                str3 = System.getProperty("javax.net.ssl.trustStore");
                if (AnzoCollections.empty(str3) && (property = System.getProperty("user.home")) != null) {
                    File file = new File(new File(property, ANZO_DIR), DEFAULT_CLIENT_TRUST);
                    if (file.exists()) {
                        str3 = file.getCanonicalPath();
                        str2 = "JCEKS";
                    }
                }
            }
            if (AnzoCollections.notEmpty(str3)) {
                if (AnzoCollections.empty(str2)) {
                    String property2 = System.getProperty("javax.net.ssl.trustStoreType");
                    str2 = (AnzoCollections.empty(property2) && str3.endsWith(".p12")) ? "PKCS12" : (AnzoCollections.empty(property2) && (str3.endsWith(".ks") || str3.endsWith(".ts"))) ? "JCEKS" : KeyStore.getDefaultType();
                }
            } else if (AnzoCollections.empty(str2)) {
                str2 = KeyStore.getDefaultType();
            }
            if (AnzoCollections.notEmpty(str3)) {
                File file2 = new File(str3);
                if (file2.exists()) {
                    fileInputStream = new FileInputStream(file2);
                }
            }
            init(z, str3, password, str2, fileInputStream);
        } catch (Exception e) {
            throw new AnzoException(ExceptionConstants.IO.ERROR_HTTP_CONNECTION, e, FAILED_TO_INITIALIZE_TRUST_MANAGER);
        }
    }

    private void init(boolean z, String str, Password password, String str2, InputStream inputStream) throws AnzoException, IOException {
        this.trustAll = z;
        this.trustStore = str;
        this.trustStorePassword = password;
        this.trustStoreType = str2;
        try {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                int length = trustManagers.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    TrustManager trustManager = trustManagers[i];
                    if (trustManager instanceof X509TrustManager) {
                        this.defaultTm = (X509TrustManager) trustManager;
                        break;
                    }
                    i++;
                }
                if (AnzoCollections.empty(str2)) {
                    str2 = System.getProperty("javax.net.ssl.trustStoreType", KeyStore.getDefaultType());
                }
                KeyStore keyStore = KeyStore.getInstance(str2);
                if (!z && inputStream != null) {
                    keyStore.load(inputStream, password != null ? password.getDecrypted().toCharArray() : null);
                }
                TrustManagerFactory trustManagerFactory2 = TrustManagerFactory.getInstance("SunX509", "SunJSSE");
                trustManagerFactory2.init(keyStore);
                this.tms = trustManagerFactory2.getTrustManagers();
                for (TrustManager trustManager2 : this.tms) {
                    if (trustManager2 instanceof X509TrustManager) {
                        this.x509tm = (X509TrustManager) trustManager2;
                        if (inputStream != null) {
                            inputStream.close();
                            return;
                        }
                        return;
                    }
                }
                throw new AnzoException(ExceptionConstants.IO.ERROR_HTTP_CONNECTION, "The default Java Trust Manager was not found");
            } catch (Exception e) {
                throw new AnzoException(ExceptionConstants.IO.ERROR_HTTP_CONNECTION, e, FAILED_TO_INITIALIZE_TRUST_MANAGER);
            }
        } finally {
            if (inputStream != null) {
                inputStream.close();
            }
        }
    }

    private boolean init(boolean z, TrustManager[] trustManagerArr) throws AnzoException, IOException {
        this.trustAll = z;
        this.tms = trustManagerArr;
        try {
            for (TrustManager trustManager : trustManagerArr) {
                if (trustManager instanceof X509TrustManager) {
                    this.x509tm = (X509TrustManager) trustManager;
                    return true;
                }
            }
            throw new AnzoException(ExceptionConstants.IO.ERROR_HTTP_CONNECTION, "The default Java Trust Manager was not found");
        } catch (Exception e) {
            throw new AnzoException(ExceptionConstants.IO.ERROR_HTTP_CONNECTION, e, FAILED_TO_INITIALIZE_TRUST_MANAGER);
        }
    }

    public TrustManager[] getTms() {
        return this.tms;
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        checkServerTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        checkServerTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            this.x509tm.checkClientTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            if (this.defaultTm == null) {
                handleCertificateException(e, x509CertificateArr);
                return;
            }
            try {
                this.defaultTm.checkClientTrusted(x509CertificateArr, str);
            } catch (CertificateException e2) {
                handleCertificateException(e2, x509CertificateArr);
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            this.x509tm.checkServerTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            if (this.defaultTm == null) {
                handleCertificateException(e, x509CertificateArr);
                return;
            }
            try {
                this.defaultTm.checkServerTrusted(x509CertificateArr, str);
            } catch (CertificateException e2) {
                handleCertificateException(e2, x509CertificateArr);
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        if (this.mergedCerts == null) {
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            for (X509Certificate x509Certificate : this.x509tm.getAcceptedIssuers()) {
                linkedHashSet.add(x509Certificate);
            }
            if (this.defaultTm != null) {
                for (X509Certificate x509Certificate2 : this.defaultTm.getAcceptedIssuers()) {
                    linkedHashSet.add(x509Certificate2);
                }
            }
            this.mergedCerts = (X509Certificate[]) linkedHashSet.toArray(new X509Certificate[0]);
        }
        return this.mergedCerts;
    }

    private void handleCertificateException(CertificateException certificateException, X509Certificate[] x509CertificateArr) throws CertificateException {
        if (!this.trustAll) {
            throw certificateException;
        }
    }
}
