package net.sf.jstuff.core.security.x509;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.atomic.AtomicInteger;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import net.sf.jstuff.core.builder.Builder;
import net.sf.jstuff.core.builder.BuilderFactory;
import net.sf.jstuff.core.collection.ArrayUtils;
import net.sf.jstuff.core.collection.Enumerations;
import net.sf.jstuff.core.event.EventDispatcher;
import net.sf.jstuff.core.event.EventListener;
import net.sf.jstuff.core.event.SyncEventDispatcher;
import net.sf.jstuff.core.fluent.Fluent;
import net.sf.jstuff.core.io.RuntimeIOException;
import net.sf.jstuff.core.logging.Logger;
import net.sf.jstuff.core.security.RuntimeSecurityException;
import net.sf.jstuff.core.security.x509.TrustStoreProvider;
import net.sf.jstuff.core.types.Modifiable;

/* loaded from: input_file:net/sf/jstuff/core/security/x509/DefaultTrustStoreProvider.class */
public class DefaultTrustStoreProvider extends Modifiable.Default implements TrustStoreProvider {
    private static final Logger LOG = Logger.create();
    protected EventDispatcher<TrustStoreProvider.Event> eventDispatcher = new SyncEventDispatcher();
    protected ConcurrentMap<String, X509Certificate> trustCertsByAlias = new ConcurrentHashMap();
    protected AtomicInteger trustCertsAliasIndex = new AtomicInteger();
    protected TrustManager[] trustManagers;
    protected KeyStore trustStore;

    /* loaded from: input_file:net/sf/jstuff/core/security/x509/DefaultTrustStoreProvider$DefaultTrustStoreProviderBuilder.class */
    public interface DefaultTrustStoreProviderBuilder extends Builder<DefaultTrustStoreProvider> {
        @Fluent
        DefaultTrustStoreProviderBuilder eventDispatcher(EventDispatcher<TrustStoreProvider.Event> eventDispatcher);

        @Fluent
        DefaultTrustStoreProviderBuilder isModifiable(boolean z);

        @Fluent
        DefaultTrustStoreProviderBuilder trustCerts(Collection<X509Certificate> collection);

        @Fluent
        DefaultTrustStoreProviderBuilder trustCerts(X509Certificate... x509CertificateArr);
    }

    public static DefaultTrustStoreProviderBuilder builder() {
        return (DefaultTrustStoreProviderBuilder) BuilderFactory.of(DefaultTrustStoreProviderBuilder.class, new Object[0]).create();
    }

    protected DefaultTrustStoreProvider() {
        LOG.infoNew(this);
        try {
            this.trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
            this.trustStore.load(null, null);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(this.trustStore);
            this.trustManagers = trustManagerFactory.getTrustManagers();
        } catch (IOException e) {
            throw new RuntimeIOException(e);
        } catch (GeneralSecurityException e2) {
            throw new RuntimeSecurityException(e2);
        }
    }

    public synchronized void addTrustCerts(Collection<X509Certificate> collection) {
        if (collection == null || collection.isEmpty()) {
            return;
        }
        assertIsModifiable();
        addTrustCerts((X509Certificate[]) collection.toArray(new X509Certificate[collection.size()]));
    }

    public synchronized void addTrustCerts(KeyStore keyStore) {
        if (keyStore == null) {
            return;
        }
        assertIsModifiable();
        try {
            ArrayList arrayList = new ArrayList();
            for (String str : Enumerations.toIterable(keyStore.aliases())) {
                Certificate certificate = keyStore.getCertificate(str);
                if (certificate != null) {
                    if (certificate instanceof X509Certificate) {
                        arrayList.add((X509Certificate) certificate);
                    } else {
                        LOG.warn("Ignoring non-X509Certificate [%s] with alias [%s].", certificate, str);
                    }
                }
            }
            if (arrayList.isEmpty()) {
                return;
            }
            addTrustCerts((X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]));
        } catch (GeneralSecurityException e) {
            throw new RuntimeSecurityException(e);
        }
    }

    public synchronized void addTrustCerts(X509Certificate... x509CertificateArr) {
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            return;
        }
        assertIsModifiable();
        LOG.info("Adding trusted certificates...");
        final ArrayList arrayList = new ArrayList();
        for (final X509Certificate x509Certificate : x509CertificateArr) {
            if (x509Certificate != null && !this.trustCertsByAlias.containsValue(x509Certificate)) {
                if (new Date().after(x509Certificate.getNotAfter())) {
                    LOG.warn("  -> Certificate [%s] EXPIRED [%s]!", x509Certificate.getSubjectX500Principal().getName(), x509Certificate.getNotAfter());
                    this.eventDispatcher.fire(new TrustStoreProvider.CertificateExpiredEvent() { // from class: net.sf.jstuff.core.security.x509.DefaultTrustStoreProvider.1
                        @Override // net.sf.jstuff.core.security.x509.TrustStoreProvider.Event
                        public TrustStoreProvider.EventType getEventType() {
                            return TrustStoreProvider.EventType.CERTIFICATE_EXPIRED;
                        }

                        @Override // net.sf.jstuff.core.security.x509.TrustStoreProvider.CertificateExpiredEvent
                        public X509Certificate getExpired() {
                            return x509Certificate;
                        }
                    });
                } else {
                    LOG.info("  -> Certificate [%s] expires [%s].", x509Certificate.getSubjectX500Principal().getName(), x509Certificate.getNotAfter());
                }
                this.trustCertsByAlias.put(Integer.toString(this.trustCertsAliasIndex.incrementAndGet()), x509Certificate);
                arrayList.add(x509Certificate);
            }
        }
        rebuildTrustStore();
        this.eventDispatcher.fire(new TrustStoreProvider.CertificatesAddedEvent() { // from class: net.sf.jstuff.core.security.x509.DefaultTrustStoreProvider.2
            @Override // net.sf.jstuff.core.security.x509.TrustStoreProvider.CertificatesAddedEvent
            public Collection<X509Certificate> getAdded() {
                return arrayList;
            }

            @Override // net.sf.jstuff.core.security.x509.TrustStoreProvider.Event
            public TrustStoreProvider.EventType getEventType() {
                return TrustStoreProvider.EventType.CERTIFICATES_ADDED;
            }
        });
    }

    @Override // net.sf.jstuff.core.security.x509.TrustStoreProvider
    public TrustManager[] getTrustManagers() {
        return (TrustManager[]) this.trustManagers.clone();
    }

    @Override // net.sf.jstuff.core.security.x509.TrustStoreProvider
    public KeyStore getTrustStore() {
        return this.trustStore;
    }

    private synchronized void rebuildTrustStore() {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            for (Map.Entry<String, X509Certificate> entry : this.trustCertsByAlias.entrySet()) {
                keyStore.setCertificateEntry(entry.getKey(), entry.getValue());
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            this.trustStore = keyStore;
            this.trustManagers = trustManagerFactory.getTrustManagers();
        } catch (IOException e) {
            throw new RuntimeIOException(e);
        } catch (GeneralSecurityException e2) {
            throw new RuntimeSecurityException(e2);
        }
    }

    public synchronized void removeTrustCerts(X509Certificate... x509CertificateArr) {
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            return;
        }
        assertIsModifiable();
        LOG.info("Removing trusted certificates...");
        final ArrayList arrayList = new ArrayList();
        Iterator<Map.Entry<String, X509Certificate>> it = this.trustCertsByAlias.entrySet().iterator();
        while (it.hasNext()) {
            X509Certificate value = it.next().getValue();
            if (ArrayUtils.containsIdentical(x509CertificateArr, value)) {
                it.remove();
                arrayList.add(value);
                LOG.info("  -> Certificate [%s] expires [%s].", value.getSubjectX500Principal().getName(), value.getNotAfter());
            }
        }
        rebuildTrustStore();
        this.eventDispatcher.fire(new TrustStoreProvider.CertificatesRemovedEvent() { // from class: net.sf.jstuff.core.security.x509.DefaultTrustStoreProvider.3
            @Override // net.sf.jstuff.core.security.x509.TrustStoreProvider.Event
            public TrustStoreProvider.EventType getEventType() {
                return TrustStoreProvider.EventType.CERTIFICATES_REMOVED;
            }

            @Override // net.sf.jstuff.core.security.x509.TrustStoreProvider.CertificatesRemovedEvent
            public Collection<X509Certificate> getRemoved() {
                return arrayList;
            }
        });
    }

    protected void setTrustCerts(Collection<X509Certificate> collection) {
        addTrustCerts(collection);
    }

    protected void setTrustCerts(X509Certificate... x509CertificateArr) {
        addTrustCerts(x509CertificateArr);
    }

    @Override // net.sf.jstuff.core.event.EventListenable
    public boolean subscribe(EventListener<TrustStoreProvider.Event> eventListener) {
        return this.eventDispatcher.subscribe(eventListener);
    }

    @Override // net.sf.jstuff.core.event.EventListenable
    public boolean unsubscribe(EventListener<TrustStoreProvider.Event> eventListener) {
        return this.eventDispatcher.unsubscribe(eventListener);
    }
}
