package tomcat;

import java.io.FileInputStream;
import java.net.Socket;
import java.security.KeyStore;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Properties;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import ru.CryptoPro.JCP.JCP;

/* loaded from: classes5.dex */
public class Tomcat8TrustManager extends X509ExtendedTrustManager implements X509TrustManager {
    private static final String configOption = "tomcat8-trust-manager-config";
    private static final List<ConfigProperty> configProperties;
    private static final String crlListPath = "crl-list-file";
    private static final String tlsProvider = "tls-provider";
    private static final String trustStoreAlgorithm = "trust-store-algorithm";
    private static final String trustStorePassword = "trust-store-password";
    private static final String trustStorePath = "trust-store-file";
    private static final String trustStoreProvider = "trust-store-provider";
    private static final String trustStoreType = "trust-store-type";
    private final X509ExtendedTrustManager delegate;

    /* loaded from: classes5.dex */
    private static class ConfigProperty {
        private final String name;
        private final String value;

        private ConfigProperty(String str) {
            this.name = str;
            this.value = System.getProperty(str);
        }
    }

    static {
        configProperties = Arrays.asList(new ConfigProperty(tlsProvider), new ConfigProperty(trustStoreAlgorithm), new ConfigProperty(trustStoreProvider), new ConfigProperty(trustStoreType), new ConfigProperty(trustStorePath), new ConfigProperty(trustStorePassword), new ConfigProperty(crlListPath));
    }

    public Tomcat8TrustManager() {
        Properties properties;
        try {
            String property = System.getProperty(configOption);
            if (property != null) {
                properties = initConfig(property);
            } else {
                properties = new Properties();
                for (ConfigProperty configProperty : configProperties) {
                    if (configProperty.value != null) {
                        properties.setProperty(configProperty.name, configProperty.value);
                    }
                }
            }
            this.delegate = (X509ExtendedTrustManager) initTrustManagerFactory(properties).getTrustManagers()[0];
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private Properties initConfig(String str) throws Exception {
        System.out.println("Config is " + str);
        Properties properties = new Properties();
        properties.loadFromXML(new FileInputStream(str));
        properties.list(System.out);
        return properties;
    }

    private PKIXParameters initParameters(Properties properties, KeyStore keyStore) throws Exception {
        String property = properties.getProperty(crlListPath);
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, new X509CertSelector());
        pKIXBuilderParameters.setRevocationEnabled(true);
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(CertStore.getInstance("Collection", new CollectionCertStoreParameters(CertificateFactory.getInstance(JCP.CERTIFICATE_FACTORY_NAME).generateCRLs(new FileInputStream(property)))));
        pKIXBuilderParameters.setCertStores(arrayList);
        return pKIXBuilderParameters;
    }

    private TrustManagerFactory initTrustManagerFactory(Properties properties) throws Exception {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(properties.getProperty(trustStoreAlgorithm), properties.getProperty(tlsProvider));
        trustManagerFactory.init(new CertPathTrustManagerParameters(initParameters(properties, initTrustStore(properties))));
        return trustManagerFactory;
    }

    private KeyStore initTrustStore(Properties properties) throws Exception {
        String property = properties.getProperty(trustStoreType);
        String property2 = properties.getProperty(trustStoreProvider);
        String property3 = properties.getProperty(trustStorePath);
        String property4 = properties.getProperty(trustStorePassword);
        KeyStore keyStore = KeyStore.getInstance(property, property2);
        keyStore.load(new FileInputStream(property3), property4.toCharArray());
        return keyStore;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.delegate.checkServerTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        this.delegate.checkClientTrusted(x509CertificateArr, str, socket);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        this.delegate.checkClientTrusted(x509CertificateArr, str, sSLEngine);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.delegate.checkServerTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        this.delegate.checkServerTrusted(x509CertificateArr, str, socket);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        this.delegate.checkServerTrusted(x509CertificateArr, str, sSLEngine);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.delegate.getAcceptedIssuers();
    }
}
