package org.jsslutils.sslcontext;

import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertSelector;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXParameters;
import java.security.cert.X509CRL;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.concurrent.ScheduledThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.xerces.impl.xs.SchemaSymbols;
import org.jsslutils.sslcontext.SSLContextFactory;

/* loaded from: input_file:bundles/startlevel-3/org/jsslutils/jsslutils/1.0.7/jsslutils-1.0.7.jar:org/jsslutils/sslcontext/PKIXSSLContextFactory.class */
public class PKIXSSLContextFactory extends X509SSLContextFactory {
    public static final String CRL_RELOAD_INTERVAL_PROP = "org.jsslutils.prop.crlReloadInterval";
    protected boolean enableRevocation;
    protected Set<CRL> crlCollection;
    private CertificateFactory certificateFactory;
    private ScheduledThreadPoolExecutor crlReloaderScheduledThreadPoolExecutor;

    public PKIXSSLContextFactory() {
        this((KeyStore) null, (char[]) null, (KeyStore) null, true);
    }

    public PKIXSSLContextFactory(KeyStore keyStore, char[] cArr, KeyStore keyStore2, boolean z) {
        super(keyStore, cArr, keyStore2);
        this.crlCollection = new HashSet();
        this.certificateFactory = null;
        this.crlReloaderScheduledThreadPoolExecutor = new ScheduledThreadPoolExecutor(2);
        this.enableRevocation = z;
    }

    public PKIXSSLContextFactory(KeyStore keyStore, String str, KeyStore keyStore2, boolean z) {
        super(keyStore, str, keyStore2);
        this.crlCollection = new HashSet();
        this.certificateFactory = null;
        this.crlReloaderScheduledThreadPoolExecutor = new ScheduledThreadPoolExecutor(2);
        this.enableRevocation = z;
    }

    public PKIXSSLContextFactory(KeyStore keyStore, char[] cArr, KeyStore keyStore2) {
        this(keyStore, cArr, keyStore2, true);
    }

    public PKIXSSLContextFactory(KeyStore keyStore, String str, KeyStore keyStore2) {
        this(keyStore, str, keyStore2, true);
    }

    @Override // org.jsslutils.sslcontext.X509SSLContextFactory
    protected TrustManager[] getRawTrustManagers() throws SSLContextFactory.SSLContextFactoryException {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
            ManagerFactoryParameters trustParams = getTrustParams();
            if (trustParams != null) {
                trustManagerFactory.init(trustParams);
            } else {
                trustManagerFactory.init((KeyStore) null);
            }
            return trustManagerFactory.getTrustManagers();
        } catch (InvalidAlgorithmParameterException e) {
            throw new SSLContextFactory.SSLContextFactoryException(e);
        } catch (KeyStoreException e2) {
            throw new SSLContextFactory.SSLContextFactoryException(e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new SSLContextFactory.SSLContextFactoryException(e3);
        }
    }

    protected ManagerFactoryParameters getTrustParams() throws SSLContextFactory.SSLContextFactoryException {
        PKIXParameters pKIXParameters = getPKIXParameters();
        if (pKIXParameters != null) {
            return new CertPathTrustManagerParameters(pKIXParameters);
        }
        return null;
    }

    protected PKIXParameters getPKIXParameters() throws SSLContextFactory.SSLContextFactoryException {
        if (getTrustStore() == null) {
            return null;
        }
        try {
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(getTrustStore(), (CertSelector) null);
            if (getCertStore() != null) {
                pKIXBuilderParameters.setRevocationEnabled(this.enableRevocation);
                pKIXBuilderParameters.addCertStore(getCertStore());
            } else {
                pKIXBuilderParameters.setRevocationEnabled(Boolean.parseBoolean(System.getProperty("com.sun.security.enableCRLDP", "false")));
            }
            return pKIXBuilderParameters;
        } catch (InvalidAlgorithmParameterException e) {
            throw new SSLContextFactory.SSLContextFactoryException(e);
        } catch (KeyStoreException e2) {
            throw new SSLContextFactory.SSLContextFactoryException(e2);
        }
    }

    protected CertStore getCertStore() throws SSLContextFactory.SSLContextFactoryException {
        try {
            Collection<? extends CRL> crlCollection = getCrlCollection();
            if (crlCollection == null || crlCollection.size() <= 0) {
                return null;
            }
            return CertStore.getInstance("Collection", new CollectionCertStoreParameters(crlCollection));
        } catch (InvalidAlgorithmParameterException e) {
            throw new SSLContextFactory.SSLContextFactoryException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new SSLContextFactory.SSLContextFactoryException(e2);
        }
    }

    public Collection<? extends CRL> getCrlCollection() throws SSLContextFactory.SSLContextFactoryException {
        return Collections.unmodifiableCollection(this.crlCollection);
    }

    public void addCrlCollection(Collection<? extends CRL> collection) throws SSLContextFactory.SSLContextFactoryException {
        this.crlCollection.addAll(collection);
    }

    public void addCrl(CRL crl) throws SSLContextFactory.SSLContextFactoryException {
        this.crlCollection.add(crl);
    }

    public void addCrl(InputStream inputStream) throws SSLContextFactory.SSLContextFactoryException {
        this.crlCollection.add(loadCrl(inputStream));
    }

    public void addCrl(String str) throws SSLContextFactory.SSLContextFactoryException, MalformedURLException, IOException {
        long j = 0;
        try {
            j = Long.valueOf(System.getProperty(CRL_RELOAD_INTERVAL_PROP, SchemaSymbols.ATTVAL_FALSE_0)).longValue();
        } catch (NumberFormatException e) {
        }
        addCrl(str, j);
    }

    public void addCrl(String str, long j) throws SSLContextFactory.SSLContextFactoryException, MalformedURLException, IOException {
        if (j <= 0) {
            this.crlCollection.add(loadCrl(str));
        } else {
            this.crlReloaderScheduledThreadPoolExecutor.schedule(addReloadableCrl(str), j, TimeUnit.SECONDS);
        }
    }

    public Callable<X509CRL> addReloadableCrl(String str) throws SSLContextFactory.SSLContextFactoryException, MalformedURLException, IOException {
        ReloadableX509CRL reloadableX509CRL = new ReloadableX509CRL(str);
        Callable<X509CRL> reloaderCallable = reloadableX509CRL.getReloaderCallable();
        try {
            reloaderCallable.call();
            this.crlCollection.add(reloadableX509CRL);
            return reloaderCallable;
        } catch (Exception e) {
            throw new SSLContextFactory.SSLContextFactoryException(e);
        }
    }

    public synchronized CRL loadCrl(InputStream inputStream) throws SSLContextFactory.SSLContextFactoryException {
        try {
            if (this.certificateFactory == null) {
                this.certificateFactory = CertificateFactory.getInstance("X.509");
            }
            return (X509CRL) this.certificateFactory.generateCRL(inputStream);
        } catch (CRLException e) {
            throw new SSLContextFactory.SSLContextFactoryException(e);
        } catch (CertificateException e2) {
            throw new SSLContextFactory.SSLContextFactoryException(e2);
        }
    }

    public CRL loadCrl(String str) throws SSLContextFactory.SSLContextFactoryException, IOException, MalformedURLException {
        InputStream inputStream = null;
        try {
            inputStream = new URL(str).openStream();
            CRL loadCrl = loadCrl(new BufferedInputStream(inputStream));
            if (inputStream != null) {
                inputStream.close();
            }
            return loadCrl;
        } catch (Throwable th) {
            if (inputStream != null) {
                inputStream.close();
            }
            throw th;
        }
    }
}
