package com.intellij.util.net.ssl;

import com.intellij.openapi.application.Application;
import com.intellij.openapi.application.ApplicationManager;
import com.intellij.openapi.diagnostic.Logger;
import com.intellij.openapi.ui.DialogWrapper;
import com.intellij.openapi.util.io.FileUtil;
import com.intellij.openapi.util.io.StreamUtil;
import com.intellij.openapi.util.text.StringUtil;
import com.intellij.util.ArrayUtil;
import com.intellij.util.EventDispatcher;
import com.intellij.util.containers.ContainerUtil;
import com.intellij.util.containers.ImmutableList;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.Callable;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:com/intellij/util/net/ssl/ConfirmingTrustManager.class */
public class ConfirmingTrustManager extends ClientOnlyTrustManager {
    private static final Logger LOG = Logger.getInstance(ConfirmingTrustManager.class);
    private static final X509Certificate[] NO_CERTIFICATES = new X509Certificate[0];
    private static final X509TrustManager MISSING_TRUST_MANAGER = new ClientOnlyTrustManager() { // from class: com.intellij.util.net.ssl.ConfirmingTrustManager.1
        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            ConfirmingTrustManager.LOG.debug("Trust manager is missing. Retreating.");
            throw new CertificateException("Missing trust manager");
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return ConfirmingTrustManager.NO_CERTIFICATES;
        }
    };
    private final X509TrustManager mySystemManager;
    private final MutableTrustManager myCustomManager;

    /* loaded from: input_file:com/intellij/util/net/ssl/ConfirmingTrustManager$MutableTrustManager.class */
    public static class MutableTrustManager extends ClientOnlyTrustManager {
        private final String myPath;
        private final String myPassword;
        private final TrustManagerFactory myFactory;
        private final KeyStore myKeyStore;
        private final ReadWriteLock myLock;
        private final Lock myReadLock;
        private final Lock myWriteLock;
        private X509TrustManager myTrustManager;
        private final EventDispatcher<CertificateListener> myDispatcher;

        private MutableTrustManager(@NotNull String str, @NotNull String str2) {
            if (str == null) {
                throw new IllegalArgumentException(String.format("Argument for @NotNull parameter '%s' of %s.%s must not be null", "path", "com/intellij/util/net/ssl/ConfirmingTrustManager$MutableTrustManager", "<init>"));
            }
            if (str2 == null) {
                throw new IllegalArgumentException(String.format("Argument for @NotNull parameter '%s' of %s.%s must not be null", "password", "com/intellij/util/net/ssl/ConfirmingTrustManager$MutableTrustManager", "<init>"));
            }
            this.myLock = new ReentrantReadWriteLock();
            this.myReadLock = this.myLock.readLock();
            this.myWriteLock = this.myLock.writeLock();
            this.myDispatcher = EventDispatcher.create(CertificateListener.class);
            this.myPath = str;
            this.myPassword = str2;
            this.myWriteLock.lock();
            try {
                this.myFactory = createFactory();
                this.myKeyStore = createKeyStore(str, str2);
                this.myTrustManager = initFactoryAndGetManager();
            } finally {
                this.myWriteLock.unlock();
            }
        }

        private static TrustManagerFactory createFactory() {
            try {
                return TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            } catch (NoSuchAlgorithmException e) {
                return null;
            }
        }

        private static KeyStore createKeyStore(@NotNull String str, @NotNull String str2) {
            if (str == null) {
                throw new IllegalArgumentException(String.format("Argument for @NotNull parameter '%s' of %s.%s must not be null", "path", "com/intellij/util/net/ssl/ConfirmingTrustManager$MutableTrustManager", "createKeyStore"));
            }
            if (str2 == null) {
                throw new IllegalArgumentException(String.format("Argument for @NotNull parameter '%s' of %s.%s must not be null", "password", "com/intellij/util/net/ssl/ConfirmingTrustManager$MutableTrustManager", "createKeyStore"));
            }
            try {
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                File file = new File(str);
                if (file.exists()) {
                    FileInputStream fileInputStream = null;
                    try {
                        fileInputStream = new FileInputStream(str);
                        keyStore.load(fileInputStream, str2.toCharArray());
                        StreamUtil.closeStream(fileInputStream);
                    } catch (Throwable th) {
                        StreamUtil.closeStream(fileInputStream);
                        throw th;
                    }
                } else {
                    if (!FileUtil.createParentDirs(file)) {
                        ConfirmingTrustManager.LOG.error("Cannot create directories: " + file.getParent());
                        return null;
                    }
                    keyStore.load(null, str2.toCharArray());
                }
                return keyStore;
            } catch (Exception e) {
                ConfirmingTrustManager.LOG.error(e);
                return null;
            }
        }

        public boolean addCertificate(@NotNull X509Certificate x509Certificate) {
            if (x509Certificate == null) {
                throw new IllegalArgumentException(String.format("Argument for @NotNull parameter '%s' of %s.%s must not be null", "certificate", "com/intellij/util/net/ssl/ConfirmingTrustManager$MutableTrustManager", "addCertificate"));
            }
            this.myWriteLock.lock();
            try {
                try {
                    if (isBroken()) {
                        this.myWriteLock.unlock();
                        return false;
                    }
                    this.myKeyStore.setCertificateEntry(createAlias(x509Certificate), x509Certificate);
                    flushKeyStore();
                    this.myTrustManager = initFactoryAndGetManager();
                    ((CertificateListener) this.myDispatcher.getMulticaster()).certificateAdded(x509Certificate);
                    this.myWriteLock.unlock();
                    return true;
                } catch (Exception e) {
                    ConfirmingTrustManager.LOG.error("Can't add certificate", e);
                    this.myWriteLock.unlock();
                    return false;
                }
            } catch (Throwable th) {
                this.myWriteLock.unlock();
                throw th;
            }
        }

        public boolean addCertificate(@NotNull String str) {
            if (str == null) {
                throw new IllegalArgumentException(String.format("Argument for @NotNull parameter '%s' of %s.%s must not be null", "path", "com/intellij/util/net/ssl/ConfirmingTrustManager$MutableTrustManager", "addCertificate"));
            }
            X509Certificate loadX509Certificate = CertificateUtil.loadX509Certificate(str);
            return loadX509Certificate != null && addCertificate(loadX509Certificate);
        }

        private static String createAlias(@NotNull X509Certificate x509Certificate) {
            if (x509Certificate == null) {
                throw new IllegalArgumentException(String.format("Argument for @NotNull parameter '%s' of %s.%s must not be null", "certificate", "com/intellij/util/net/ssl/ConfirmingTrustManager$MutableTrustManager", "createAlias"));
            }
            return CertificateUtil.getCommonName(x509Certificate);
        }

        public boolean removeCertificate(@NotNull X509Certificate x509Certificate) {
            if (x509Certificate == null) {
                throw new IllegalArgumentException(String.format("Argument for @NotNull parameter '%s' of %s.%s must not be null", "certificate", "com/intellij/util/net/ssl/ConfirmingTrustManager$MutableTrustManager", "removeCertificate"));
            }
            return removeCertificate(createAlias(x509Certificate));
        }

        public boolean removeCertificate(@NotNull String str) {
            if (str == null) {
                throw new IllegalArgumentException(String.format("Argument for @NotNull parameter '%s' of %s.%s must not be null", "alias", "com/intellij/util/net/ssl/ConfirmingTrustManager$MutableTrustManager", "removeCertificate"));
            }
            this.myWriteLock.lock();
            try {
                try {
                    if (isBroken()) {
                        this.myWriteLock.unlock();
                        return false;
                    }
                    X509Certificate certificate = getCertificate(str);
                    if (certificate == null) {
                        ConfirmingTrustManager.LOG.error("No certificate found for alias: " + str);
                        this.myWriteLock.unlock();
                        return false;
                    }
                    this.myKeyStore.deleteEntry(str);
                    flushKeyStore();
                    this.myTrustManager = initFactoryAndGetManager();
                    ((CertificateListener) this.myDispatcher.getMulticaster()).certificateRemoved(certificate);
                    this.myWriteLock.unlock();
                    return true;
                } catch (Exception e) {
                    ConfirmingTrustManager.LOG.error("Can't remove certificate for alias: " + str, e);
                    this.myWriteLock.unlock();
                    return false;
                }
            } catch (Throwable th) {
                this.myWriteLock.unlock();
                throw th;
            }
        }

        @Nullable
        public X509Certificate getCertificate(@NotNull String str) {
            if (str == null) {
                throw new IllegalArgumentException(String.format("Argument for @NotNull parameter '%s' of %s.%s must not be null", "alias", "com/intellij/util/net/ssl/ConfirmingTrustManager$MutableTrustManager", "getCertificate"));
            }
            this.myReadLock.lock();
            try {
                X509Certificate x509Certificate = (X509Certificate) this.myKeyStore.getCertificate(str);
                this.myReadLock.unlock();
                return x509Certificate;
            } catch (KeyStoreException e) {
                this.myReadLock.unlock();
                return null;
            } catch (Throwable th) {
                this.myReadLock.unlock();
                throw th;
            }
        }

        public List<X509Certificate> getCertificates() {
            this.myReadLock.lock();
            try {
                try {
                    ArrayList arrayList = new ArrayList();
                    Iterator it = Collections.list(this.myKeyStore.aliases()).iterator();
                    while (it.hasNext()) {
                        arrayList.add(getCertificate((String) it.next()));
                    }
                    ImmutableList immutableList = ContainerUtil.immutableList(arrayList);
                    this.myReadLock.unlock();
                    return immutableList;
                } catch (Exception e) {
                    ConfirmingTrustManager.LOG.error(e);
                    List<X509Certificate> emptyList = ContainerUtil.emptyList();
                    this.myReadLock.unlock();
                    return emptyList;
                }
            } catch (Throwable th) {
                this.myReadLock.unlock();
                throw th;
            }
        }

        public boolean containsCertificate(@NotNull String str) {
            if (str == null) {
                throw new IllegalArgumentException(String.format("Argument for @NotNull parameter '%s' of %s.%s must not be null", "alias", "com/intellij/util/net/ssl/ConfirmingTrustManager$MutableTrustManager", "containsCertificate"));
            }
            this.myReadLock.lock();
            try {
                try {
                    boolean containsAlias = this.myKeyStore.containsAlias(str);
                    this.myReadLock.unlock();
                    return containsAlias;
                } catch (KeyStoreException e) {
                    ConfirmingTrustManager.LOG.error(e);
                    this.myReadLock.unlock();
                    return false;
                }
            } catch (Throwable th) {
                this.myReadLock.unlock();
                throw th;
            }
        }

        boolean removeAllCertificates() {
            Iterator<X509Certificate> it = getCertificates().iterator();
            while (it.hasNext()) {
                if (!removeCertificate(it.next())) {
                    return false;
                }
            }
            return true;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.myReadLock.lock();
            try {
                if (keyStoreIsEmpty() || isBroken()) {
                    throw new CertificateException();
                }
                this.myTrustManager.checkServerTrusted(x509CertificateArr, str);
            } finally {
                this.myReadLock.unlock();
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            this.myReadLock.lock();
            try {
                return (keyStoreIsEmpty() || isBroken()) ? ConfirmingTrustManager.NO_CERTIFICATES : this.myTrustManager.getAcceptedIssuers();
            } finally {
                this.myReadLock.unlock();
            }
        }

        public void addListener(@NotNull CertificateListener certificateListener) {
            if (certificateListener == null) {
                throw new IllegalArgumentException(String.format("Argument for @NotNull parameter '%s' of %s.%s must not be null", "listener", "com/intellij/util/net/ssl/ConfirmingTrustManager$MutableTrustManager", "addListener"));
            }
            this.myDispatcher.addListener(certificateListener);
        }

        public void removeListener(@NotNull CertificateListener certificateListener) {
            if (certificateListener == null) {
                throw new IllegalArgumentException(String.format("Argument for @NotNull parameter '%s' of %s.%s must not be null", "listener", "com/intellij/util/net/ssl/ConfirmingTrustManager$MutableTrustManager", "removeListener"));
            }
            this.myDispatcher.removeListener(certificateListener);
        }

        private boolean keyStoreIsEmpty() {
            try {
                return this.myKeyStore.size() == 0;
            } catch (KeyStoreException e) {
                ConfirmingTrustManager.LOG.error(e);
                return true;
            }
        }

        private X509TrustManager initFactoryAndGetManager() {
            try {
                if (this.myFactory == null || this.myKeyStore == null) {
                    return null;
                }
                this.myFactory.init(this.myKeyStore);
                return ConfirmingTrustManager.findX509TrustManager(this.myFactory.getTrustManagers());
            } catch (KeyStoreException e) {
                ConfirmingTrustManager.LOG.error(e);
                return null;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean isBroken() {
            return this.myKeyStore == null || this.myFactory == null || this.myTrustManager == null;
        }

        private void flushKeyStore() throws Exception {
            FileOutputStream fileOutputStream = new FileOutputStream(this.myPath);
            try {
                this.myKeyStore.store(fileOutputStream, this.myPassword.toCharArray());
            } finally {
                StreamUtil.closeStream(fileOutputStream);
            }
        }
    }

    public static ConfirmingTrustManager createForStorage(@NotNull String str, @NotNull String str2) {
        if (str == null) {
            throw new IllegalArgumentException(String.format("Argument for @NotNull parameter '%s' of %s.%s must not be null", "path", "com/intellij/util/net/ssl/ConfirmingTrustManager", "createForStorage"));
        }
        if (str2 == null) {
            throw new IllegalArgumentException(String.format("Argument for @NotNull parameter '%s' of %s.%s must not be null", "password", "com/intellij/util/net/ssl/ConfirmingTrustManager", "createForStorage"));
        }
        return new ConfirmingTrustManager(getSystemDefault(), new MutableTrustManager(str, str2));
    }

    private static X509TrustManager getSystemDefault() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            X509TrustManager findX509TrustManager = findX509TrustManager(trustManagerFactory.getTrustManagers());
            if (findX509TrustManager != null) {
                if (findX509TrustManager.getAcceptedIssuers().length != 0) {
                    return findX509TrustManager;
                }
            }
        } catch (Exception e) {
            LOG.error("Cannot get system trust store", e);
        }
        return MISSING_TRUST_MANAGER;
    }

    private ConfirmingTrustManager(X509TrustManager x509TrustManager, MutableTrustManager mutableTrustManager) {
        this.mySystemManager = x509TrustManager;
        this.myCustomManager = mutableTrustManager;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static X509TrustManager findX509TrustManager(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        return null;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkServerTrusted(x509CertificateArr, str, true, true);
    }

    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, boolean z, boolean z2) throws CertificateException {
        try {
            this.mySystemManager.checkServerTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            synchronized (this.myCustomManager) {
                try {
                    this.myCustomManager.checkServerTrusted(x509CertificateArr, str);
                } catch (CertificateException e2) {
                    if (this.myCustomManager.isBroken() || !confirmAndUpdate(x509CertificateArr, z, z2)) {
                        throw e;
                    }
                }
            }
        }
    }

    private boolean confirmAndUpdate(X509Certificate[] x509CertificateArr, boolean z, boolean z2) {
        Application application = ApplicationManager.getApplication();
        final X509Certificate x509Certificate = x509CertificateArr[0];
        if (StringUtil.notNullize(Thread.currentThread().getClass().getCanonicalName()).equals("sun.awt.image.ImageFetcher")) {
            LOG.debug("Image Fetcher thread is detected. Certificate check will be skipped.");
            return true;
        }
        if (application.isUnitTestMode() || application.isHeadlessEnvironment() || CertificateManager.getInstance().getState().ACCEPT_AUTOMATICALLY) {
            LOG.debug("Certificate will be accepted automatically");
            if (!z) {
                return true;
            }
            this.myCustomManager.addCertificate(x509Certificate);
            return true;
        }
        boolean z3 = z2 && CertificateManager.showAcceptDialog(new Callable<DialogWrapper>() { // from class: com.intellij.util.net.ssl.ConfirmingTrustManager.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public DialogWrapper call() throws Exception {
                return CertificateWarningDialog.createUntrustedCertificateWarning(x509Certificate);
            }
        });
        if (z3) {
            LOG.info("Certificate was accepted by user");
            if (z) {
                this.myCustomManager.addCertificate(x509Certificate);
            }
        }
        return z3;
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return (X509Certificate[]) ArrayUtil.mergeArrays(this.mySystemManager.getAcceptedIssuers(), this.myCustomManager.getAcceptedIssuers());
    }

    public X509TrustManager getSystemManager() {
        return this.mySystemManager;
    }

    public MutableTrustManager getCustomManager() {
        return this.myCustomManager;
    }
}
