package arc.network.secure;

import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
import java.util.TreeSet;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:arc/network/secure/TrustRepository.class */
public class TrustRepository implements TrustManagerProvider {
    private final EqualityChecker<X509Certificate> _certificateChecker = new CertificateEquality();
    private final KeyStoreManager _keyStoreManager;
    private X509TrustManager _trustManager;

    /* loaded from: input_file:arc/network/secure/TrustRepository$DelegatingX509TrustManager.class */
    private static class DelegatingX509TrustManager implements X509TrustManager {
        private final KeyStoreManager _keyStoreManager;

        public DelegatingX509TrustManager(KeyStoreManager keyStoreManager) {
            this._keyStoreManager = keyStoreManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (!this._keyStoreManager.hasTrustedCertificates()) {
                throw new ExEmptyTrustStore();
            }
            this._keyStoreManager.trustManager().checkClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (!this._keyStoreManager.hasTrustedCertificates()) {
                throw new ExEmptyTrustStore();
            }
            this._keyStoreManager.trustManager().checkServerTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this._keyStoreManager.trustManager().getAcceptedIssuers();
        }
    }

    public TrustRepository(KeyStoreManager keyStoreManager) {
        this._keyStoreManager = keyStoreManager;
        this._trustManager = new DelegatingX509TrustManager(this._keyStoreManager);
    }

    @Override // arc.network.secure.TrustManagerProvider
    public X509TrustManager trustManager() {
        return this._trustManager;
    }

    @Override // arc.network.secure.TrustManagerProvider
    public boolean isEmpty() {
        return !this._keyStoreManager.hasTrustedCertificates();
    }

    public TrustedEntity trusted(String str) {
        return createTrusted(str, getCertificate(str));
    }

    public TrustedEntity findMatching(X509Certificate x509Certificate) {
        String findMatchingEntry = findMatchingEntry(x509Certificate);
        if (findMatchingEntry == null) {
            return null;
        }
        return createTrusted(findMatchingEntry, getCertificate(findMatchingEntry));
    }

    public Collection<TrustedEntity> trusted() {
        Enumeration<String> aliases = this._keyStoreManager.aliases();
        TreeSet treeSet = new TreeSet();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            X509Certificate findCertificate = this._keyStoreManager.findCertificate(nextElement);
            if (findCertificate != null) {
                treeSet.add(createTrusted(nextElement, findCertificate));
            }
        }
        return treeSet;
    }

    public Collection<TrustedEntity> addMultiple(X509Certificate[] x509CertificateArr, boolean z) {
        ArrayList arrayList = new ArrayList();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            arrayList.add(add(x509Certificate, z));
        }
        return arrayList;
    }

    public TrustedEntity add(X509Certificate x509Certificate, boolean z) {
        if (z) {
            CertificateUtil.validateCertificate(x509Certificate);
        }
        String findMatchingEntry = findMatchingEntry(x509Certificate);
        if (findMatchingEntry != null) {
            throw new ExTrustAlreadyExists(findMatchingEntry);
        }
        String allocateNextAlias = this._keyStoreManager.allocateNextAlias();
        this._keyStoreManager.setCertificateEntry(allocateNextAlias, x509Certificate);
        try {
            this._keyStoreManager.save();
            return createTrusted(allocateNextAlias, x509Certificate);
        } catch (RuntimeException e) {
            this._keyStoreManager.deleteEntry(allocateNextAlias);
            throw e;
        }
    }

    public Collection<TrustedEntity> replaceMultipleMatching(X509Certificate[] x509CertificateArr, boolean z) {
        ArrayList arrayList = new ArrayList();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            arrayList.add(replaceMatching(x509Certificate, z));
        }
        return arrayList;
    }

    public TrustedEntity replaceMatching(X509Certificate x509Certificate, boolean z) {
        String findMatchingEntry = findMatchingEntry(x509Certificate);
        if (findMatchingEntry == null) {
            throw new ExTrustNotFound(x509Certificate);
        }
        return replace(findMatchingEntry, x509Certificate, z);
    }

    public TrustedEntity replace(String str, X509Certificate x509Certificate, boolean z) {
        if (z) {
            CertificateUtil.validateCertificate(x509Certificate);
        }
        X509Certificate certificateFromCertificateEntry = getCertificateFromCertificateEntry(str);
        this._keyStoreManager.setCertificateEntry(str, x509Certificate);
        try {
            this._keyStoreManager.save();
            return createTrusted(str, x509Certificate);
        } catch (RuntimeException e) {
            this._keyStoreManager.setCertificateEntry(str, certificateFromCertificateEntry);
            throw e;
        }
    }

    public void remove(String str) {
        X509Certificate certificateFromCertificateEntry = getCertificateFromCertificateEntry(str);
        this._keyStoreManager.deleteEntry(str);
        try {
            this._keyStoreManager.save();
        } catch (RuntimeException e) {
            this._keyStoreManager.setCertificateEntry(str, certificateFromCertificateEntry);
            throw e;
        }
    }

    private TrustedEntity createTrusted(String str, X509Certificate x509Certificate) {
        return new DefaultTrustedEntity(str, CertificateUtil.contextFor(x509Certificate), x509Certificate);
    }

    private X509Certificate getCertificateFromCertificateEntry(String str) {
        KeyStore.Entry findEntry = this._keyStoreManager.findEntry(str);
        if (findEntry == null) {
            throw new ExTrustNotFound(str);
        }
        if (findEntry instanceof KeyStore.TrustedCertificateEntry) {
            return (X509Certificate) ((KeyStore.TrustedCertificateEntry) findEntry).getTrustedCertificate();
        }
        throw new ExTrustInvalidType(str, findEntry);
    }

    private X509Certificate getCertificate(String str) {
        X509Certificate findCertificate = this._keyStoreManager.findCertificate(str);
        if (findCertificate == null) {
            throw new ExTrustNotFound(str);
        }
        return findCertificate;
    }

    private String findMatchingEntry(X509Certificate x509Certificate) {
        ArrayList arrayList = new ArrayList();
        Enumeration<String> aliases = this._keyStoreManager.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            X509Certificate findCertificate = this._keyStoreManager.findCertificate(nextElement);
            if (findCertificate != null && this._certificateChecker.equals(findCertificate, x509Certificate)) {
                arrayList.add(nextElement);
            }
        }
        if (arrayList.isEmpty()) {
            return null;
        }
        if (arrayList.size() > 1) {
            throw new ExTrustMultipleFound(arrayList);
        }
        return (String) arrayList.get(0);
    }
}
