package eu.europeana.metis.utils;

import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/metis-common-utils-8.jar:eu/europeana/metis/utils/CustomTruststoreAppender.class */
public final class CustomTruststoreAppender {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) CustomTruststoreAppender.class);

    /* loaded from: input_file:BOOT-INF/lib/metis-common-utils-8.jar:eu/europeana/metis/utils/CustomTruststoreAppender$CustomX509TrustManager.class */
    private static class CustomX509TrustManager implements X509TrustManager {
        private final X509TrustManager x509TrustManager;
        private final X509TrustManager x509TrustManagerToBeMerged;

        CustomX509TrustManager(X509TrustManager x509TrustManager, X509TrustManager x509TrustManager2) {
            this.x509TrustManager = x509TrustManager;
            this.x509TrustManagerToBeMerged = x509TrustManager2;
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.x509TrustManager.getAcceptedIssuers();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            try {
                this.x509TrustManagerToBeMerged.checkServerTrusted(x509CertificateArr, str);
            } catch (CertificateException e) {
                CustomTruststoreAppender.LOGGER.debug("No custom trusted certificate found", (Throwable) e);
                CustomTruststoreAppender.LOGGER.warn("Custom x509TrustManager did not have trusted certificates for the accessible resource, will try default x509TrustManager now");
                this.x509TrustManager.checkServerTrusted(x509CertificateArr, str);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.x509TrustManager.checkClientTrusted(x509CertificateArr, str);
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/metis-common-utils-8.jar:eu/europeana/metis/utils/CustomTruststoreAppender$TrustStoreConfigurationException.class */
    public static class TrustStoreConfigurationException extends Exception {
        private static final long serialVersionUID = -6498227689619898437L;

        TrustStoreConfigurationException(Exception exc) {
            super(exc);
        }
    }

    private CustomTruststoreAppender() {
    }

    public static void appendCustomTrustoreToDefault(String str, String str2) throws TrustStoreConfigurationException {
        try {
            CustomX509TrustManager customX509TrustManager = new CustomX509TrustManager(getDefaultX509TrustManager(), getCustomX509TrustManager(str, str2));
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{customX509TrustManager}, null);
            SSLContext.setDefault(sSLContext);
        } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new TrustStoreConfigurationException(e);
        }
    }

    private static X509TrustManager getDefaultX509TrustManager() throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        X509TrustManager x509TrustManager = null;
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        int length = trustManagers.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            TrustManager trustManager = trustManagers[i];
            if (trustManager instanceof X509TrustManager) {
                x509TrustManager = (X509TrustManager) trustManager;
                break;
            }
            i++;
        }
        return x509TrustManager;
    }

    private static X509TrustManager getCustomX509TrustManager(String str, String str2) throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException {
        InputStream newInputStream = Files.newInputStream(Paths.get(str, new String[0]), new OpenOption[0]);
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(newInputStream, str2.toCharArray());
            if (newInputStream != null) {
                newInputStream.close();
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            X509TrustManager x509TrustManager = null;
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            int length = trustManagers.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                TrustManager trustManager = trustManagers[i];
                if (trustManager instanceof X509TrustManager) {
                    x509TrustManager = (X509TrustManager) trustManager;
                    break;
                }
                i++;
            }
            return x509TrustManager;
        } catch (Throwable th) {
            if (newInputStream != null) {
                try {
                    newInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
