package org.webpieces.microsvc.client.impl;

import java.io.InputStream;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.webpieces.util.SneakyThrow;

/* loaded from: input_file:org/webpieces/microsvc/client/impl/TrustManagerComposite.class */
public class TrustManagerComposite implements X509TrustManager {
    private static boolean wasRun = false;
    private final List<X509TrustManager> compositeTrustmanager = new ArrayList();

    public TrustManagerComposite(String str) {
        try {
            InputStream resourceAsStream = TrustManagerComposite.class.getResourceAsStream("/prodKeyStore.jks");
            try {
                this.compositeTrustmanager.add(getCustomTrustmanager(resourceAsStream));
                this.compositeTrustmanager.add(getDefaultTrustmanager());
                if (resourceAsStream != null) {
                    resourceAsStream.close();
                }
            } finally {
            }
        } catch (Exception e) {
            throw SneakyThrow.sneak(e);
        }
    }

    public static synchronized void setupTruststoreForJdk() {
        if (wasRun) {
            return;
        }
        try {
            TrustManager[] trustManagerArr = {new TrustManagerComposite(null)};
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
        } catch (Exception e) {
            throw SneakyThrow.sneak(e);
        }
    }

    private X509TrustManager getCustomTrustmanager(InputStream inputStream) throws Exception {
        return createTrustManager(inputStream);
    }

    private X509TrustManager getDefaultTrustmanager() throws Exception {
        return createTrustManager(null);
    }

    private X509TrustManager createTrustManager(InputStream inputStream) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(inputStream, null);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        return null;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        Iterator<X509TrustManager> it = this.compositeTrustmanager.iterator();
        while (it.hasNext()) {
            if (isClientTrusted(x509CertificateArr, str, it.next())) {
                return;
            }
        }
        throw new CertificateException("None of the TrustManagers trust this certificate chain");
    }

    private boolean isClientTrusted(X509Certificate[] x509CertificateArr, String str, X509TrustManager x509TrustManager) {
        try {
            x509TrustManager.checkClientTrusted(x509CertificateArr, str);
            return true;
        } catch (CertificateException e) {
            return false;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        Iterator<X509TrustManager> it = this.compositeTrustmanager.iterator();
        while (it.hasNext()) {
            if (isServerTrusted(x509CertificateArr, str, it.next())) {
                return;
            }
        }
        throw new CertificateException("None of the TrustManagers trust this certificate chain");
    }

    private boolean isServerTrusted(X509Certificate[] x509CertificateArr, String str, X509TrustManager x509TrustManager) {
        try {
            x509TrustManager.checkServerTrusted(x509CertificateArr, str);
            return true;
        } catch (CertificateException e) {
            return false;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        ArrayList arrayList = new ArrayList();
        Iterator<X509TrustManager> it = this.compositeTrustmanager.iterator();
        while (it.hasNext()) {
            for (X509Certificate x509Certificate : it.next().getAcceptedIssuers()) {
                arrayList.add(x509Certificate);
            }
        }
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[0]);
    }
}
