package tech.ydb.core.ssl;

import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:tech/ydb/core/ssl/YandexTrustManagersProvider.class */
final class YandexTrustManagersProvider {
    private static final String JSK_YANDEX_CA_STORE = "certificates/YandexAllCAs.pkcs";
    private static final String STORE_PASSWORD = "yandex";
    private final TrustManager[] trustManagers;

    /* loaded from: input_file:tech/ydb/core/ssl/YandexTrustManagersProvider$LazyHolder.class */
    private static final class LazyHolder {
        private static final YandexTrustManagersProvider INSTANCE = new YandexTrustManagersProvider();

        private LazyHolder() {
        }
    }

    private YandexTrustManagersProvider() {
        try {
            List<TrustManager> customTrustManagers = getCustomTrustManagers();
            List<TrustManager> defaultTrustManagers = getDefaultTrustManagers();
            Stream concat = Stream.concat(customTrustManagers.stream(), defaultTrustManagers.stream());
            Class<X509TrustManager> cls = X509TrustManager.class;
            X509TrustManager.class.getClass();
            Stream filter = concat.filter((v1) -> {
                return r1.isInstance(v1);
            });
            Class<X509TrustManager> cls2 = X509TrustManager.class;
            X509TrustManager.class.getClass();
            List list = (List) filter.map((v1) -> {
                return r1.cast(v1);
            }).collect(Collectors.toList());
            List list2 = (List) Stream.concat(customTrustManagers.stream(), defaultTrustManagers.stream()).filter(trustManager -> {
                return !(trustManager instanceof X509TrustManager);
            }).collect(Collectors.toCollection(ArrayList::new));
            list2.add(new MultiX509TrustManager(list));
            this.trustManagers = (TrustManager[]) list2.toArray(new TrustManager[0]);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new RuntimeException("Can't init yandex root CA setting", e);
        }
    }

    private List<TrustManager> getDefaultTrustManagers() throws NoSuchAlgorithmException, KeyStoreException {
        return getTrustManagersFromKeyStore(null);
    }

    private List<TrustManager> getCustomTrustManagers() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(YandexTrustManagersProvider.class.getClassLoader().getResourceAsStream(JSK_YANDEX_CA_STORE), STORE_PASSWORD.toCharArray());
        return getTrustManagersFromKeyStore(keyStore);
    }

    private List<TrustManager> getTrustManagersFromKeyStore(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        return Arrays.asList(trustManagerFactory.getTrustManagers());
    }

    public static YandexTrustManagersProvider getInstance() {
        return LazyHolder.INSTANCE;
    }

    public TrustManager[] getTrustManagers() {
        return (TrustManager[]) this.trustManagers.clone();
    }
}
