package ch.icosys.popjava.core.combox.socket.ssl;

import ch.icosys.popjava.core.util.Configuration;
import ch.icosys.popjava.core.util.LogWriter;
import ch.icosys.popjava.core.util.RuntimeDirectoryThread;
import ch.icosys.popjava.core.util.WatchDirectory;
import ch.icosys.popjava.core.util.ssl.SSLUtils;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.StandardWatchEventKinds;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:ch/icosys/popjava/core/combox/socket/ssl/POPTrustManager.class */
public class POPTrustManager implements X509TrustManager {
    private X509TrustManager trustManager;
    private WatchDirectory temporaryWatcher;
    private WatchDirectory keyStoreWatcher;
    private final Configuration conf = Configuration.getInstance();
    private final Map<String, Certificate> loadedCertificates = new HashMap();
    private final Set<String> confidenceCertificates = new HashSet();
    private final Map<String, String> certificatesNetwork = new HashMap();
    private final Map<String, Certificate> aliasCertificates = new HashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:ch/icosys/popjava/core/combox/socket/ssl/POPTrustManager$KeyStoreWatcher.class */
    public class KeyStoreWatcher extends WatchDirectory.WatchMethod {
        private final Path keyStore;

        public KeyStoreWatcher(Path path) {
            this.keyStore = path;
        }

        @Override // ch.icosys.popjava.core.util.WatchDirectory.WatchMethod
        public void modify(String str) {
            if (this.keyStore.equals(this.keyStore.getParent().resolve(str))) {
                reload();
            }
        }

        private void reload() {
            try {
                POPTrustManager.this.reloadTrustManager();
            } catch (Exception e) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:ch/icosys/popjava/core/combox/socket/ssl/POPTrustManager$TemporaryDirectoryWatcher.class */
    public class TemporaryDirectoryWatcher extends WatchDirectory.WatchMethod {
        private TemporaryDirectoryWatcher() {
        }

        @Override // ch.icosys.popjava.core.util.WatchDirectory.WatchMethod
        public void create(String str) {
            if (str.endsWith(".cer")) {
                reload();
            }
        }

        @Override // ch.icosys.popjava.core.util.WatchDirectory.WatchMethod
        public void delete(String str) {
            if (str.endsWith(".cer")) {
                reload();
            }
        }

        private void reload() {
            try {
                POPTrustManager.this.reloadTrustManager();
            } catch (Exception e) {
            }
        }
    }

    public POPTrustManager() throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException {
        reloadTrustManager();
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.trustManager.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.trustManager.checkServerTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.trustManager.getAcceptedIssuers();
    }

    public boolean isConfidenceLink(String str) {
        return this.confidenceCertificates.contains(str);
    }

    public String getNetworkFromFingerprint(String str) {
        return this.certificatesNetwork.get(str);
    }

    private void saveCertificatesToMemory() {
        HashMap hashMap = new HashMap();
        for (X509Certificate x509Certificate : getAcceptedIssuers()) {
            hashMap.put(SSLUtils.certificateFingerprint(x509Certificate), x509Certificate);
        }
        this.loadedCertificates.clear();
        this.loadedCertificates.putAll(hashMap);
    }

    public final void reloadTrustManager() throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException {
        long currentTimeMillis = System.currentTimeMillis();
        SSLUtils.invalidateSSLSessions();
        KeyStore keyStore = KeyStore.getInstance(this.conf.getSSLKeyStoreFormat().name());
        FileInputStream fileInputStream = new FileInputStream(this.conf.getSSLKeyStoreFile());
        Throwable th = null;
        try {
            keyStore.load(fileInputStream, this.conf.getSSLKeyStorePassword().toCharArray());
            if (0 != 0) {
                try {
                    fileInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            } else {
                fileInputStream.close();
            }
            this.confidenceCertificates.clear();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate certificate = keyStore.getCertificate(nextElement);
                String certificateFingerprint = SSLUtils.certificateFingerprint(certificate);
                this.confidenceCertificates.add(certificateFingerprint);
                int indexOf = nextElement.indexOf(64);
                if (indexOf >= 0) {
                    this.certificatesNetwork.put(certificateFingerprint, nextElement.substring(indexOf + 1));
                } else {
                    this.certificatesNetwork.put(certificateFingerprint, nextElement);
                }
                this.aliasCertificates.put(nextElement, certificate);
            }
            File sSLTemporaryCertificateLocation = this.conf.getSSLTemporaryCertificateLocation();
            if (sSLTemporaryCertificateLocation != null) {
                if (sSLTemporaryCertificateLocation.exists()) {
                    for (File file : sSLTemporaryCertificateLocation.listFiles()) {
                        if (file.isFile() && file.getName().endsWith(".cer")) {
                            try {
                                keyStore.setCertificateEntry(file.getName().substring(0, file.getName().length() - 4), SSLUtils.certificateFromBytes(Files.readAllBytes(file.toPath())));
                            } catch (Exception e) {
                            }
                        }
                    }
                } else {
                    new RuntimeDirectoryThread(sSLTemporaryCertificateLocation).addCleanupHook();
                }
                if (sSLTemporaryCertificateLocation.canRead()) {
                    boolean z = true;
                    if (this.temporaryWatcher != null) {
                        if (sSLTemporaryCertificateLocation.toPath().equals(this.temporaryWatcher.getWatchedDir())) {
                            z = false;
                        } else {
                            this.temporaryWatcher.stop();
                        }
                    }
                    if (z) {
                        this.temporaryWatcher = new WatchDirectory(sSLTemporaryCertificateLocation.toPath(), new TemporaryDirectoryWatcher(), StandardWatchEventKinds.ENTRY_CREATE, StandardWatchEventKinds.ENTRY_DELETE);
                        Thread thread = new Thread(this.temporaryWatcher, "TrustStore temporary folder watcher");
                        thread.setDaemon(true);
                        thread.start();
                    }
                }
            }
            File sSLKeyStoreFile = this.conf.getSSLKeyStoreFile();
            if (sSLKeyStoreFile != null && sSLKeyStoreFile.canRead()) {
                Path absolutePath = sSLKeyStoreFile.toPath().toAbsolutePath();
                boolean z2 = true;
                if (this.keyStoreWatcher != null) {
                    if (absolutePath.getParent().equals(this.keyStoreWatcher.getWatchedDir())) {
                        z2 = false;
                    } else {
                        this.keyStoreWatcher.stop();
                    }
                }
                if (z2) {
                    this.keyStoreWatcher = new WatchDirectory(absolutePath.getParent(), new KeyStoreWatcher(absolutePath), StandardWatchEventKinds.ENTRY_MODIFY);
                    Thread thread2 = new Thread(this.keyStoreWatcher, "KeyStore changes watcher (TrustManager)");
                    thread2.setDaemon(true);
                    thread2.start();
                }
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            LogWriter.writeDebugInfo(String.format("[TrustManager] initiated in %d ms", Long.valueOf(System.currentTimeMillis() - currentTimeMillis)));
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    this.trustManager = (X509TrustManager) trustManager;
                    saveCertificatesToMemory();
                    return;
                }
            }
            throw new NoSuchAlgorithmException("No X509TrustManager in TrustManagerFactory");
        } catch (Throwable th3) {
            if (0 != 0) {
                try {
                    fileInputStream.close();
                } catch (Throwable th4) {
                    th.addSuppressed(th4);
                }
            } else {
                fileInputStream.close();
            }
            throw th3;
        }
    }

    public boolean isCertificateKnown(Certificate certificate) {
        return this.loadedCertificates.values().contains(certificate);
    }

    public Certificate getCertificate(String str) {
        return this.loadedCertificates.get(str);
    }

    public Certificate getCertificateFromAlias(String str) {
        Objects.requireNonNull(str);
        return this.aliasCertificates.get(str.toLowerCase());
    }
}
