package eu.software4you.ulib.core.impl;

import eu.software4you.ulib.core.ex.UndefinedStateError;
import eu.software4you.ulib.core.reflect.ReflectUtil;
import java.security.CodeSigner;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPath;
import java.security.cert.CertPathParameters;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.Supplier;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:META-INF/jars/core-3.0.0-SNAPSHOT.jar:eu/software4you/ulib/core/impl/UnsafeOperations.class */
public final class UnsafeOperations {
    private static final CertPathValidator VALIDATOR;
    private static final CertPathParameters VALIDATOR_PARAMS;

    public static boolean allowed() {
        return Internal.isUnsafeOperations();
    }

    public static boolean comply(boolean z, String str, String str2, String str3) {
        return comply(z, str, (Supplier<String>) () -> {
            return str2;
        }, (Supplier<String>) () -> {
            return str3;
        });
    }

    public static boolean comply(boolean z, String str, Supplier<String> supplier, Supplier<String> supplier2) {
        if (z) {
            if (!allowed()) {
                throw new UnsafeOperationException(String.format("(%s) Cannot comply: %s (allow unsafe operations to bypass this)", str, supplier.get()));
            }
            System.err.printf("(%s) %s (unsafe operations are allowed)%n", str, supplier2.get());
        }
        return z;
    }

    public static void unsafeAccess(@Nullable String str) {
        AtomicReference atomicReference = new AtomicReference();
        Class cls = (Class) ReflectUtil.walkStack(stream -> {
            return (Class) stream.map((v0) -> {
                return v0.getDeclaringClass();
            }).dropWhile(cls2 -> {
                return atomicReference.compareAndSet(null, cls2) || atomicReference.get() == cls2;
            }).findFirst().orElseThrow();
        });
        if (Internal.isUlibClass(cls)) {
            return;
        }
        CodeSigner[] codeSigners = cls.getProtectionDomain().getCodeSource().getCodeSigners();
        if (codeSigners == null || !Arrays.stream(codeSigners).filter((v0) -> {
            return Objects.nonNull(v0);
        }).map((v0) -> {
            return v0.getSignerCertPath();
        }).anyMatch(UnsafeOperations::certsValid)) {
            String str2 = str == null ? "Unsafe Access" : "Unsafe Access (" + str + ")";
            comply(true, cls.getName(), str2, str2);
        }
    }

    private static boolean certsValid(@NotNull CertPath certPath) {
        try {
            VALIDATOR.validate(certPath, VALIDATOR_PARAMS);
            return true;
        } catch (InvalidAlgorithmParameterException e) {
            throw new Error(e);
        } catch (CertPathValidatorException e2) {
            return false;
        }
    }

    static {
        try {
            VALIDATOR = CertPathValidator.getInstance("PKIX");
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(UnsafeOperations.class.getResourceAsStream("/META-INF/root-ca.cer"));
            x509Certificate.checkValidity();
            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) Collections.singleton(new TrustAnchor(x509Certificate, null)));
            pKIXParameters.setRevocationEnabled(false);
            VALIDATOR_PARAMS = pKIXParameters;
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e) {
            throw new UndefinedStateError(e);
        } catch (CertificateException e2) {
            throw new SecurityException("root ca cert invalid", e2);
        }
    }
}
