package gnu.javax.net.ssl.provider;

import gnu.java.security.action.GetPropertyAction;
import gnu.java.security.x509.X509CertPath;
import gnu.javax.net.ssl.NullManagerParameters;
import gnu.javax.net.ssl.StaticTrustAnchors;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.AccessController;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.Set;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactorySpi;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:gnu/javax/net/ssl/provider/X509TrustManagerFactory.class */
public class X509TrustManagerFactory extends TrustManagerFactorySpi {
    private static final String sep = (String) AccessController.doPrivileged(new GetPropertyAction("file.separator"));
    private static final String JSSE_CERTS = String.valueOf((String) AccessController.doPrivileged(new GetPropertyAction("java.home"))) + sep + "lib" + sep + "security" + sep + "jssecerts";
    private static final String CA_CERTS = String.valueOf((String) AccessController.doPrivileged(new GetPropertyAction("java.home"))) + sep + "lib" + sep + "security" + sep + "cacerts";
    private Manager current;

    /* loaded from: input_file:gnu/javax/net/ssl/provider/X509TrustManagerFactory$Manager.class */
    private class Manager implements X509TrustManager {
        private final Set<TrustAnchor> anchors = new HashSet();

        Manager(X509Certificate[] x509CertificateArr) {
            if (x509CertificateArr != null) {
                for (X509Certificate x509Certificate : x509CertificateArr) {
                    this.anchors.add(new TrustAnchor(x509Certificate, null));
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            checkTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            checkTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return (X509Certificate[]) this.anchors.toArray(new X509Certificate[this.anchors.size()]);
        }

        private void checkTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            try {
                CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
                X509CertPath x509CertPath = new X509CertPath(Arrays.asList(x509CertificateArr));
                try {
                    PKIXParameters pKIXParameters = new PKIXParameters(this.anchors);
                    pKIXParameters.setRevocationEnabled(false);
                    try {
                        certPathValidator.validate(x509CertPath, pKIXParameters);
                    } catch (InvalidAlgorithmParameterException e) {
                        throw new CertificateException(e);
                    } catch (CertPathValidatorException e2) {
                        throw new CertificateException(e2);
                    }
                } catch (InvalidAlgorithmParameterException e3) {
                    throw new CertificateException(e3);
                }
            } catch (NoSuchAlgorithmException e4) {
                throw new CertificateException(e4);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.net.ssl.TrustManagerFactorySpi
    public TrustManager[] engineGetTrustManagers() {
        if (this.current == null) {
            throw new IllegalStateException("not initialized");
        }
        return new TrustManager[]{this.current};
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.net.ssl.TrustManagerFactorySpi
    public void engineInit(ManagerFactoryParameters managerFactoryParameters) throws InvalidAlgorithmParameterException {
        if (managerFactoryParameters instanceof StaticTrustAnchors) {
            this.current = new Manager(((StaticTrustAnchors) managerFactoryParameters).getCertificates());
        } else {
            if (!(managerFactoryParameters instanceof NullManagerParameters)) {
                throw new InvalidAlgorithmParameterException();
            }
            this.current = new Manager(new X509Certificate[0]);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.net.ssl.TrustManagerFactorySpi
    public void engineInit(KeyStore keyStore) throws KeyStoreException {
        FileInputStream fileInputStream;
        if (keyStore == null) {
            GetPropertyAction getPropertyAction = new GetPropertyAction("javax.net.ssl.trustStoreType");
            String str = (String) AccessController.doPrivileged(getPropertyAction);
            if (str == null) {
                str = KeyStore.getDefaultType();
            }
            keyStore = KeyStore.getInstance(str);
            try {
                String str2 = (String) AccessController.doPrivileged(getPropertyAction.setParameters("javax.net.ssl.trustStore"));
                if (str2 == null) {
                    try {
                        fileInputStream = new FileInputStream(JSSE_CERTS);
                    } catch (IOException unused) {
                        fileInputStream = new FileInputStream(CA_CERTS);
                    }
                } else {
                    fileInputStream = new FileInputStream(str2);
                }
                String str3 = (String) AccessController.doPrivileged(getPropertyAction.setParameters("javax.net.ssl.trustStorePassword"));
                keyStore.load(fileInputStream, str3 != null ? str3.toCharArray() : null);
            } catch (IOException e) {
                throw new KeyStoreException(e);
            } catch (NoSuchAlgorithmException e2) {
                throw new KeyStoreException(e2);
            } catch (CertificateException e3) {
                throw new KeyStoreException(e3);
            }
        }
        LinkedList linkedList = new LinkedList();
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isCertificateEntry(nextElement)) {
                java.security.cert.Certificate certificate = keyStore.getCertificate(nextElement);
                if (certificate instanceof X509Certificate) {
                    linkedList.add((X509Certificate) certificate);
                }
            }
        }
        getClass();
        this.current = new Manager((X509Certificate[]) linkedList.toArray(new X509Certificate[linkedList.size()]));
    }
}
