package nl.altindag.ssl.trustmanager;

import java.net.Socket;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.function.BiPredicate;
import java.util.function.Predicate;
import javax.net.ssl.SSLEngine;
import nl.altindag.ssl.exception.GenericKeyStoreException;
import nl.altindag.ssl.model.TrustManagerParameters;
import nl.altindag.ssl.util.CertificateUtils;
import nl.altindag.ssl.util.KeyStoreUtils;
import nl.altindag.ssl.util.TrustManagerUtils;
import nl.altindag.ssl.util.internal.CollectionUtils;
import nl.altindag.ssl.util.internal.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:nl/altindag/ssl/trustmanager/InflatableX509ExtendedTrustManager.class */
public class InflatableX509ExtendedTrustManager extends HotSwappableX509ExtendedTrustManager {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) InflatableX509ExtendedTrustManager.class);
    private static final BiPredicate<KeyStore, X509Certificate> IGNORE_DUPLICATE_CHECKER = (keyStore, x509Certificate) -> {
        return false;
    };
    private final KeyStore trustStore;
    private final Path trustStorePath;
    private final char[] trustStorePassword;
    private final Predicate<TrustManagerParameters> trustManagerParametersPredicate;

    public InflatableX509ExtendedTrustManager() {
        this(null, null, null, null);
    }

    public InflatableX509ExtendedTrustManager(Path path, char[] cArr, String str, Predicate<TrustManagerParameters> predicate) {
        super(TrustManagerUtils.createDummyTrustManager());
        this.writeLock.lock();
        try {
            this.trustStorePath = path;
            this.trustStorePassword = cArr;
            this.trustManagerParametersPredicate = (Predicate) Optional.ofNullable(predicate).orElse(trustManagerParameters -> {
                return false;
            });
            if (path == null || !StringUtils.isNotBlank(str)) {
                this.trustStore = KeyStoreUtils.createKeyStore();
            } else if (Files.exists(path, new LinkOption[0])) {
                this.trustStore = KeyStoreUtils.loadKeyStore(path, cArr, str);
                if (KeyStoreUtils.containsTrustMaterial(this.trustStore)) {
                    setTrustManager(TrustManagerUtils.createTrustManager(this.trustStore));
                }
            } else {
                this.trustStore = KeyStoreUtils.createKeyStore(str, cArr);
            }
        } finally {
            this.writeLock.unlock();
        }
    }

    @Override // nl.altindag.ssl.trustmanager.HotSwappableX509ExtendedTrustManager, nl.altindag.ssl.trustmanager.DelegatingTrustManager, javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkTrusted(() -> {
            super.checkServerTrusted(x509CertificateArr, str);
        }, x509CertificateArr, str, null, null);
    }

    @Override // nl.altindag.ssl.trustmanager.HotSwappableX509ExtendedTrustManager, nl.altindag.ssl.trustmanager.DelegatingX509ExtendedTrustManager, nl.altindag.ssl.trustmanager.DelegatingTrustManager, javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        checkTrusted(() -> {
            super.checkServerTrusted(x509CertificateArr, str, socket);
        }, x509CertificateArr, str, socket, null);
    }

    @Override // nl.altindag.ssl.trustmanager.HotSwappableX509ExtendedTrustManager, nl.altindag.ssl.trustmanager.DelegatingX509ExtendedTrustManager, nl.altindag.ssl.trustmanager.DelegatingTrustManager, javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        checkTrusted(() -> {
            super.checkServerTrusted(x509CertificateArr, str, sSLEngine);
        }, x509CertificateArr, str, null, sSLEngine);
    }

    @Override // nl.altindag.ssl.trustmanager.HotSwappableX509ExtendedTrustManager, nl.altindag.ssl.trustmanager.DelegatingTrustManager, javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkTrusted(() -> {
            super.checkClientTrusted(x509CertificateArr, str);
        }, x509CertificateArr, str, null, null);
    }

    @Override // nl.altindag.ssl.trustmanager.HotSwappableX509ExtendedTrustManager, nl.altindag.ssl.trustmanager.DelegatingX509ExtendedTrustManager, nl.altindag.ssl.trustmanager.DelegatingTrustManager, javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        checkTrusted(() -> {
            super.checkClientTrusted(x509CertificateArr, str, socket);
        }, x509CertificateArr, str, socket, null);
    }

    @Override // nl.altindag.ssl.trustmanager.HotSwappableX509ExtendedTrustManager, nl.altindag.ssl.trustmanager.DelegatingX509ExtendedTrustManager, nl.altindag.ssl.trustmanager.DelegatingTrustManager, javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        checkTrusted(() -> {
            super.checkClientTrusted(x509CertificateArr, str, sSLEngine);
        }, x509CertificateArr, str, null, sSLEngine);
    }

    private void checkTrusted(TrustManagerRunnable trustManagerRunnable, X509Certificate[] x509CertificateArr, String str, Socket socket, SSLEngine sSLEngine) throws CertificateException {
        try {
            this.readLock.lock();
            try {
                trustManagerRunnable.run();
                this.readLock.unlock();
            } catch (Throwable th) {
                this.readLock.unlock();
                throw th;
            }
        } catch (CertificateException e) {
            this.writeLock.lock();
            try {
                try {
                    trustManagerRunnable.run();
                    this.writeLock.unlock();
                } catch (CertificateException e2) {
                    if (!this.trustManagerParametersPredicate.test(new TrustManagerParameters(x509CertificateArr, str, socket, sSLEngine))) {
                        throw e2;
                    }
                    addCertificates(Collections.singletonList(x509CertificateArr[0]), IGNORE_DUPLICATE_CHECKER);
                    this.writeLock.unlock();
                }
            } catch (Throwable th2) {
                this.writeLock.unlock();
                throw th2;
            }
        }
    }

    public void addCertificates(List<X509Certificate> list) {
        addCertificates(list, (v0, v1) -> {
            return KeyStoreUtils.containsCertificate(v0, v1);
        });
    }

    private void addCertificates(List<X509Certificate> list, BiPredicate<KeyStore, X509Certificate> biPredicate) {
        this.writeLock.lock();
        try {
            try {
                if (CollectionUtils.isEmpty(list)) {
                    this.writeLock.unlock();
                    return;
                }
                for (X509Certificate x509Certificate : list) {
                    if (!biPredicate.test(this.trustStore, x509Certificate)) {
                        String generateAlias = generateAlias(x509Certificate);
                        this.trustStore.setCertificateEntry(generateAlias, x509Certificate);
                        LOGGER.info("Added certificate for [{}]", generateAlias);
                    }
                }
                setTrustManager(TrustManagerUtils.createTrustManager(this.trustStore));
                getTrustStorePath().ifPresent(path -> {
                    KeyStoreUtils.write(path, this.trustStore, this.trustStorePassword);
                });
                this.writeLock.unlock();
            } catch (KeyStoreException | GenericKeyStoreException e) {
                LOGGER.error("Cannot add certificate", e);
                this.writeLock.unlock();
            }
        } catch (Throwable th) {
            this.writeLock.unlock();
            throw th;
        }
    }

    private String generateAlias(Certificate certificate) {
        return CertificateUtils.generateUniqueAlias(certificate, str -> {
            try {
                return this.trustStore.containsAlias(str);
            } catch (KeyStoreException e) {
                throw new GenericKeyStoreException(e);
            }
        });
    }

    private Optional<Path> getTrustStorePath() {
        return Optional.ofNullable(this.trustStorePath);
    }
}
