package org.bouncycastle.jsse.provider;

import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchProviderException;
import java.security.cert.CertPathParameters;
import java.security.cert.Certificate;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactorySpi;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.tls.TlsUtils;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/bctls-fips-1.0.13.jar:org/bouncycastle/jsse/provider/ProvTrustManagerFactorySpi.class */
public class ProvTrustManagerFactorySpi extends TrustManagerFactorySpi {
    private static final Logger LOG = Logger.getLogger(ProvTrustManagerFactorySpi.class.getName());
    private static final boolean provKeyStoreTypeCompat = PropertyUtils.getBooleanSecurityProperty("keystore.type.compat", false);
    protected final boolean isInFipsMode;
    protected final JcaJceHelper helper;
    protected ProvX509TrustManager x509TrustManager;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Finally extract failed */
    public static KeyStore getDefaultTrustStore() throws Exception {
        String defaultType = KeyStore.getDefaultType();
        boolean z = provKeyStoreTypeCompat && "pkcs12".equalsIgnoreCase(defaultType);
        String str = null;
        char[] cArr = null;
        String stringSystemProperty = PropertyUtils.getStringSystemProperty("javax.net.ssl.trustStore");
        if (!"NONE".equals(stringSystemProperty)) {
            if (null == stringSystemProperty) {
                String stringSystemProperty2 = PropertyUtils.getStringSystemProperty("java.home");
                if (null != stringSystemProperty2) {
                    String str2 = stringSystemProperty2 + "/lib/security/jssecacerts".replace("/", File.separator);
                    if (new File(str2).exists()) {
                        if (z) {
                            defaultType = "jks";
                        }
                        str = str2;
                    } else {
                        String str3 = stringSystemProperty2 + "/lib/security/cacerts".replace("/", File.separator);
                        if (new File(str3).exists()) {
                            if (z) {
                                defaultType = "jks";
                            }
                            str = str3;
                        }
                    }
                }
            } else if (new File(stringSystemProperty).exists()) {
                str = stringSystemProperty;
            }
        }
        KeyStore createTrustStore = createTrustStore(defaultType);
        String sensitiveStringSystemProperty = PropertyUtils.getSensitiveStringSystemProperty("javax.net.ssl.trustStorePassword");
        if (null != sensitiveStringSystemProperty) {
            cArr = sensitiveStringSystemProperty.toCharArray();
        }
        BufferedInputStream bufferedInputStream = null;
        try {
            if (null == str) {
                LOG.config("Initializing default trust store as empty");
            } else {
                LOG.config("Initializing default trust store from path: " + str);
                bufferedInputStream = new BufferedInputStream(new FileInputStream(str));
            }
            try {
                createTrustStore.load(bufferedInputStream, cArr);
            } catch (NullPointerException e) {
                createTrustStore = KeyStore.getInstance("BCFKS");
                createTrustStore.load(null, null);
            }
            if (null != bufferedInputStream) {
                bufferedInputStream.close();
            }
            return createTrustStore;
        } catch (Throwable th) {
            if (null != bufferedInputStream) {
                bufferedInputStream.close();
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ProvTrustManagerFactorySpi(boolean z, JcaJceHelper jcaJceHelper) {
        this.isInFipsMode = z;
        this.helper = jcaJceHelper;
    }

    @Override // javax.net.ssl.TrustManagerFactorySpi
    protected TrustManager[] engineGetTrustManagers() {
        if (null == this.x509TrustManager) {
            throw new IllegalStateException("TrustManagerFactory not initialized");
        }
        return new TrustManager[]{this.x509TrustManager.getExportX509TrustManager()};
    }

    @Override // javax.net.ssl.TrustManagerFactorySpi
    protected void engineInit(KeyStore keyStore) throws KeyStoreException {
        if (null == keyStore) {
            try {
                keyStore = getDefaultTrustStore();
            } catch (Error e) {
                LOG.log(Level.WARNING, "Skipped default trust store", (Throwable) e);
                throw e;
            } catch (SecurityException e2) {
                LOG.log(Level.WARNING, "Skipped default trust store", (Throwable) e2);
            } catch (RuntimeException e3) {
                LOG.log(Level.WARNING, "Skipped default trust store", (Throwable) e3);
                throw e3;
            } catch (Exception e4) {
                LOG.log(Level.WARNING, "Skipped default trust store", (Throwable) e4);
                throw new KeyStoreException("Failed to load default trust store", e4);
            }
        }
        try {
            this.x509TrustManager = new ProvX509TrustManager(this.isInFipsMode, this.helper, getTrustAnchors(keyStore));
        } catch (InvalidAlgorithmParameterException e5) {
            throw new KeyStoreException("Failed to create trust manager", e5);
        }
    }

    @Override // javax.net.ssl.TrustManagerFactorySpi
    protected void engineInit(ManagerFactoryParameters managerFactoryParameters) throws InvalidAlgorithmParameterException {
        if (!(managerFactoryParameters instanceof CertPathTrustManagerParameters)) {
            if (null != managerFactoryParameters) {
                throw new InvalidAlgorithmParameterException("unknown spec: " + managerFactoryParameters.getClass().getName());
            }
            throw new InvalidAlgorithmParameterException("spec cannot be null");
        }
        CertPathParameters parameters = ((CertPathTrustManagerParameters) managerFactoryParameters).getParameters();
        if (!(parameters instanceof PKIXParameters)) {
            throw new InvalidAlgorithmParameterException("parameters must inherit from PKIXParameters");
        }
        this.x509TrustManager = new ProvX509TrustManager(this.isInFipsMode, this.helper, (PKIXParameters) parameters);
    }

    private static void collectTrustAnchor(Set<TrustAnchor> set, Certificate certificate) {
        if (certificate instanceof X509Certificate) {
            set.add(new TrustAnchor((X509Certificate) certificate, null));
        }
    }

    private static KeyStore createTrustStore(String str) throws NoSuchProviderException, KeyStoreException {
        String trustStoreType = getTrustStoreType(str);
        String stringSystemProperty = PropertyUtils.getStringSystemProperty("javax.net.ssl.trustStoreProvider");
        return TlsUtils.isNullOrEmpty(stringSystemProperty) ? KeyStore.getInstance(trustStoreType) : KeyStore.getInstance(trustStoreType, stringSystemProperty);
    }

    private static Set<TrustAnchor> getTrustAnchors(KeyStore keyStore) throws KeyStoreException {
        Certificate[] certificateChain;
        if (null == keyStore) {
            return Collections.emptySet();
        }
        HashSet hashSet = new HashSet();
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isCertificateEntry(nextElement)) {
                collectTrustAnchor(hashSet, keyStore.getCertificate(nextElement));
            } else if (keyStore.isKeyEntry(nextElement) && null != (certificateChain = keyStore.getCertificateChain(nextElement)) && certificateChain.length > 0) {
                collectTrustAnchor(hashSet, certificateChain[0]);
            }
        }
        return hashSet;
    }

    private static String getTrustStoreType(String str) {
        String stringSystemProperty = PropertyUtils.getStringSystemProperty("javax.net.ssl.trustStoreType");
        return null == stringSystemProperty ? str : stringSystemProperty;
    }
}
