package org.modelio.vbasic.net;

import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.net.Socket;
import java.net.URI;
import java.nio.file.FileSystemException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import org.modelio.vbasic.files.FileUtils;

/* loaded from: input_file:org/modelio/vbasic/net/SslManager.class */
public class SslManager {
    private static final char[] password = "modelio".toCharArray();
    private static final SslManager instance = new SslManager();
    private SSLContext sslContext;
    private X509TrustManagerImplementation trustManager;
    private ISslUntrustedServerFixer untrustedServerFixer;

    /* loaded from: input_file:org/modelio/vbasic/net/SslManager$X509TrustManagerImplementation.class */
    private static final class X509TrustManagerImplementation extends X509ExtendedTrustManager {
        private final List<X509TrustManager> defTrustManagers;
        private final X509Certificate[] acceptedIssuers;
        private KeyStore persistentTrustStore;
        private Collection<X509Certificate> tempTrustStore;
        private Path trustStoreFile;

        X509TrustManagerImplementation() throws NoSuchAlgorithmException, KeyStoreException {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            this.defTrustManagers = new ArrayList();
            ArrayList arrayList = new ArrayList();
            trustManagerFactory.init((KeyStore) null);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
                    this.defTrustManagers.add(x509TrustManager);
                    for (X509Certificate x509Certificate : x509TrustManager.getAcceptedIssuers()) {
                        arrayList.add(x509Certificate);
                    }
                }
            }
            this.acceptedIssuers = (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
            this.tempTrustStore = new HashSet();
        }

        void init(Path path) throws IOException {
            try {
                this.persistentTrustStore = KeyStore.getInstance(KeyStore.getDefaultType());
                this.trustStoreFile = path;
                if (!Files.isRegularFile(path, new LinkOption[0])) {
                    this.persistentTrustStore.load(null, SslManager.password);
                    return;
                }
                Throwable th = null;
                try {
                    BufferedInputStream bufferedInputStream = new BufferedInputStream(Files.newInputStream(path, new OpenOption[0]));
                    try {
                        this.persistentTrustStore.load(bufferedInputStream, SslManager.password);
                        if (bufferedInputStream != null) {
                            bufferedInputStream.close();
                        }
                    } catch (Throwable th2) {
                        if (bufferedInputStream != null) {
                            bufferedInputStream.close();
                        }
                        throw th2;
                    }
                } catch (Throwable th3) {
                    if (0 == 0) {
                        th = th3;
                    } else if (null != th3) {
                        th.addSuppressed(th3);
                    }
                    throw th;
                }
            } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                throw new IOException(e.getLocalizedMessage(), e);
            }
        }

        public void addCertificate(X509Certificate x509Certificate, boolean z) throws KeyStoreException {
            if (!z) {
                this.tempTrustStore.add(x509Certificate);
            } else {
                if (this.persistentTrustStore == null) {
                    throw new IllegalStateException("Trusted certificate store not loaded.");
                }
                this.persistentTrustStore.setCertificateEntry(hashName(x509Certificate), x509Certificate);
                save();
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.acceptedIssuers;
        }

        public void save() throws KeyStoreException {
            if (this.trustStoreFile != null) {
                Throwable th = null;
                try {
                    try {
                        BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(Files.newOutputStream(this.trustStoreFile, new OpenOption[0]));
                        try {
                            this.persistentTrustStore.store(bufferedOutputStream, SslManager.password);
                            if (bufferedOutputStream != null) {
                                bufferedOutputStream.close();
                            }
                        } catch (Throwable th2) {
                            if (bufferedOutputStream != null) {
                                bufferedOutputStream.close();
                            }
                            throw th2;
                        }
                    } catch (Throwable th3) {
                        if (0 == 0) {
                            th = th3;
                        } else if (null != th3) {
                            th.addSuppressed(th3);
                        }
                        throw th;
                    }
                } catch (FileSystemException e) {
                    throw new KeyStoreException(FileUtils.getLocalizedMessage(e), e);
                } catch (IOException | NoSuchAlgorithmException | CertificateException e2) {
                    throw new KeyStoreException(e2.getLocalizedMessage(), e2);
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            Iterator<X509TrustManager> it = this.defTrustManagers.iterator();
            while (it.hasNext()) {
                it.next().checkClientTrusted(x509CertificateArr, str);
            }
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
            for (X509TrustManager x509TrustManager : this.defTrustManagers) {
                if (x509TrustManager instanceof X509ExtendedTrustManager) {
                    ((X509ExtendedTrustManager) x509TrustManager).checkClientTrusted(x509CertificateArr, str, socket);
                }
            }
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
            for (X509TrustManager x509TrustManager : this.defTrustManagers) {
                if (x509TrustManager instanceof X509ExtendedTrustManager) {
                    ((X509ExtendedTrustManager) x509TrustManager).checkClientTrusted(x509CertificateArr, str, sSLEngine);
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (isTrustedByUser(x509CertificateArr)) {
                return;
            }
            try {
                Iterator<X509TrustManager> it = this.defTrustManagers.iterator();
                while (it.hasNext()) {
                    it.next().checkServerTrusted(x509CertificateArr, str);
                }
            } catch (CertificateException e) {
                throw new InvalidCertificateException(x509CertificateArr, e);
            }
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
            if (isTrustedByUser(x509CertificateArr)) {
                return;
            }
            try {
                for (X509TrustManager x509TrustManager : this.defTrustManagers) {
                    if (x509TrustManager instanceof X509ExtendedTrustManager) {
                        ((X509ExtendedTrustManager) x509TrustManager).checkServerTrusted(x509CertificateArr, str, socket);
                    }
                }
            } catch (CertificateException e) {
                throw new InvalidCertificateException(x509CertificateArr, e);
            }
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
            if (isTrustedByUser(x509CertificateArr)) {
                return;
            }
            try {
                for (X509TrustManager x509TrustManager : this.defTrustManagers) {
                    if (x509TrustManager instanceof X509ExtendedTrustManager) {
                        ((X509ExtendedTrustManager) x509TrustManager).checkServerTrusted(x509CertificateArr, str, sSLEngine);
                    }
                }
            } catch (CertificateException e) {
                throw new InvalidCertificateException(x509CertificateArr, e);
            }
        }

        private boolean isTrustedByUser(X509Certificate[] x509CertificateArr) throws InvalidCertificateException {
            X509Certificate x509Certificate = x509CertificateArr[0];
            if (this.persistentTrustStore != null) {
                try {
                    if (this.persistentTrustStore.getCertificateAlias(x509Certificate) != null) {
                        return true;
                    }
                } catch (KeyStoreException e) {
                    throw new InvalidCertificateException(x509CertificateArr, e);
                }
            }
            return this.tempTrustStore.contains(x509Certificate);
        }

        private static String hashName(X509Certificate x509Certificate) {
            return String.valueOf(x509Certificate.getIssuerX500Principal().getName()) + x509Certificate.getSerialNumber().toString(36);
        }
    }

    public static SslManager getInstance() {
        return instance;
    }

    private SslManager() {
        try {
            this.sslContext = SSLContext.getInstance("TLS");
            this.trustManager = new X509TrustManagerImplementation();
            this.sslContext.init(null, new TrustManager[]{this.trustManager}, null);
            HttpsURLConnection.setDefaultSSLSocketFactory(this.sslContext.getSocketFactory());
        } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException e) {
            throw new Error(e.getLocalizedMessage(), e);
        }
    }

    public void addCertificate(X509Certificate x509Certificate, boolean z) throws KeyStoreException {
        this.trustManager.addCertificate(x509Certificate, z);
    }

    public void setTrustStoreFile(Path path) throws IOException {
        this.trustManager.init(path);
    }

    public SSLContext getSslContext() {
        return this.sslContext;
    }

    public boolean fixUntrustedServer(URI uri, X509Certificate[] x509CertificateArr, Throwable th) {
        if (this.untrustedServerFixer != null) {
            return this.untrustedServerFixer.fixUntrustedServer(uri, x509CertificateArr, th);
        }
        return false;
    }

    public boolean fixUntrustedServer(SSLException sSLException, URI uri) {
        InvalidCertificateException invalidCerts;
        if (this.untrustedServerFixer == null || (invalidCerts = getInvalidCerts(sSLException)) == null) {
            return false;
        }
        return this.untrustedServerFixer.fixUntrustedServer(uri, invalidCerts.getCertChain(), invalidCerts);
    }

    public ISslUntrustedServerFixer getUntrustedServerFixer() {
        return this.untrustedServerFixer;
    }

    public void setUntrustedServerFixer(ISslUntrustedServerFixer iSslUntrustedServerFixer) {
        this.untrustedServerFixer = iSslUntrustedServerFixer;
    }

    public X509TrustManager getTrustManager() {
        return this.trustManager;
    }

    private static InvalidCertificateException getInvalidCerts(Throwable th) {
        InvalidCertificateException invalidCerts;
        if (th instanceof InvalidCertificateException) {
            return (InvalidCertificateException) th;
        }
        if (th.getCause() != null && (invalidCerts = getInvalidCerts(th.getCause())) != null) {
            return invalidCerts;
        }
        for (Throwable th2 : th.getSuppressed()) {
            InvalidCertificateException invalidCerts2 = getInvalidCerts(th2);
            if (invalidCerts2 != null) {
                return invalidCerts2;
            }
        }
        return null;
    }
}
