package sviolet.slate.common.x.net.loadbalance.classic;

import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.internal.Util;
import okhttp3.internal.platform.Platform;

/* loaded from: input_file:sviolet/slate/common/x/net/loadbalance/classic/SslUtils.class */
public class SslUtils {

    /* loaded from: input_file:sviolet/slate/common/x/net/loadbalance/classic/SslUtils$CustomIssuersX509TrustManager.class */
    public static class CustomIssuersX509TrustManager implements X509TrustManager {
        private final X509TrustManager systemTrustManager;
        private final X509TrustManager customTrustManager;
        private final X509Certificate[] acceptedIssuers;

        public static X509TrustManager newInstance(X509Certificate[] x509CertificateArr) throws CertificateException {
            if (x509CertificateArr == null) {
                throw new IllegalArgumentException("customIssuers is null");
            }
            try {
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, null);
                int i = 0;
                for (X509Certificate x509Certificate : x509CertificateArr) {
                    int i2 = i;
                    i++;
                    keyStore.setCertificateEntry(String.valueOf(i2), x509Certificate);
                }
                return new CustomIssuersX509TrustManager(keyStore);
            } catch (Exception e) {
                throw new CertificateException("Error while converting X509Certificates to KeyStore", e);
            }
        }

        public static X509TrustManager newInstance(KeyStore keyStore) throws CertificateException {
            return new CustomIssuersX509TrustManager(keyStore);
        }

        private CustomIssuersX509TrustManager(KeyStore keyStore) throws CertificateException {
            if (keyStore == null) {
                throw new IllegalArgumentException("customKeyStore is null");
            }
            this.systemTrustManager = Util.platformTrustManager();
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
                    throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
                }
                this.customTrustManager = (X509TrustManager) trustManagers[0];
                X509Certificate[] acceptedIssuers = this.systemTrustManager.getAcceptedIssuers();
                X509Certificate[] acceptedIssuers2 = this.customTrustManager.getAcceptedIssuers();
                this.acceptedIssuers = new X509Certificate[acceptedIssuers.length + acceptedIssuers2.length];
                System.arraycopy(acceptedIssuers2, 0, this.acceptedIssuers, 0, acceptedIssuers2.length);
                System.arraycopy(acceptedIssuers, 0, this.acceptedIssuers, acceptedIssuers2.length, acceptedIssuers.length);
            } catch (Exception e) {
                throw new CertificateException("Error while building TrustManager by X509Certificates (KeyStore)", e);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            try {
                this.customTrustManager.checkClientTrusted(x509CertificateArr, str);
            } catch (CertificateException e) {
                try {
                    this.systemTrustManager.checkClientTrusted(x509CertificateArr, str);
                } catch (CertificateException e2) {
                    e.addSuppressed(e2);
                    throw e;
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            try {
                this.customTrustManager.checkServerTrusted(x509CertificateArr, str);
            } catch (CertificateException e) {
                try {
                    this.systemTrustManager.checkServerTrusted(x509CertificateArr, str);
                } catch (CertificateException e2) {
                    e.addSuppressed(e2);
                    throw e;
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.acceptedIssuers;
        }
    }

    public static void setX509TrustManager(MultiHostOkHttpClient multiHostOkHttpClient, X509TrustManager x509TrustManager) {
        if (multiHostOkHttpClient == null) {
            return;
        }
        if (x509TrustManager == null) {
            multiHostOkHttpClient.setSSLSocketFactory(null);
            multiHostOkHttpClient.setX509TrustManager(null);
            return;
        }
        try {
            SSLContext sSLContext = Platform.get().getSSLContext();
            sSLContext.init(null, new TrustManager[]{x509TrustManager}, null);
            multiHostOkHttpClient.setSSLSocketFactory(sSLContext.getSocketFactory());
            multiHostOkHttpClient.setX509TrustManager(x509TrustManager);
        } catch (KeyManagementException e) {
            throw new RuntimeException("Error while initializing SSLSocketFactory and setting X509TrustManager to MultiHostOkHttpClient", e);
        }
    }

    public static void setCustomIssuers(MultiHostOkHttpClient multiHostOkHttpClient, X509Certificate[] x509CertificateArr) throws CertificateException {
        setX509TrustManager(multiHostOkHttpClient, x509CertificateArr != null ? CustomIssuersX509TrustManager.newInstance(x509CertificateArr) : null);
    }
}
