package cfca.sadk.tls.sun.security.ssl.manager;

import cfca.sadk.tls.sun.security.ssl.Debugger;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.AccessController;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.CertPathParameters;
import java.security.cert.PKIXBuilderParameters;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactorySpi;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:cfca/sadk/tls/sun/security/ssl/manager/CFCAX509TrustManagerFactory.class */
public abstract class CFCAX509TrustManagerFactory extends TrustManagerFactorySpi {
    private X509TrustManager trustManager = null;
    private boolean isInitialized = false;

    /* loaded from: input_file:cfca/sadk/tls/sun/security/ssl/manager/CFCAX509TrustManagerFactory$PKIXFactory.class */
    public static final class PKIXFactory extends CFCAX509TrustManagerFactory {
        @Override // cfca.sadk.tls.sun.security.ssl.manager.CFCAX509TrustManagerFactory
        X509TrustManager getInstance(KeyStore keyStore) throws KeyStoreException {
            return new CFCAX509TrustManager(keyStore);
        }

        @Override // cfca.sadk.tls.sun.security.ssl.manager.CFCAX509TrustManagerFactory
        X509TrustManager getInstance(ManagerFactoryParameters managerFactoryParameters) throws InvalidAlgorithmParameterException {
            if (managerFactoryParameters == null) {
                throw new InvalidAlgorithmParameterException("Parameters must be not null");
            }
            if (!(managerFactoryParameters instanceof CertPathTrustManagerParameters)) {
                throw new InvalidAlgorithmParameterException("Parameters must be CertPathTrustManagerParameters");
            }
            CertPathParameters parameters = ((CertPathTrustManagerParameters) managerFactoryParameters).getParameters();
            if (parameters == null) {
                throw new InvalidAlgorithmParameterException("Encapsulated parameters must be not null");
            }
            if (parameters instanceof PKIXBuilderParameters) {
                return new CFCAX509TrustManager((PKIXBuilderParameters) parameters);
            }
            throw new InvalidAlgorithmParameterException("Encapsulated parameters must be PKIXBuilderParameters");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:cfca/sadk/tls/sun/security/ssl/manager/CFCAX509TrustManagerFactory$TrustKeystoreFile.class */
    public static final class TrustKeystoreFile {
        String storeFileName;
        FileInputStream storeFileInputStream;

        TrustKeystoreFile(Map<String, String> map) throws Exception {
            this.storeFileName = null;
            this.storeFileInputStream = null;
            String str = File.separator;
            File file = null;
            this.storeFileName = map.get("trustStore");
            if ("NONE".equals(this.storeFileName)) {
                return;
            }
            if (this.storeFileName != null) {
                file = new File(this.storeFileName);
                this.storeFileInputStream = getFileInputStream(file);
            } else {
                String str2 = map.get("javaHome");
                if (str2 != null) {
                    file = new File(str2 + str + "lib" + str + "security" + str + "jssecacerts");
                    FileInputStream fileInputStream = getFileInputStream(file);
                    this.storeFileInputStream = fileInputStream;
                    if (fileInputStream == null) {
                        file = new File(str2 + str + "lib" + str + "security" + str + "cacerts");
                        this.storeFileInputStream = getFileInputStream(file);
                    }
                }
            }
            if (this.storeFileInputStream != null) {
                this.storeFileName = file.getPath();
            } else {
                this.storeFileName = "No File Available, using empty keystore.";
            }
        }

        final void close() {
            if (this.storeFileInputStream != null) {
                try {
                    this.storeFileInputStream.close();
                } catch (IOException e) {
                    if (Debugger.check.isDebugEnabled()) {
                        Debugger.check.debug("storeFileInputStream closed failure", e);
                    }
                }
            }
        }

        private static final FileInputStream getFileInputStream(final File file) throws Exception {
            return (FileInputStream) AccessController.doPrivileged(new PrivilegedExceptionAction<FileInputStream>() { // from class: cfca.sadk.tls.sun.security.ssl.manager.CFCAX509TrustManagerFactory.TrustKeystoreFile.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public FileInputStream run() throws Exception {
                    FileInputStream fileInputStream = null;
                    try {
                        if (file.exists()) {
                            fileInputStream = new FileInputStream(file);
                        }
                    } catch (FileNotFoundException e) {
                        fileInputStream = null;
                    }
                    return fileInputStream;
                }
            });
        }
    }

    CFCAX509TrustManagerFactory() {
    }

    @Override // javax.net.ssl.TrustManagerFactorySpi
    protected void engineInit(KeyStore keyStore) throws KeyStoreException {
        if (keyStore == null) {
            try {
                keyStore = getCacertsKeyStore("trustmanager");
            } catch (Error e) {
                if (Debugger.check.isWarnEnabled()) {
                    Debugger.check.warn("X509TrustKeyStore: skip default keystore.", e);
                }
                throw e;
            } catch (SecurityException e2) {
                if (Debugger.check.isWarnEnabled()) {
                    Debugger.check.warn("X509TrustKeyStore: skip default keystore.", e2);
                }
            } catch (RuntimeException e3) {
                if (Debugger.check.isWarnEnabled()) {
                    Debugger.check.warn("X509TrustKeyStore: skip default keystore.", e3);
                }
                throw e3;
            } catch (Exception e4) {
                if (Debugger.check.isWarnEnabled()) {
                    Debugger.check.warn("X509TrustKeyStore: skip default keystore.", e4);
                }
                throw new KeyStoreException("problem accessing trust store" + e4);
            }
        }
        this.trustManager = getInstance(keyStore);
        this.isInitialized = true;
    }

    abstract X509TrustManager getInstance(KeyStore keyStore) throws KeyStoreException;

    abstract X509TrustManager getInstance(ManagerFactoryParameters managerFactoryParameters) throws InvalidAlgorithmParameterException;

    @Override // javax.net.ssl.TrustManagerFactorySpi
    protected void engineInit(ManagerFactoryParameters managerFactoryParameters) throws InvalidAlgorithmParameterException {
        this.trustManager = getInstance(managerFactoryParameters);
        this.isInitialized = true;
    }

    @Override // javax.net.ssl.TrustManagerFactorySpi
    protected TrustManager[] engineGetTrustManagers() {
        if (this.isInitialized) {
            return new TrustManager[]{this.trustManager};
        }
        throw new IllegalStateException("TrustManagerFactoryImpl is not initialized");
    }

    public static KeyStore getCacertsKeyStore(String str) throws Exception {
        Map<String, String> loadDefaultProps = loadDefaultProps();
        TrustKeystoreFile trustKeystoreFile = null;
        KeyStore keyStore = null;
        try {
            TrustKeystoreFile trustKeystoreFile2 = new TrustKeystoreFile(loadDefaultProps);
            String str2 = loadDefaultProps.get("trustStoreType");
            String str3 = loadDefaultProps.get("trustStoreProvider");
            if (Debugger.check.isDebugEnabled()) {
                StringBuilder sb = new StringBuilder();
                sb.append("\ntrustStore is: ").append(trustKeystoreFile2.storeFileName);
                sb.append("\ntrustStore type is: ").append(str2);
                sb.append("\ntrustStore provider is: ").append(str3);
                Debugger.check.debug(sb.toString());
            }
            if (str2 == null) {
                throw new InvalidParameterException("javax.net.ssl.trustStoreType must be not null");
            }
            if (str3 == null) {
                throw new InvalidParameterException("javax.net.ssl.trustStoreProvider must be not null");
            }
            if (str2.length() != 0) {
                if (Debugger.check.isDebugEnabled()) {
                    Debugger.check.debug(String.format("init truststore trustFile=%s, trustStoreType=%s", trustKeystoreFile2.storeFileName, str2));
                }
                keyStore = str3.length() != 0 ? KeyStore.getInstance(str2, str3) : KeyStore.getInstance(str2);
                String str4 = loadDefaultProps.get("trustStorePasswd");
                if (str4 == null) {
                    throw new InvalidParameterException("javax.net.ssl.trustStorePassword must be not null");
                }
                r10 = str4.length() != 0 ? str4.toCharArray() : null;
                keyStore.load(trustKeystoreFile2.storeFileInputStream, r10);
            }
            if (trustKeystoreFile2 != null) {
                trustKeystoreFile2.close();
            }
            if (r10 != null) {
                for (int i = 0; i < r10.length; i++) {
                    r10[i] = 0;
                }
            }
            return keyStore;
        } catch (Throwable th) {
            if (0 != 0) {
                trustKeystoreFile.close();
            }
            if (0 != 0) {
                for (int i2 = 0; i2 < r10.length; i2++) {
                    r10[i2] = 0;
                }
            }
            throw th;
        }
    }

    private static final Map<String, String> loadDefaultProps() throws Exception {
        final HashMap hashMap = new HashMap();
        return (Map) AccessController.doPrivileged(new PrivilegedExceptionAction<Map<String, String>>() { // from class: cfca.sadk.tls.sun.security.ssl.manager.CFCAX509TrustManagerFactory.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Map<String, String> run() throws Exception {
                hashMap.put("trustStore", System.getProperty("javax.net.ssl.trustStore"));
                hashMap.put("javaHome", System.getProperty("java.home"));
                hashMap.put("trustStoreType", System.getProperty("javax.net.ssl.trustStoreType", KeyStore.getDefaultType()));
                hashMap.put("trustStoreProvider", System.getProperty("javax.net.ssl.trustStoreProvider", ""));
                hashMap.put("trustStorePasswd", System.getProperty("javax.net.ssl.trustStorePassword", ""));
                return hashMap;
            }
        });
    }
}
