package aQute.bnd.url;

import aQute.bnd.annotation.plugin.BndPlugin;
import aQute.bnd.osgi.Processor;
import aQute.lib.converter.Converter;
import aQute.lib.io.IO;
import aQute.service.reporter.Reporter;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.URLConnection;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@BndPlugin(name = "url.https.verification", hide = true, parameters = Config.class)
/* loaded from: input_file:aQute/bnd/url/HttpsVerification.class */
public class HttpsVerification extends DefaultURLConnectionHandler {
    static Logger logger = LoggerFactory.getLogger(HttpsVerification.class);
    private SSLSocketFactory factory;
    private boolean verify;
    private String certificatesPath;
    private X509Certificate[] certificateChain;

    /* loaded from: input_file:aQute/bnd/url/HttpsVerification$Config.class */
    interface Config {
        String trusted();
    }

    public HttpsVerification() {
        this.verify = true;
    }

    public HttpsVerification(String str, boolean z, Reporter reporter) {
        this.verify = true;
        this.certificatesPath = str;
        this.verify = z;
        setReporter(reporter);
    }

    public HttpsVerification(X509Certificate[] x509CertificateArr, boolean z, Reporter reporter) {
        this.verify = true;
        this.certificateChain = x509CertificateArr;
        this.verify = z;
        setReporter(reporter);
    }

    private synchronized void init() throws NoSuchAlgorithmException, KeyManagementException, FileNotFoundException, CertificateException, IOException, InvalidAlgorithmParameterException {
        if (this.factory == null) {
            TrustManager[] trustManagerArr = new TrustManager[0];
            TrustManager[] trustManagerArr2 = {new LocalTrustManager(this.verify, createCertificates(this.certificatesPath))};
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, trustManagerArr2, new SecureRandom());
            this.factory = sSLContext.getSocketFactory();
        }
    }

    @Override // aQute.bnd.url.DefaultURLConnectionHandler, aQute.bnd.service.url.URLConnectionHandler
    public void handle(URLConnection uRLConnection) throws Exception {
        if (uRLConnection instanceof HttpsURLConnection) {
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) uRLConnection;
            if (matches(uRLConnection)) {
                init();
                httpsURLConnection.setSSLSocketFactory(this.factory);
                if (this.verify) {
                    return;
                }
                httpsURLConnection.setHostnameVerifier((str, sSLSession) -> {
                    return true;
                });
            }
        }
    }

    @Override // aQute.bnd.url.DefaultURLConnectionHandler, aQute.bnd.service.Plugin
    public void setProperties(Map<String, String> map) throws Exception {
        super.setProperties(map);
        this.certificatesPath = ((Config) Converter.cnv(Config.class, (Object) map)).trusted();
    }

    List<X509Certificate> createCertificates(String str) throws FileNotFoundException, CertificateException, IOException {
        ArrayList arrayList = new ArrayList();
        if (str != null) {
            getCertificates(str, arrayList);
        } else if (this.certificateChain != null) {
            Collections.addAll(arrayList, this.certificateChain);
        }
        return arrayList;
    }

    public static void getCertificates(String str, List<X509Certificate> list) throws CertificateException, IOException {
        for (String str2 : str.split(Processor.LIST_SPLITTER)) {
            File file = new File(str2);
            if (file.isFile()) {
                InputStream stream = IO.stream(file);
                try {
                    list.add((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(stream));
                    if (stream != null) {
                        stream.close();
                    }
                } catch (Throwable th) {
                    if (stream != null) {
                        try {
                            stream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } else {
                logger.warn("Missing trust certificates file {}", str2);
            }
        }
    }

    public String toString() {
        return "HttpsVerification [verify=" + this.verify + ", certificatesPath=" + this.certificatesPath + "]";
    }
}
