package org.bouncycastle.jsse.provider;

import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.lang.reflect.Constructor;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.cert.CertPathParameters;
import java.security.cert.Certificate;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Set;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactorySpi;
import javax.net.ssl.X509TrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/gmssl-jsse-provider-1.3.3-SNAPSHOT.jar:org/bouncycastle/jsse/provider/ProvTrustManagerFactorySpi.class */
class ProvTrustManagerFactorySpi extends TrustManagerFactorySpi {
    private Logger logger = LoggerFactory.getLogger(getClass());
    static final Constructor<? extends X509TrustManager> extendedTrustManagerConstructor;
    static final String CACERTS_PATH;
    static final String JSSECACERTS_PATH;
    protected final Provider pkixProvider;
    protected X509TrustManager trustManager;

    static X509TrustManager makeExportTrustManager(ProvX509TrustManager provX509TrustManager) {
        if (extendedTrustManagerConstructor != null) {
            try {
                return extendedTrustManagerConstructor.newInstance(provX509TrustManager);
            } catch (Exception e) {
            }
        }
        return provX509TrustManager;
    }

    public ProvTrustManagerFactorySpi(Provider provider) {
        this.pkixProvider = provider;
    }

    @Override // javax.net.ssl.TrustManagerFactorySpi
    protected TrustManager[] engineGetTrustManagers() {
        return new TrustManager[]{this.trustManager};
    }

    @Override // javax.net.ssl.TrustManagerFactorySpi
    protected void engineInit(KeyStore keyStore) throws KeyStoreException {
        if (keyStore == null) {
            try {
                keyStore = createTrustStore();
                String str = null;
                char[] cArr = null;
                String systemProperty = PropertyUtils.getSystemProperty("javax.net.ssl.trustStore");
                if (systemProperty != null) {
                    if (new File(systemProperty).exists()) {
                        str = systemProperty;
                        String systemProperty2 = PropertyUtils.getSystemProperty("javax.net.ssl.trustStorePassword");
                        if (systemProperty2 != null) {
                            cArr = systemProperty2.toCharArray();
                        }
                    }
                } else if (new File(JSSECACERTS_PATH).exists()) {
                    str = JSSECACERTS_PATH;
                } else if (new File(CACERTS_PATH).exists()) {
                    str = CACERTS_PATH;
                }
                if (str == null) {
                    keyStore.load(null, null);
                    this.logger.warn("Initialized with empty trust store");
                } else {
                    BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(str));
                    keyStore.load(bufferedInputStream, cArr);
                    bufferedInputStream.close();
                    this.logger.info("Initialized with trust store at path: " + str);
                }
            } catch (Exception e) {
                throw new KeyStoreException("initialization failed", e);
            }
        }
        this.trustManager = makeExportTrustManager(new ProvX509TrustManagerImpl(this.pkixProvider, getTrustAnchors(keyStore)));
    }

    @Override // javax.net.ssl.TrustManagerFactorySpi
    protected void engineInit(ManagerFactoryParameters managerFactoryParameters) throws InvalidAlgorithmParameterException {
        if (!(managerFactoryParameters instanceof CertPathTrustManagerParameters)) {
            if (managerFactoryParameters != null) {
                throw new InvalidAlgorithmParameterException("unknown spec: " + managerFactoryParameters.getClass().getName());
            }
            throw new InvalidAlgorithmParameterException("spec cannot be null");
        }
        try {
            CertPathParameters parameters = ((CertPathTrustManagerParameters) managerFactoryParameters).getParameters();
            if (!(parameters instanceof PKIXParameters)) {
                throw new InvalidAlgorithmParameterException("parameters must inherit from PKIXParameters");
            }
            this.trustManager = makeExportTrustManager(new ProvX509TrustManagerImpl(this.pkixProvider, (PKIXParameters) parameters));
        } catch (GeneralSecurityException e) {
            throw new InvalidAlgorithmParameterException("unable to process parameters: " + e.getMessage(), e);
        }
    }

    private String getTrustStoreType() {
        String systemProperty = PropertyUtils.getSystemProperty("javax.net.ssl.trustStoreType");
        if (systemProperty == null) {
            systemProperty = KeyStore.getDefaultType();
        }
        return systemProperty;
    }

    private KeyStore createTrustStore() throws NoSuchProviderException, KeyStoreException {
        String trustStoreType = getTrustStoreType();
        String systemProperty = PropertyUtils.getSystemProperty("javax.net.ssl.trustStoreProvider");
        return (systemProperty == null || systemProperty.length() < 1) ? KeyStore.getInstance(trustStoreType) : KeyStore.getInstance(trustStoreType, systemProperty);
    }

    private Set<TrustAnchor> getTrustAnchors(KeyStore keyStore) throws KeyStoreException {
        HashSet hashSet = new HashSet(keyStore.size());
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isCertificateEntry(nextElement)) {
                Certificate certificate = keyStore.getCertificate(nextElement);
                if (certificate instanceof X509Certificate) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    this.logger.info("getTrustAnchors alias: {} subjectDN: {} sn: {} issueDN: {}", nextElement, x509Certificate.getSubjectDN().toString(), x509Certificate.getSerialNumber(), x509Certificate.getIssuerDN().toString());
                    hashSet.add(new TrustAnchor(x509Certificate, null));
                }
            }
        }
        return hashSet;
    }

    static {
        Constructor<? extends X509TrustManager> constructor = null;
        try {
            if (null != JsseUtils.loadClass(ProvTrustManagerFactorySpi.class, "javax.net.ssl.X509ExtendedTrustManager")) {
                constructor = JsseUtils.getDeclaredConstructor(JsseUtils.loadClass(ProvTrustManagerFactorySpi.class, "org.bouncycastle.jsse.provider.ProvX509ExtendedTrustManager_7"), ProvX509TrustManager.class);
            }
        } catch (Exception e) {
        }
        extendedTrustManagerConstructor = constructor;
        String systemProperty = PropertyUtils.getSystemProperty("java.home");
        CACERTS_PATH = systemProperty + "/lib/security/cacerts".replace('/', File.separatorChar);
        JSSECACERTS_PATH = systemProperty + "/lib/security/jssecacerts".replace('/', File.separatorChar);
    }
}
