package de.adito.trustmanager;

import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Paths;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertificateException;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXRevocationChecker;
import java.security.cert.X509CertSelector;
import java.util.EnumSet;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;

/* loaded from: input_file:de/adito/trustmanager/TrustManagerBuilder.class */
public class TrustManagerBuilder {
    private TrustManagerBuilder() {
    }

    public static X509ExtendedTrustManager buildDefaultTrustManager() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, InvalidAlgorithmParameterException {
        String property = System.getProperty("javax.net.ssl.keyStore");
        if (property == null) {
            String str = System.getProperty("java.home") + File.separator + "lib" + File.separator + "security" + File.separator;
            if (Files.isRegularFile(Paths.get(str + "jssecacerts", new String[0]), new LinkOption[0])) {
                property = str + "jssecacerts";
            } else if (Files.isRegularFile(Paths.get(str + "cacerts", new String[0]), new LinkOption[0])) {
                property = str + "cacerts";
            }
        }
        return buildDefaultTrustManager(TrustManagerUtil.loadKeyStore(System.getProperty("javax.net.ssl.keyStorePassword", "changeit"), property == null ? null : Paths.get(property, new String[0])));
    }

    public static X509ExtendedTrustManager buildDefaultTrustManager(KeyStore keyStore) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(new CertPathTrustManagerParameters(_createRevocationChecker(keyStore)));
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers.length == 0) {
            throw new IllegalStateException("No trust managers found");
        }
        return (X509ExtendedTrustManager) trustManagers[0];
    }

    public static X509ExtendedTrustManager buildOSTrustStore(String str) throws NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException, InvalidAlgorithmParameterException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        KeyStore keyStore = str.startsWith("Windows") ? KeyStore.getInstance("Windows-ROOT") : null;
        if (keyStore == null) {
            return null;
        }
        keyStore.load(null, null);
        try {
            keyManagerFactory.init(keyStore, null);
        } catch (UnrecoverableKeyException e) {
            e.printStackTrace();
        }
        return buildDefaultTrustManager(keyStore);
    }

    private static PKIXBuilderParameters _createRevocationChecker(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException, InvalidAlgorithmParameterException {
        PKIXRevocationChecker pKIXRevocationChecker = (PKIXRevocationChecker) CertPathBuilder.getInstance("PKIX").getRevocationChecker();
        pKIXRevocationChecker.setOptions(EnumSet.of(PKIXRevocationChecker.Option.PREFER_CRLS, PKIXRevocationChecker.Option.ONLY_END_ENTITY, PKIXRevocationChecker.Option.SOFT_FAIL, PKIXRevocationChecker.Option.NO_FALLBACK));
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, new X509CertSelector());
        pKIXBuilderParameters.addCertPathChecker(pKIXRevocationChecker);
        return pKIXBuilderParameters;
    }
}
