package com.intellij.util.net.ssl;

import com.intellij.openapi.application.Application;
import com.intellij.openapi.application.ApplicationManager;
import com.intellij.openapi.application.ModalityState;
import com.intellij.openapi.application.PathManager;
import com.intellij.openapi.components.PersistentStateComponent;
import com.intellij.openapi.components.State;
import com.intellij.openapi.components.Storage;
import com.intellij.openapi.diagnostic.Logger;
import com.intellij.openapi.ui.DialogWrapper;
import com.intellij.openapi.util.io.FileUtil;
import com.intellij.openapi.util.io.StreamUtil;
import com.intellij.openapi.util.registry.Registry;
import com.intellij.util.net.ssl.ConfirmingTrustManager;
import com.intellij.util.xmlb.XmlSerializerUtil;
import com.intellij.util.xmlb.annotations.AbstractCollection;
import com.intellij.util.xmlb.annotations.Property;
import com.intellij.util.xmlb.annotations.Tag;
import java.io.Closeable;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.LinkedHashSet;
import java.util.concurrent.Callable;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicReference;
import javax.crypto.BadPaddingException;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.jetbrains.annotations.NonNls;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

@State(name = "CertificateManager", storages = {@Storage(file = "$APP_CONFIG$/certificates.xml"), @Storage(file = "$APP_CONFIG$/other.xml", deprecated = true)})
/* loaded from: input_file:com/intellij/util/net/ssl/CertificateManager.class */
public class CertificateManager implements PersistentStateComponent<Config> {

    @NonNls
    public static final String COMPONENT_NAME = "Certificate Manager";

    @NonNls
    private static final String DEFAULT_PASSWORD = "changeit";
    static final long DIALOG_VISIBILITY_TIMEOUT = 5000;
    private final String myCacertsPath = DEFAULT_PATH;
    private final String myPassword = DEFAULT_PASSWORD;
    private final Config myConfig = new Config();
    private final ConfirmingTrustManager myTrustManager = ConfirmingTrustManager.createForStorage(this.myCacertsPath, this.myPassword);
    private SSLContext mySslContext;

    @NonNls
    private static final String DEFAULT_PATH = FileUtil.join(new String[]{PathManager.getSystemPath(), "tasks", "cacerts"});
    private static final Logger LOG = Logger.getInstance(CertificateManager.class);
    public static final HostnameVerifier HOSTNAME_VERIFIER = new ConfirmingHostnameVerifier(SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);

    /* loaded from: input_file:com/intellij/util/net/ssl/CertificateManager$Config.class */
    public static class Config {
        public boolean CHECK_HOSTNAME = false;
        public boolean CHECK_VALIDITY = false;

        @Tag("expired")
        @Property(surroundWithTag = false)
        @AbstractCollection(elementTag = "commonName")
        public LinkedHashSet<String> BROKEN_CERTIFICATES = new LinkedHashSet<>();
        public boolean ACCEPT_AUTOMATICALLY = false;
    }

    public static CertificateManager getInstance() {
        return (CertificateManager) ApplicationManager.getApplication().getComponent(CertificateManager.class);
    }

    public CertificateManager() {
        try {
            if (Registry.is("ide.certificate.manager")) {
                SSLContext.setDefault(getSslContext());
                LOG.debug("Default SSL context initialized");
            }
        } catch (Exception e) {
            LOG.error(e);
        }
    }

    @NotNull
    public synchronized SSLContext getSslContext() {
        if (this.mySslContext == null) {
            SSLContext systemSslContext = getSystemSslContext();
            if (Registry.is("ide.certificate.manager")) {
                try {
                    systemSslContext.init(getDefaultKeyManagers(), new TrustManager[]{getTrustManager()}, null);
                } catch (KeyManagementException e) {
                    LOG.error(e);
                }
            } else {
                systemSslContext = getDefaultSslContext();
            }
            this.mySslContext = systemSslContext;
        }
        SSLContext sSLContext = this.mySslContext;
        if (sSLContext == null) {
            throw new IllegalStateException(String.format("@NotNull method %s.%s must not return null", "com/intellij/util/net/ssl/CertificateManager", "getSslContext"));
        }
        return sSLContext;
    }

    @NotNull
    public static SSLContext getSystemSslContext() {
        try {
            SSLContext sSLContext = SSLContext.getInstance(CertificateUtil.TLS);
            sSLContext.init(null, null, null);
            if (sSLContext == null) {
                throw new IllegalStateException(String.format("@NotNull method %s.%s must not return null", "com/intellij/util/net/ssl/CertificateManager", "getSystemSslContext"));
            }
            return sSLContext;
        } catch (KeyManagementException e) {
            LOG.error(e);
            throw new AssertionError("Cannot initialize system SSL context");
        } catch (NoSuchAlgorithmException e2) {
            LOG.error(e2);
            throw new AssertionError("Cannot get system SSL context");
        }
    }

    @NotNull
    private static SSLContext getDefaultSslContext() {
        try {
            SSLContext sSLContext = SSLContext.getDefault();
            if (sSLContext == null) {
                throw new IllegalStateException(String.format("@NotNull method %s.%s must not return null", "com/intellij/util/net/ssl/CertificateManager", "getDefaultSslContext"));
            }
            return sSLContext;
        } catch (NoSuchAlgorithmException e) {
            LOG.error("Default SSL context not available. Using system instead.");
            SSLContext systemSslContext = getSystemSslContext();
            if (systemSslContext == null) {
                throw new IllegalStateException(String.format("@NotNull method %s.%s must not return null", "com/intellij/util/net/ssl/CertificateManager", "getDefaultSslContext"));
            }
            return systemSslContext;
        }
    }

    @Nullable
    public static KeyManager[] getDefaultKeyManagers() {
        String property = System.getProperty("javax.net.ssl.keyStore");
        if (property == null) {
            return null;
        }
        LOG.info("Loading custom key store specified with VM options: " + property);
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            String property2 = System.getProperty("javax.net.ssl.keyStoreType", KeyStore.getDefaultType());
            try {
                KeyStore keyStore = KeyStore.getInstance(property2);
                String property3 = System.getProperty("javax.net.ssl.keyStorePassword", "");
                FileInputStream fileInputStream = null;
                try {
                    try {
                        try {
                            fileInputStream = new FileInputStream(property);
                            keyStore.load(fileInputStream, property3.toCharArray());
                            keyManagerFactory.init(keyStore, property3.toCharArray());
                            StreamUtil.closeStream(fileInputStream);
                            return keyManagerFactory.getKeyManagers();
                        } catch (Throwable th) {
                            StreamUtil.closeStream((Closeable) null);
                            throw th;
                        }
                    } catch (FileNotFoundException e) {
                        LOG.error("Key store file not found: " + property);
                        StreamUtil.closeStream(fileInputStream);
                        return null;
                    }
                } catch (Exception e2) {
                    if (!(e2.getCause() instanceof BadPaddingException)) {
                        throw e2;
                    }
                    LOG.error("Wrong key store password: " + property3, e2);
                    StreamUtil.closeStream(fileInputStream);
                    return null;
                }
            } catch (KeyStoreException e3) {
                if (!(e3.getCause() instanceof NoSuchAlgorithmException)) {
                    throw e3;
                }
                LOG.error("Wrong key store type: " + property2, e3);
                return null;
            }
        } catch (Exception e4) {
            LOG.error(e4);
            return null;
        }
    }

    @NotNull
    public String getCacertsPath() {
        String str = this.myCacertsPath;
        if (str == null) {
            throw new IllegalStateException(String.format("@NotNull method %s.%s must not return null", "com/intellij/util/net/ssl/CertificateManager", "getCacertsPath"));
        }
        return str;
    }

    @NotNull
    public String getPassword() {
        String str = this.myPassword;
        if (str == null) {
            throw new IllegalStateException(String.format("@NotNull method %s.%s must not return null", "com/intellij/util/net/ssl/CertificateManager", "getPassword"));
        }
        return str;
    }

    @NotNull
    public ConfirmingTrustManager getTrustManager() {
        ConfirmingTrustManager confirmingTrustManager = this.myTrustManager;
        if (confirmingTrustManager == null) {
            throw new IllegalStateException(String.format("@NotNull method %s.%s must not return null", "com/intellij/util/net/ssl/CertificateManager", "getTrustManager"));
        }
        return confirmingTrustManager;
    }

    @NotNull
    public ConfirmingTrustManager.MutableTrustManager getCustomTrustManager() {
        ConfirmingTrustManager.MutableTrustManager customManager = this.myTrustManager.getCustomManager();
        if (customManager == null) {
            throw new IllegalStateException(String.format("@NotNull method %s.%s must not return null", "com/intellij/util/net/ssl/CertificateManager", "getCustomTrustManager"));
        }
        return customManager;
    }

    public static boolean showAcceptDialog(@NotNull final Callable<? extends DialogWrapper> callable) {
        if (callable == null) {
            throw new IllegalArgumentException(String.format("Argument for @NotNull parameter '%s' of %s.%s must not be null", "dialogFactory", "com/intellij/util/net/ssl/CertificateManager", "showAcceptDialog"));
        }
        Application application = ApplicationManager.getApplication();
        final CountDownLatch countDownLatch = new CountDownLatch(1);
        final AtomicBoolean atomicBoolean = new AtomicBoolean();
        final AtomicReference atomicReference = new AtomicReference();
        Runnable runnable = new Runnable() { // from class: com.intellij.util.net.ssl.CertificateManager.1
            @Override // java.lang.Runnable
            public void run() {
                try {
                } catch (Exception e) {
                    CertificateManager.LOG.error(e);
                } finally {
                    countDownLatch.countDown();
                }
                if (countDownLatch.getCount() == 0) {
                    return;
                }
                DialogWrapper dialogWrapper = (DialogWrapper) callable.call();
                atomicReference.set(dialogWrapper);
                atomicBoolean.set(dialogWrapper.showAndGet());
            }
        };
        if (application.isDispatchThread()) {
            runnable.run();
        } else {
            application.invokeLater(runnable, ModalityState.any());
        }
        try {
            if (!countDownLatch.await(DIALOG_VISIBILITY_TIMEOUT, TimeUnit.MILLISECONDS)) {
                DialogWrapper dialogWrapper = (DialogWrapper) atomicReference.get();
                if (dialogWrapper == null || !dialogWrapper.isShowing()) {
                    LOG.debug("After 5000 ms dialog was not shown. Rejecting certificate. Current thread: " + Thread.currentThread().getName());
                    countDownLatch.countDown();
                    return false;
                }
                countDownLatch.await();
            }
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
            countDownLatch.countDown();
        }
        return atomicBoolean.get();
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.intellij.openapi.components.PersistentStateComponent
    @NotNull
    public Config getState() {
        Config config = this.myConfig;
        if (config == null) {
            throw new IllegalStateException(String.format("@NotNull method %s.%s must not return null", "com/intellij/util/net/ssl/CertificateManager", "getState"));
        }
        return config;
    }

    @Override // com.intellij.openapi.components.PersistentStateComponent
    public void loadState(Config config) {
        XmlSerializerUtil.copyBean(config, this.myConfig);
    }

    @Override // com.intellij.openapi.components.PersistentStateComponent
    @NotNull
    public /* bridge */ /* synthetic */ Config getState() {
        Config state = getState();
        if (state == null) {
            throw new IllegalStateException(String.format("@NotNull method %s.%s must not return null", "com/intellij/util/net/ssl/CertificateManager", "getState"));
        }
        return state;
    }
}
