package com.unboundid.util.ssl;

import com.microsoft.identity.client.claims.WWWAuthenticateHeader;
import com.unboundid.asn1.ASN1OctetString;
import com.unboundid.util.Debug;
import com.unboundid.util.NotMutable;
import com.unboundid.util.ObjectPair;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import com.unboundid.util.ssl.cert.AuthorityKeyIdentifierExtension;
import com.unboundid.util.ssl.cert.SubjectKeyIdentifierExtension;
import com.unboundid.util.ssl.cert.X509Certificate;
import com.unboundid.util.ssl.cert.X509CertificateExtension;
import java.io.File;
import java.io.FileInputStream;
import java.io.Serializable;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.ssl.X509TrustManager;
import mv.b;

/* compiled from: ProGuard */
@ThreadSafety(level = ThreadSafetyLevel.COMPLETELY_THREADSAFE)
@NotMutable
/* loaded from: classes5.dex */
public final class JVMDefaultTrustManager implements X509TrustManager, Serializable {
    private static final String PROPERTY_JAVA_HOME = "java.home";
    private static final long serialVersionUID = -8587938729712485943L;
    private final File caCertsFile;
    private final CertificateException certificateException;
    private final KeyStore keystore;
    private final Map<ASN1OctetString, X509Certificate> trustedCertsByKeyID;
    private final Map<ASN1OctetString, java.security.cert.X509Certificate> trustedCertsBySignature;
    private static final AtomicReference<JVMDefaultTrustManager> INSTANCE = new AtomicReference<>();
    public static final String[] FILE_EXTENSIONS = {".jks", ".p12", ".pkcs12", ".pfx"};
    private static final java.security.cert.X509Certificate[] NO_CERTIFICATES = new java.security.cert.X509Certificate[0];

    public JVMDefaultTrustManager(String str) {
        String systemProperty = StaticUtils.getSystemProperty(str);
        if (systemProperty == null) {
            this.certificateException = new CertificateException(b.ERR_JVM_DEFAULT_TRUST_MANAGER_NO_JAVA_HOME.b(str));
            this.caCertsFile = null;
            this.keystore = null;
            this.trustedCertsBySignature = Collections.emptyMap();
            this.trustedCertsByKeyID = Collections.emptyMap();
            return;
        }
        File file = new File(systemProperty);
        if (file.exists() && file.isDirectory()) {
            try {
                ObjectPair<KeyStore, File> jVMDefaultKeyStore = getJVMDefaultKeyStore(file);
                KeyStore first = jVMDefaultKeyStore.getFirst();
                this.keystore = first;
                this.caCertsFile = jVMDefaultKeyStore.getSecond();
                LinkedHashMap linkedHashMap = new LinkedHashMap(StaticUtils.computeMapCapacity(50));
                LinkedHashMap linkedHashMap2 = new LinkedHashMap(StaticUtils.computeMapCapacity(50));
                try {
                    Enumeration<String> aliases = first.aliases();
                    while (true) {
                        while (aliases.hasMoreElements()) {
                            try {
                                java.security.cert.X509Certificate x509Certificate = (java.security.cert.X509Certificate) this.keystore.getCertificate(aliases.nextElement());
                                if (x509Certificate != null) {
                                    linkedHashMap.put(new ASN1OctetString(x509Certificate.getSignature()), x509Certificate);
                                    try {
                                        X509Certificate x509Certificate2 = new X509Certificate(x509Certificate.getEncoded());
                                        while (true) {
                                            for (X509CertificateExtension x509CertificateExtension : x509Certificate2.getExtensions()) {
                                                if (x509CertificateExtension instanceof SubjectKeyIdentifierExtension) {
                                                    linkedHashMap2.put(new ASN1OctetString(((SubjectKeyIdentifierExtension) x509CertificateExtension).getKeyIdentifier().getValue()), x509Certificate2);
                                                }
                                            }
                                        }
                                    } catch (Exception e11) {
                                        Debug.debugException(e11);
                                    }
                                }
                            } catch (Exception e12) {
                                Debug.debugException(e12);
                            }
                        }
                        this.trustedCertsBySignature = Collections.unmodifiableMap(linkedHashMap);
                        this.trustedCertsByKeyID = Collections.unmodifiableMap(linkedHashMap2);
                        this.certificateException = null;
                        return;
                    }
                } catch (Exception e13) {
                    Debug.debugException(e13);
                    this.certificateException = new CertificateException(b.ERR_JVM_DEFAULT_TRUST_MANAGER_ERROR_ITERATING_THROUGH_CACERTS.b(this.caCertsFile.getAbsolutePath(), StaticUtils.getExceptionMessage(e13)), e13);
                    this.trustedCertsBySignature = Collections.emptyMap();
                    this.trustedCertsByKeyID = Collections.emptyMap();
                    return;
                }
            } catch (CertificateException e14) {
                Debug.debugException(e14);
                this.certificateException = e14;
                this.caCertsFile = null;
                this.keystore = null;
                this.trustedCertsBySignature = Collections.emptyMap();
                this.trustedCertsByKeyID = Collections.emptyMap();
                return;
            }
        }
        this.certificateException = new CertificateException(b.ERR_JVM_DEFAULT_TRUST_MANAGER_INVALID_JAVA_HOME.b(str, systemProperty));
        this.caCertsFile = null;
        this.keystore = null;
        this.trustedCertsBySignature = Collections.emptyMap();
        this.trustedCertsByKeyID = Collections.emptyMap();
    }

    public static String chainToString(java.security.cert.X509Certificate[] x509CertificateArr) {
        StringBuilder sb2 = new StringBuilder();
        int length = x509CertificateArr.length;
        if (length != 0) {
            if (length == 1) {
                sb2.append(WWWAuthenticateHeader.SINGLE_QUOTE);
                sb2.append(x509CertificateArr[0].getSubjectDN());
                sb2.append(WWWAuthenticateHeader.SINGLE_QUOTE);
            } else {
                if (length == 2) {
                    sb2.append(WWWAuthenticateHeader.SINGLE_QUOTE);
                    sb2.append(x509CertificateArr[0].getSubjectDN());
                    sb2.append("' and '");
                    sb2.append(x509CertificateArr[1].getSubjectDN());
                    sb2.append(WWWAuthenticateHeader.SINGLE_QUOTE);
                    return sb2.toString();
                }
                for (int i11 = 0; i11 < x509CertificateArr.length; i11++) {
                    if (i11 > 0) {
                        sb2.append(", ");
                    }
                    if (i11 == x509CertificateArr.length - 1) {
                        sb2.append("and ");
                    }
                    sb2.append(WWWAuthenticateHeader.SINGLE_QUOTE);
                    sb2.append(x509CertificateArr[i11].getSubjectDN());
                    sb2.append(WWWAuthenticateHeader.SINGLE_QUOTE);
                }
            }
        }
        return sb2.toString();
    }

    private boolean checkIncompleteChain(java.security.cert.X509Certificate[] x509CertificateArr) {
        X509Certificate x509Certificate;
        try {
            x509Certificate = new X509Certificate(x509CertificateArr[x509CertificateArr.length - 1].getEncoded());
        } catch (Exception e11) {
            Debug.debugException(e11);
        }
        if (x509Certificate.isSelfSigned()) {
            return false;
        }
        for (X509CertificateExtension x509CertificateExtension : x509Certificate.getExtensions()) {
            if (x509CertificateExtension instanceof AuthorityKeyIdentifierExtension) {
                X509Certificate x509Certificate2 = this.trustedCertsByKeyID.get(new ASN1OctetString(((AuthorityKeyIdentifierExtension) x509CertificateExtension).getKeyIdentifier().getValue()));
                if (x509Certificate2 != null && x509Certificate2.isWithinValidityWindow()) {
                    x509Certificate.verifySignature(x509Certificate2);
                    return true;
                }
            }
        }
        return false;
    }

    public static JVMDefaultTrustManager getInstance() {
        AtomicReference<JVMDefaultTrustManager> atomicReference = INSTANCE;
        JVMDefaultTrustManager jVMDefaultTrustManager = atomicReference.get();
        if (jVMDefaultTrustManager != null) {
            return jVMDefaultTrustManager;
        }
        JVMDefaultTrustManager jVMDefaultTrustManager2 = new JVMDefaultTrustManager(PROPERTY_JAVA_HOME);
        return atomicReference.compareAndSet(null, jVMDefaultTrustManager2) ? jVMDefaultTrustManager2 : atomicReference.get();
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    private static ObjectPair<KeyStore, File> getJVMDefaultKeyStore(File file) throws CertificateException {
        File constructPath = StaticUtils.constructPath(file, "lib", "security", "cacerts");
        File constructPath2 = StaticUtils.constructPath(file, "jre", "lib", "security", "cacerts");
        String[] strArr = FILE_EXTENSIONS;
        ArrayList arrayList = new ArrayList((strArr.length * 2) + 2);
        arrayList.add(constructPath);
        arrayList.add(constructPath2);
        for (String str : strArr) {
            arrayList.add(new File(constructPath.getAbsolutePath() + str));
            arrayList.add(new File(constructPath2.getAbsolutePath() + str));
        }
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            File file2 = (File) it2.next();
            KeyStore loadKeyStore = loadKeyStore(file2);
            if (loadKeyStore != null) {
                return new ObjectPair<>(loadKeyStore, file2);
            }
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap(StaticUtils.computeMapCapacity(1));
        ObjectPair<KeyStore, File> searchForKeyStore = searchForKeyStore(file, linkedHashMap);
        if (searchForKeyStore != null) {
            return searchForKeyStore;
        }
        if (linkedHashMap.isEmpty()) {
            throw new CertificateException(b.ERR_JVM_DEFAULT_TRUST_MANAGER_CACERTS_NOT_FOUND_NO_EXCEPTION.a());
        }
        StringBuilder sb2 = new StringBuilder();
        sb2.append(b.ERR_JVM_DEFAULT_TRUST_MANAGER_CACERTS_NOT_FOUND_WITH_EXCEPTION.a());
        for (Map.Entry entry : linkedHashMap.entrySet()) {
            if (sb2.charAt(sb2.length() - 1) != '.') {
                sb2.append('.');
            }
            sb2.append("  ");
            sb2.append(b.ERR_JVM_DEFAULT_TRUST_MANAGER_LOAD_ERROR.b(((File) entry.getKey()).getAbsolutePath(), StaticUtils.getExceptionMessage((Throwable) entry.getValue())));
        }
        throw new CertificateException(sb2.toString());
    }

    /* JADX WARN: Finally extract failed */
    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    private static KeyStore loadKeyStore(File file) throws CertificateException {
        if (file.exists() && file.isFile()) {
            String[] strArr = {"JKS", "PKCS12"};
            CertificateException certificateException = null;
            CertificateException certificateException2 = null;
            for (int i11 = 0; i11 < 2; i11++) {
                String str = strArr[i11];
                try {
                    KeyStore keyStore = KeyStore.getInstance(str);
                    try {
                        FileInputStream fileInputStream = new FileInputStream(file);
                        try {
                            keyStore.load(fileInputStream, null);
                            fileInputStream.close();
                            return keyStore;
                        } catch (Throwable th2) {
                            try {
                                throw th2;
                                break;
                            } finally {
                            }
                        }
                    } catch (Exception e11) {
                        Debug.debugException(e11);
                        if (certificateException == null) {
                            certificateException = new CertificateException(b.ERR_JVM_DEFAULT_TRUST_MANAGER_CANNOT_ERROR_LOADING_KEYSTORE.b(file.getAbsolutePath(), StaticUtils.getExceptionMessage(e11)), e11);
                        }
                    }
                } catch (Exception e12) {
                    Debug.debugException(e12);
                    if (certificateException2 == null) {
                        certificateException2 = new CertificateException(b.ERR_JVM_DEFAULT_TRUST_MANAGER_CANNOT_INSTANTIATE_KEYSTORE.b(str, StaticUtils.getExceptionMessage(e12)), e12);
                    }
                }
            }
            if (certificateException != null) {
                throw certificateException;
            }
            throw certificateException2;
        }
        return null;
    }

    private static ObjectPair<KeyStore, File> searchForKeyStore(File file, Map<File, CertificateException> map) {
        for (File file2 : file.listFiles()) {
            if (file2.isDirectory()) {
                ObjectPair<KeyStore, File> searchForKeyStore = searchForKeyStore(file2, map);
                if (searchForKeyStore != null) {
                    return searchForKeyStore;
                }
            } else {
                String lowerCase = StaticUtils.toLowerCase(file2.getName());
                if (lowerCase.equals("cacerts")) {
                    try {
                        return new ObjectPair<>(loadKeyStore(file2), file2);
                    } catch (CertificateException e11) {
                        Debug.debugException(e11);
                        map.put(file2, e11);
                    }
                } else {
                    for (String str : FILE_EXTENSIONS) {
                        if (lowerCase.equals("cacerts" + str)) {
                            try {
                                return new ObjectPair<>(loadKeyStore(file2), file2);
                            } catch (CertificateException e12) {
                                Debug.debugException(e12);
                                map.put(file2, e12);
                            }
                        }
                    }
                }
            }
        }
        return null;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(java.security.cert.X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkTrusted(x509CertificateArr);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(java.security.cert.X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkTrusted(x509CertificateArr);
    }

    /* JADX WARN: Unreachable blocks removed: 5, instructions: 5 */
    public void checkTrusted(java.security.cert.X509Certificate[] x509CertificateArr) throws CertificateException {
        CertificateException certificateException = this.certificateException;
        if (certificateException != null) {
            throw certificateException;
        }
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw new CertificateException(b.ERR_JVM_DEFAULT_TRUST_MANAGER_NO_CERTS_IN_CHAIN.a());
        }
        Date date = new Date();
        int length = x509CertificateArr.length;
        int i11 = 0;
        boolean z11 = false;
        while (true) {
            boolean z12 = true;
            if (i11 >= length) {
                if (!z11) {
                    z11 = checkIncompleteChain(x509CertificateArr);
                }
                if (!z11) {
                    throw new CertificateException(b.ERR_JVM_DEFAULT_TRUST_MANGER_NO_TRUSTED_ISSUER_FOUND.b(chainToString(x509CertificateArr)));
                }
                return;
            }
            java.security.cert.X509Certificate x509Certificate = x509CertificateArr[i11];
            Date notBefore = x509Certificate.getNotBefore();
            if (date.before(notBefore)) {
                throw new CertificateNotYetValidException(b.ERR_JVM_DEFAULT_TRUST_MANAGER_CERT_NOT_YET_VALID.b(chainToString(x509CertificateArr), String.valueOf(x509Certificate.getSubjectDN()), String.valueOf(notBefore)));
            }
            Date notAfter = x509Certificate.getNotAfter();
            if (date.after(notAfter)) {
                throw new CertificateExpiredException(b.ERR_JVM_DEFAULT_TRUST_MANAGER_CERT_EXPIRED.b(chainToString(x509CertificateArr), String.valueOf(x509Certificate.getSubjectDN()), String.valueOf(notAfter)));
            }
            if (this.trustedCertsBySignature.get(new ASN1OctetString(x509Certificate.getSignature())) == null) {
                z12 = false;
            }
            z11 |= z12;
            i11++;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
        if (this.certificateException != null) {
            return NO_CERTIFICATES;
        }
        return (java.security.cert.X509Certificate[]) this.trustedCertsBySignature.values().toArray(new java.security.cert.X509Certificate[this.trustedCertsBySignature.size()]);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public File getCACertsFile() throws CertificateException {
        CertificateException certificateException = this.certificateException;
        if (certificateException == null) {
            return this.caCertsFile;
        }
        throw certificateException;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public KeyStore getKeyStore() throws CertificateException {
        CertificateException certificateException = this.certificateException;
        if (certificateException == null) {
            return this.keystore;
        }
        throw certificateException;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public Collection<java.security.cert.X509Certificate> getTrustedIssuerCertificates() throws CertificateException {
        CertificateException certificateException = this.certificateException;
        if (certificateException == null) {
            return this.trustedCertsBySignature.values();
        }
        throw certificateException;
    }
}
