package co.codewizards.cloudstore.rest.client.ssl;

import co.codewizards.cloudstore.core.util.HashUtil;
import co.codewizards.cloudstore.core.util.Util;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:co/codewizards/cloudstore/rest/client/ssl/DynamicX509TrustManager.class */
class DynamicX509TrustManager implements X509TrustManager {
    private static final char[] TRUST_STORE_PASSWORD_CHAR_ARRAY = "CloudStore".toCharArray();
    private final File trustStoreFile;
    private final DynamicX509TrustManagerCallback callback;
    private X509TrustManager trustManager;
    private List<Certificate> tempCertList = new ArrayList();

    public DynamicX509TrustManager(File file, DynamicX509TrustManagerCallback dynamicX509TrustManagerCallback) {
        this.trustStoreFile = (File) Util.assertNotNull("trustStoreFile", file);
        this.callback = (DynamicX509TrustManagerCallback) Util.assertNotNull("callback", dynamicX509TrustManagerCallback);
        reloadTrustManager();
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.trustManager.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        Util.assertNotNull("chain", x509CertificateArr);
        if (x509CertificateArr.length < 1) {
            throw new IllegalArgumentException("chain is empty!");
        }
        try {
            this.trustManager.checkServerTrusted(x509CertificateArr, str);
        } catch (Exception e) {
            CheckServerTrustedCertificateExceptionResult handleCheckServerTrustedCertificateException = this.callback.handleCheckServerTrustedCertificateException(new CheckServerTrustedCertificateExceptionContext(x509CertificateArr, e));
            if (handleCheckServerTrustedCertificateException == null) {
                throw new IllegalStateException("Implementation error: callback.handleCheckServerTrustedCertificateException(...) returned null! callback.class=" + this.callback.getClass().getName());
            }
            if (handleCheckServerTrustedCertificateException.isTrusted()) {
                addServerCertAndReload(x509CertificateArr[0], handleCheckServerTrustedCertificateException.isPermanent());
                this.trustManager.checkServerTrusted(x509CertificateArr, str);
            } else {
                if (e instanceof RuntimeException) {
                    throw ((RuntimeException) e);
                }
                if (!(e instanceof CertificateException)) {
                    throw new RuntimeException(e);
                }
                throw ((CertificateException) e);
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.trustManager.getAcceptedIssuers();
    }

    private void reloadTrustManager() {
        try {
            KeyStore readTrustStore = readTrustStore();
            for (Certificate certificate : this.tempCertList) {
                readTrustStore.setCertificateEntry(sha1(certificate), certificate);
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(readTrustStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            for (int i = 0; i < trustManagers.length; i++) {
                if (trustManagers[i] instanceof X509TrustManager) {
                    this.trustManager = (X509TrustManager) trustManagers[i];
                    return;
                }
            }
            throw new NoSuchAlgorithmException("No X509TrustManager in TrustManagerFactory");
        } catch (RuntimeException e) {
            throw e;
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }

    private String sha1(Certificate certificate) {
        try {
            return HashUtil.encodeHexStr(HashUtil.hash("SHA", new ByteArrayInputStream(((Certificate) Util.assertNotNull("cert", certificate)).getEncoded())));
        } catch (RuntimeException e) {
            throw e;
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }

    private KeyStore readTrustStore() {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            FileInputStream fileInputStream = this.trustStoreFile.exists() ? new FileInputStream(this.trustStoreFile) : null;
            try {
                keyStore.load(fileInputStream, null);
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                return keyStore;
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                throw th;
            }
        } catch (RuntimeException e) {
            throw e;
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }

    private void writeTrustStore(KeyStore keyStore) {
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(this.trustStoreFile);
            try {
                keyStore.store(fileOutputStream, TRUST_STORE_PASSWORD_CHAR_ARRAY);
                fileOutputStream.close();
            } catch (Throwable th) {
                fileOutputStream.close();
                throw th;
            }
        } catch (RuntimeException e) {
            throw e;
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }

    private void addServerCertAndReload(Certificate certificate, boolean z) {
        try {
            if (z) {
                KeyStore readTrustStore = readTrustStore();
                readTrustStore.setCertificateEntry(sha1(certificate), certificate);
                writeTrustStore(readTrustStore);
            } else {
                this.tempCertList.add(certificate);
            }
            reloadTrustManager();
        } catch (RuntimeException e) {
            throw e;
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }
}
