package sun.security.ssl;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.lang.ref.WeakReference;
import java.security.AccessController;
import java.security.KeyStore;
import java.security.PrivilegedAction;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.Objects;
import java.util.Set;
import sun.security.action.GetPropertyAction;
import sun.security.action.OpenFileInputStreamAction;
import sun.security.validator.TrustStoreUtil;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:assets/app_runtime/j2re-image/lib/jsse.jar:sun/security/ssl/TrustStoreManager.class */
public final class TrustStoreManager {
    private static final TrustAnchorManager tam = new TrustAnchorManager();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:assets/app_runtime/j2re-image/lib/jsse.jar:sun/security/ssl/TrustStoreManager$TrustAnchorManager.class */
    public static final class TrustAnchorManager {
        private TrustStoreDescriptor descriptor;
        private WeakReference<KeyStore> ksRef;
        private WeakReference<Set<X509Certificate>> csRef;

        private TrustAnchorManager() {
            this.descriptor = null;
            this.ksRef = new WeakReference<>(null);
            this.csRef = new WeakReference<>(null);
        }

        synchronized KeyStore getKeyStore(TrustStoreDescriptor trustStoreDescriptor) throws Exception {
            TrustStoreDescriptor trustStoreDescriptor2 = this.descriptor;
            KeyStore keyStore = this.ksRef.get();
            if (keyStore != null && trustStoreDescriptor.equals(trustStoreDescriptor2)) {
                return keyStore;
            }
            if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) {
                SSLLogger.fine("Reload the trust store", new Object[0]);
            }
            KeyStore loadKeyStore = loadKeyStore(trustStoreDescriptor);
            this.descriptor = trustStoreDescriptor;
            this.ksRef = new WeakReference<>(loadKeyStore);
            return loadKeyStore;
        }

        synchronized Set<X509Certificate> getTrustedCerts(TrustStoreDescriptor trustStoreDescriptor) throws Exception {
            KeyStore keyStore = null;
            TrustStoreDescriptor trustStoreDescriptor2 = this.descriptor;
            Set<X509Certificate> set = this.csRef.get();
            if (set != null) {
                if (trustStoreDescriptor.equals(trustStoreDescriptor2)) {
                    return set;
                }
                this.descriptor = trustStoreDescriptor;
            } else if (trustStoreDescriptor.equals(trustStoreDescriptor2)) {
                keyStore = this.ksRef.get();
            } else {
                this.descriptor = trustStoreDescriptor;
            }
            if (keyStore == null) {
                if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) {
                    SSLLogger.fine("Reload the trust store", new Object[0]);
                }
                keyStore = loadKeyStore(trustStoreDescriptor);
            }
            if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) {
                SSLLogger.fine("Reload trust certs", new Object[0]);
            }
            Set<X509Certificate> loadTrustedCerts = loadTrustedCerts(keyStore);
            if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) {
                SSLLogger.fine("Reloaded " + loadTrustedCerts.size() + " trust certs", new Object[0]);
            }
            this.csRef = new WeakReference<>(loadTrustedCerts);
            return loadTrustedCerts;
        }

        private static KeyStore loadKeyStore(TrustStoreDescriptor trustStoreDescriptor) throws Exception {
            if (!"NONE".equals(trustStoreDescriptor.storeName) && trustStoreDescriptor.storeFile == null) {
                if (!SSLLogger.isOn || !SSLLogger.isOn("trustmanager")) {
                    return null;
                }
                SSLLogger.fine("No available key store", new Object[0]);
                return null;
            }
            KeyStore keyStore = trustStoreDescriptor.storeProvider.isEmpty() ? KeyStore.getInstance(trustStoreDescriptor.storeType) : KeyStore.getInstance(trustStoreDescriptor.storeType, trustStoreDescriptor.storeProvider);
            char[] cArr = null;
            if (!trustStoreDescriptor.storePassword.isEmpty()) {
                cArr = trustStoreDescriptor.storePassword.toCharArray();
            }
            if ("NONE".equals(trustStoreDescriptor.storeName)) {
                keyStore.load(null, cArr);
            } else {
                try {
                    FileInputStream fileInputStream = (FileInputStream) AccessController.doPrivileged(new OpenFileInputStreamAction(trustStoreDescriptor.storeFile));
                    Throwable th = null;
                    try {
                        try {
                            keyStore.load(fileInputStream, cArr);
                            if (fileInputStream != null) {
                                if (0 != 0) {
                                    try {
                                        fileInputStream.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    fileInputStream.close();
                                }
                            }
                        } catch (Throwable th3) {
                            th = th3;
                            throw th3;
                        }
                    } finally {
                    }
                } catch (FileNotFoundException e) {
                    if (!SSLLogger.isOn || !SSLLogger.isOn("trustmanager")) {
                        return null;
                    }
                    SSLLogger.fine("Not available key store: " + trustStoreDescriptor.storeName, new Object[0]);
                    return null;
                }
            }
            return keyStore;
        }

        private static Set<X509Certificate> loadTrustedCerts(KeyStore keyStore) {
            return keyStore == null ? Collections.emptySet() : TrustStoreUtil.getTrustedCerts(keyStore);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:assets/app_runtime/j2re-image/lib/jsse.jar:sun/security/ssl/TrustStoreManager$TrustStoreDescriptor.class */
    public static final class TrustStoreDescriptor {
        private static final String fileSep = File.separator;
        private static final String defaultStorePath = GetPropertyAction.privilegedGetProperty("java.home") + fileSep + "lib" + fileSep + "security";
        private static final String defaultStore = defaultStorePath + fileSep + "cacerts";
        private static final String jsseDefaultStore = defaultStorePath + fileSep + "jssecacerts";
        private final String storeName;
        private final String storeType;
        private final String storeProvider;
        private final String storePassword;
        private final File storeFile;
        private final long lastModified;

        private TrustStoreDescriptor(String str, String str2, String str3, String str4, File file, long j) {
            this.storeName = str;
            this.storeType = str2;
            this.storeProvider = str3;
            this.storePassword = str4;
            this.storeFile = file;
            this.lastModified = j;
            if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) {
                SSLLogger.fine("trustStore is: " + str + "\ntrustStore type is: " + str2 + "\ntrustStore provider is: " + str3 + "\nthe last modified time is: " + ((Object) new Date(j)), new Object[0]);
            }
        }

        static TrustStoreDescriptor createInstance() {
            return (TrustStoreDescriptor) AccessController.doPrivileged(new PrivilegedAction<TrustStoreDescriptor>() { // from class: sun.security.ssl.TrustStoreManager.TrustStoreDescriptor.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                /* renamed from: run */
                public TrustStoreDescriptor run2() {
                    String property = System.getProperty("javax.net.ssl.trustStore", TrustStoreDescriptor.jsseDefaultStore);
                    String property2 = System.getProperty("javax.net.ssl.trustStoreType", KeyStore.getDefaultType());
                    String property3 = System.getProperty("javax.net.ssl.trustStoreProvider", "");
                    String property4 = System.getProperty("javax.net.ssl.trustStorePassword", "");
                    String str = "";
                    File file = null;
                    long j = 0;
                    if (!"NONE".equals(property)) {
                        String[] strArr = {property, TrustStoreDescriptor.defaultStore};
                        int length = strArr.length;
                        int i = 0;
                        while (true) {
                            if (i >= length) {
                                break;
                            }
                            String str2 = strArr[i];
                            File file2 = new File(str2);
                            if (file2.isFile() && file2.canRead()) {
                                str = str2;
                                file = file2;
                                j = file2.lastModified();
                                break;
                            }
                            if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) {
                                SSLLogger.fine("Inaccessible trust store: " + property, new Object[0]);
                            }
                            i++;
                        }
                    } else {
                        str = property;
                    }
                    return new TrustStoreDescriptor(str, property2, property3, property4, file, j);
                }
            });
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof TrustStoreDescriptor)) {
                return false;
            }
            TrustStoreDescriptor trustStoreDescriptor = (TrustStoreDescriptor) obj;
            return this.lastModified == trustStoreDescriptor.lastModified && Objects.equals(this.storeName, trustStoreDescriptor.storeName) && Objects.equals(this.storeType, trustStoreDescriptor.storeType) && Objects.equals(this.storeProvider, trustStoreDescriptor.storeProvider);
        }

        public int hashCode() {
            int i = 17;
            if (this.storeName != null && !this.storeName.isEmpty()) {
                i = (31 * 17) + this.storeName.hashCode();
            }
            if (this.storeType != null && !this.storeType.isEmpty()) {
                i = (31 * i) + this.storeType.hashCode();
            }
            if (this.storeProvider != null && !this.storeProvider.isEmpty()) {
                i = (31 * i) + this.storeProvider.hashCode();
            }
            if (this.storeFile != null) {
                i = (31 * i) + this.storeFile.hashCode();
            }
            if (this.lastModified != 0) {
                i = (int) ((31 * i) + this.lastModified);
            }
            return i;
        }
    }

    private TrustStoreManager() {
    }

    public static Set<X509Certificate> getTrustedCerts() throws Exception {
        return tam.getTrustedCerts(TrustStoreDescriptor.createInstance());
    }

    public static KeyStore getTrustedKeyStore() throws Exception {
        return tam.getKeyStore(TrustStoreDescriptor.createInstance());
    }
}
