package app.startup.jcommon.tls;

import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Paths;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Objects;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:app/startup/jcommon/tls/TrustManagers.class */
public class TrustManagers {
    private static final String DEFAULT_TRUSTSTORE_PWD = "changeit";
    private static final String WINDOWS_ROOT = "Windows-ROOT";
    private static final String TRUST_STORE_PROPERTY = "javax.net.ssl.trustStore";

    public static X509TrustManager windowsTrustManager() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        if (!System.getProperty("os.name").startsWith("Windows")) {
            return null;
        }
        KeyStore keyStore = KeyStore.getInstance(WINDOWS_ROOT);
        keyStore.load(null, null);
        return createTrustManager(keyStore);
    }

    public static X509TrustManager configuredOrDefaultTrustManager() throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException {
        return getConfiguredTrustStorePath() != null ? configuredTrustManager() : defaultTrustManager();
    }

    public static X509TrustManager defaultTrustManager() throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
        try {
            return createTrustManager(getDefaultTrustStorePath(), DEFAULT_TRUSTSTORE_PWD.toCharArray(), true);
        } catch (IOException e) {
            if (e.getCause() instanceof UnrecoverableKeyException) {
                return createTrustManager(getDefaultTrustStorePath(), getTrustStorePassword(), true);
            }
            throw e;
        }
    }

    private static String getDefaultTrustStorePath() {
        String str = System.getProperty("java.home") + "/lib/security/";
        String str2 = str + "cacerts";
        String str3 = str + "jssecacerts";
        return Files.exists(Paths.get(str3, new String[0]), new LinkOption[0]) ? str3 : str2;
    }

    public static X509TrustManager configuredTrustManager() throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException {
        if (isTrustStoreTypeConfigured(WINDOWS_ROOT)) {
            return windowsTrustManager();
        }
        String configuredTrustStorePath = getConfiguredTrustStorePath();
        if (configuredTrustStorePath != null) {
            return createTrustManager(configuredTrustStorePath, getTrustStorePassword(), true);
        }
        return null;
    }

    public static boolean isTrustStoreConfigured() {
        String configuredTrustStoreType = getConfiguredTrustStoreType();
        return getConfiguredTrustStorePath() != null || (configuredTrustStoreType != null && configuredTrustStoreType.equalsIgnoreCase(WINDOWS_ROOT));
    }

    private static boolean isTrustStoreTypeConfigured(String str) {
        String configuredTrustStoreType = getConfiguredTrustStoreType();
        return configuredTrustStoreType != null && configuredTrustStoreType.equalsIgnoreCase(str);
    }

    private static String getConfiguredTrustStoreType() {
        return System.getProperty("javax.net.ssl.trustStoreType");
    }

    private static String getConfiguredTrustStorePath() {
        return System.getProperty(TRUST_STORE_PROPERTY);
    }

    public static X509TrustManager createTrustManager(String str, char[] cArr, boolean z) throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException {
        Objects.requireNonNull(str, "Trust store path should not be null");
        if (cArr == null) {
            cArr = DEFAULT_TRUSTSTORE_PWD.toCharArray();
        }
        File file = new File(str);
        if (z || file.exists()) {
            return createTrustManager(KeyStore.getInstance(file, cArr));
        }
        return null;
    }

    public static void useDefaultTruststore() {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, null, null);
            SSLContext.setDefault(sSLContext);
            HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            new RuntimeException("Failed to fall back to the default SSL context", e).printStackTrace();
        }
    }

    private static char[] getTrustStorePassword() {
        String property = System.getProperty("javax.net.ssl.trustStorePassword");
        return (property != null ? property : DEFAULT_TRUSTSTORE_PWD).toCharArray();
    }

    private static X509TrustManager createTrustManager(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        return (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
    }
}
