package org.phoebus.olog.es.api;

import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:org/phoebus/olog/es/api/OlogTrustManager.class */
public class OlogTrustManager {
    private static final Logger LOGGER = Logger.getLogger(OlogTrustManager.class.getName());
    private static final String CACERTS_PASSWORD = "changeit";

    /* loaded from: input_file:org/phoebus/olog/es/api/OlogTrustManager$SavingTrustManager.class */
    private static class SavingTrustManager implements X509TrustManager {
        private final X509TrustManager trustManager;
        private X509Certificate[] certificateChain;

        SavingTrustManager(X509TrustManager x509TrustManager) {
            this.trustManager = x509TrustManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.trustManager.getAcceptedIssuers();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.trustManager.checkClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.certificateChain = x509CertificateArr;
            this.trustManager.checkServerTrusted(x509CertificateArr, str);
        }
    }

    public static void setupSSLTrust(String str, int i) {
        File file = new File(System.getProperty("java.home") + File.separatorChar + "lib" + File.separatorChar + "security");
        LOGGER.log(Level.INFO, String.format("Loading default JVM certificates from %s", file.getAbsolutePath()));
        File file2 = new File(file, "jssecacerts");
        if (!file2.isFile()) {
            file2 = new File(file, "cacerts");
        }
        if (!file2.isFile()) {
            LOGGER.log(Level.INFO, "No certificate store found, skipping certificate installation.");
            return;
        }
        try {
            FileInputStream fileInputStream = new FileInputStream(file2);
            try {
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(fileInputStream, CACERTS_PASSWORD.toCharArray());
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                SavingTrustManager savingTrustManager = new SavingTrustManager((X509TrustManager) trustManagerFactory.getTrustManagers()[0]);
                sSLContext.init(null, new TrustManager[]{savingTrustManager}, null);
                try {
                    SSLSocket sSLSocket = (SSLSocket) sSLContext.getSocketFactory().createSocket(str, i == -1 ? 443 : i);
                    try {
                        sSLSocket.setSoTimeout(5000);
                        LOGGER.log(Level.INFO, String.format("Attempting SSL handshake against %s", str));
                        sSLSocket.startHandshake();
                        LOGGER.log(Level.INFO, "SSL Handshake succeeded, server certificate already trusted.");
                        if (sSLSocket != null) {
                            sSLSocket.close();
                        }
                        fileInputStream.close();
                    } catch (Throwable th) {
                        if (sSLSocket != null) {
                            try {
                                sSLSocket.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                } catch (SSLException e) {
                    LOGGER.log(Level.INFO, "SSL Handshake failed, certificate is not trusted, will be imported.");
                    X509Certificate[] x509CertificateArr = savingTrustManager.certificateChain;
                    if (x509CertificateArr == null) {
                        LOGGER.log(Level.SEVERE, "Could not obtain server certificate chain.");
                        fileInputStream.close();
                        return;
                    }
                    LOGGER.log(Level.INFO, String.format("Server sent %d certificate(s)", Integer.valueOf(x509CertificateArr.length)));
                    for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
                        X509Certificate x509Certificate = x509CertificateArr[i2];
                        LOGGER.log(Level.INFO, String.format("%d Subject %s", Integer.valueOf(i2 + 1), x509Certificate.getSubjectDN()));
                        LOGGER.log(Level.INFO, String.format("%d Issuer %s", Integer.valueOf(i2 + 1), x509Certificate.getIssuerDN()));
                        keyStore.setCertificateEntry(str + i2, x509Certificate);
                    }
                    trustManagerFactory.init(keyStore);
                    sSLContext.init(null, new TrustManager[]{(X509TrustManager) trustManagerFactory.getTrustManagers()[0]}, null);
                    SSLContext.setDefault(sSLContext);
                    fileInputStream.close();
                }
            } finally {
            }
        } catch (Exception e2) {
            LOGGER.log(Level.SEVERE, "unexpected error occured during certificate import", (Throwable) e2);
        }
    }
}
