package ghidra.net;

import ghidra.framework.preferences.Preferences;
import ghidra.util.Msg;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:ghidra/net/ApplicationTrustManagerFactory.class */
public class ApplicationTrustManagerFactory {
    public static final String GHIDRA_CACERTS_PATH_PROPERTY = "ghidra.cacerts";
    private static X509TrustManager trustManager;
    private static TrustManager[] wrappedTrustManagers;
    private static boolean hasCAs;
    private static Exception caError;
    private static final X509Certificate[] NO_CERTS = new X509Certificate[0];

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:ghidra/net/ApplicationTrustManagerFactory$OpenTrustManager.class */
    public static class OpenTrustManager implements X509TrustManager {
        private OpenTrustManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:ghidra/net/ApplicationTrustManagerFactory$WrappedTrustManager.class */
    public static class WrappedTrustManager implements X509TrustManager {
        private WrappedTrustManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (ApplicationTrustManagerFactory.trustManager == null) {
                throw new CertificateException("Trust manager not properly initialized");
            }
            ApplicationTrustManagerFactory.trustManager.checkClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (ApplicationTrustManagerFactory.trustManager == null) {
                throw new CertificateException("Trust manager not properly initialized");
            }
            ApplicationTrustManagerFactory.trustManager.checkServerTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return ApplicationTrustManagerFactory.trustManager == null ? ApplicationTrustManagerFactory.NO_CERTS : ApplicationTrustManagerFactory.trustManager.getAcceptedIssuers();
        }
    }

    private ApplicationTrustManagerFactory() {
    }

    private static void init() {
        if (wrappedTrustManagers == null) {
            wrappedTrustManagers = new WrappedTrustManager[]{new WrappedTrustManager()};
        }
        String property = System.getProperty(GHIDRA_CACERTS_PATH_PROPERTY);
        if (property == null || property.length() == 0) {
            property = Preferences.getProperty(GHIDRA_CACERTS_PATH_PROPERTY);
            if (property == null || property.length() == 0) {
                Msg.info(ApplicationTrustManagerFactory.class, "Trust manager disabled, cacerts have not been set");
                trustManager = new OpenTrustManager();
                return;
            }
        }
        try {
            Msg.info(ApplicationTrustManagerFactory.class, "Trust manager initializing with cacerts: " + property);
            KeyStore certificateStoreInstance = ApplicationKeyStore.getCertificateStoreInstance(property);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(certificateStoreInstance);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            int length = trustManagers.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                TrustManager trustManager2 = trustManagers[i];
                if (trustManager2 instanceof X509TrustManager) {
                    X509TrustManager x509TrustManager = (X509TrustManager) trustManager2;
                    ApplicationKeyStore.logCerts(x509TrustManager.getAcceptedIssuers());
                    trustManager = x509TrustManager;
                    break;
                }
                i++;
            }
            hasCAs = true;
        } catch (IOException | GeneralSecurityException e) {
            caError = e;
            String message = e.getMessage();
            if (message == null) {
                message = e.toString();
            }
            Msg.error(ApplicationTrustManagerFactory.class, "Failed to process cacerts (" + property + "): " + message, e);
        }
    }

    public static boolean hasCertificateAuthorities() {
        return hasCAs;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean hasCertError() {
        return caError != null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Exception getCertError() {
        return caError;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static synchronized TrustManager[] getTrustManagers() {
        if (trustManager == null) {
            init();
        }
        return (TrustManager[]) wrappedTrustManagers.clone();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static synchronized void invalidateTrustManagers() {
        trustManager = null;
        caError = null;
    }
}
