package lucee.runtime.net.http;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import java.util.Map;
import java.util.WeakHashMap;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import lucee.commons.io.IOUtil;
import lucee.commons.io.res.Resource;

/* loaded from: input_file:core/core.lco:lucee/runtime/net/http/CertificateInstaller.class */
public class CertificateInstaller {
    private static Map<String, String> installed = new WeakHashMap();
    private String host;
    private int port;
    private char[] passphrase;
    private Resource source;
    private TrustManagerFactory tmf;
    private SavingTrustManager tm;
    private SSLContext context;
    private KeyStore ks;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:core/core.lco:lucee/runtime/net/http/CertificateInstaller$SavingTrustManager.class */
    public static class SavingTrustManager implements X509TrustManager {
        private final X509TrustManager tm;
        private X509Certificate[] chain;

        SavingTrustManager(X509TrustManager x509TrustManager) {
            this.tm = x509TrustManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.chain = x509CertificateArr;
            this.tm.checkServerTrusted(x509CertificateArr, str);
        }
    }

    public CertificateInstaller(Resource resource, String str, int i) throws IOException, KeyStoreException, GeneralSecurityException {
        this(resource, str, i, "changeit".toCharArray());
    }

    public CertificateInstaller(Resource resource, String str, int i, char[] cArr) throws IOException, KeyStoreException, GeneralSecurityException {
        this.source = resource;
        this.host = str;
        this.port = i;
        this.passphrase = cArr;
        this.ks = null;
        InputStream inputStream = resource.getInputStream();
        try {
            this.ks = KeyStore.getInstance(KeyStore.getDefaultType());
            this.ks.load(inputStream, cArr);
            IOUtil.close(inputStream);
            this.context = SSLContext.getInstance("SSL");
            this.tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            this.tmf.init(this.ks);
            this.tm = new SavingTrustManager((X509TrustManager) this.tmf.getTrustManagers()[0]);
            this.context.init(null, new TrustManager[]{this.tm}, null);
            IOException checkCertificate = checkCertificate(this.context, str, i);
            if (this.tm.chain == null) {
                if (checkCertificate != null) {
                    throw new IOException("Could not obtain server certificate chain, [ " + checkCertificate + " ]");
                }
                throw new IOException("Could not obtain server certificate chain");
            }
        } catch (Throwable th) {
            IOUtil.close(inputStream);
            throw th;
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:29:0x0034, code lost:
    
        if (lucee.runtime.net.http.CertificateInstaller.installed.containsKey(r0) == false) goto L12;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void installAll(boolean r5) throws java.io.IOException, java.security.KeyStoreException, java.security.NoSuchAlgorithmException, java.security.cert.CertificateException {
        /*
            r4 = this;
            r0 = r4
            java.lang.String r0 = r0.host
            r1 = r4
            int r1 = r1.port
            java.lang.String r0 = r0 + ":" + r1
            r6 = r0
            r0 = r5
            if (r0 != 0) goto L1e
            java.util.Map<java.lang.String, java.lang.String> r0 = lucee.runtime.net.http.CertificateInstaller.installed
            r1 = r6
            boolean r0 = r0.containsKey(r1)
            if (r0 != 0) goto L6b
        L1e:
            java.lang.String r0 = "CertificateInstaller"
            r1 = r6
            java.lang.String r0 = lucee.commons.io.SystemUtil.createToken(r0, r1)
            r1 = r0
            r7 = r1
            monitor-enter(r0)
            r0 = r5
            if (r0 != 0) goto L37
            java.util.Map<java.lang.String, java.lang.String> r0 = lucee.runtime.net.http.CertificateInstaller.installed     // Catch: java.lang.Throwable -> L64
            r1 = r6
            boolean r0 = r0.containsKey(r1)     // Catch: java.lang.Throwable -> L64
            if (r0 != 0) goto L5f
        L37:
            r0 = 0
            r8 = r0
        L3a:
            r0 = r8
            r1 = r4
            lucee.runtime.net.http.CertificateInstaller$SavingTrustManager r1 = r1.tm     // Catch: java.lang.Throwable -> L64
            java.security.cert.X509Certificate[] r1 = r1.chain     // Catch: java.lang.Throwable -> L64
            int r1 = r1.length     // Catch: java.lang.Throwable -> L64
            if (r0 >= r1) goto L53
            r0 = r4
            r1 = r8
            r0.install(r1)     // Catch: java.lang.Throwable -> L64
            int r8 = r8 + 1
            goto L3a
        L53:
            java.util.Map<java.lang.String, java.lang.String> r0 = lucee.runtime.net.http.CertificateInstaller.installed     // Catch: java.lang.Throwable -> L64
            r1 = r6
            java.lang.String r2 = ""
            java.lang.Object r0 = r0.put(r1, r2)     // Catch: java.lang.Throwable -> L64
        L5f:
            r0 = r7
            monitor-exit(r0)     // Catch: java.lang.Throwable -> L64
            goto L6b
        L64:
            r9 = move-exception
            r0 = r7
            monitor-exit(r0)     // Catch: java.lang.Throwable -> L64
            r0 = r9
            throw r0
        L6b:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: lucee.runtime.net.http.CertificateInstaller.installAll(boolean):void");
    }

    private void install(int i) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException {
        X509Certificate x509Certificate = this.tm.chain[i];
        this.ks.setCertificateEntry(this.host + "-" + (i + 1), x509Certificate);
        OutputStream outputStream = this.source.getOutputStream();
        try {
            this.ks.store(outputStream, this.passphrase);
            IOUtil.close(outputStream);
        } catch (Throwable th) {
            IOUtil.close(outputStream);
            throw th;
        }
    }

    public static IOException checkCertificate(SSLContext sSLContext, String str, int i) {
        try {
            SSLSocket sSLSocket = (SSLSocket) sSLContext.getSocketFactory().createSocket(str, i);
            sSLSocket.setSoTimeout(10000);
            sSLSocket.startHandshake();
            sSLSocket.close();
            return null;
        } catch (IOException e) {
            return e;
        }
    }

    public X509Certificate[] getCertificates() {
        return this.tm.chain;
    }

    public static List<X509Certificate> getAllCertificates(Resource resource) throws GeneralSecurityException, IOException {
        InputStream inputStream = resource.getInputStream();
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(inputStream, "changeit".toCharArray());
            ArrayList arrayList = new ArrayList();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                Certificate certificate = keyStore.getCertificate(aliases.nextElement());
                if (certificate instanceof X509Certificate) {
                    arrayList.add((X509Certificate) certificate);
                }
            }
            return arrayList;
        } finally {
            IOUtil.close(inputStream);
        }
    }
}
