package net.lightbody.bmp.mitm.util;

import com.google.common.base.Supplier;
import com.google.common.base.Suppliers;
import java.io.StringReader;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import net.lightbody.bmp.mitm.exception.KeyStoreAccessException;
import net.lightbody.bmp.mitm.exception.TrustSourceException;
import net.lightbody.bmp.mitm.exception.UncheckedIOException;
import net.lightbody.bmp.mitm.tools.DefaultSecurityProviderTool;
import net.lightbody.bmp.mitm.tools.SecurityProviderTool;
import net.lightbody.bmp.util.ClasspathResourceUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/lightbody/bmp/mitm/util/TrustUtil.class */
public class TrustUtil {
    private static final String DEFAULT_TRUSTED_CA_RESOURCE = "/cacerts.pem";
    private static final Logger log = LoggerFactory.getLogger(TrustUtil.class);
    private static final Pattern CA_PEM_PATTERN = Pattern.compile("-----BEGIN CERTIFICATE-----.+?-----END CERTIFICATE-----", 32);
    public static final X509Certificate[] EMPTY_CERTIFICATE_ARRAY = new X509Certificate[0];
    private static final SecurityProviderTool securityProviderTool = new DefaultSecurityProviderTool();
    private static final Supplier<X509Certificate[]> javaTrustedCAs = Suppliers.memoize(new Supplier<X509Certificate[]>() { // from class: net.lightbody.bmp.mitm.util.TrustUtil.1
        /* renamed from: get, reason: merged with bridge method [inline-methods] */
        public X509Certificate[] m17get() {
            X509Certificate[] acceptedIssuers = TrustUtil.getDefaultJavaTrustManager().getAcceptedIssuers();
            return acceptedIssuers != null ? acceptedIssuers : TrustUtil.EMPTY_CERTIFICATE_ARRAY;
        }
    });
    private static final Supplier<X509Certificate[]> builtinTrustedCAs = Suppliers.memoize(new Supplier<X509Certificate[]>() { // from class: net.lightbody.bmp.mitm.util.TrustUtil.2
        /* renamed from: get, reason: merged with bridge method [inline-methods] */
        public X509Certificate[] m18get() {
            try {
                return TrustUtil.readX509CertificatesFromPem(ClasspathResourceUtil.classpathResourceToString(TrustUtil.DEFAULT_TRUSTED_CA_RESOURCE, StandardCharsets.UTF_8));
            } catch (UncheckedIOException e) {
                TrustUtil.log.warn("Unable to load built-in trusted CAs; no built-in CAs will be trusted", e);
                return new X509Certificate[0];
            }
        }
    });

    public static X509Certificate[] getBuiltinTrustedCAs() {
        return (X509Certificate[]) builtinTrustedCAs.get();
    }

    public static X509Certificate[] getJavaTrustedCAs() {
        return (X509Certificate[]) javaTrustedCAs.get();
    }

    public static X509Certificate[] readX509CertificatesFromPem(String str) {
        ArrayList arrayList = new ArrayList(500);
        Matcher matcher = CA_PEM_PATTERN.matcher(str);
        while (matcher.find()) {
            arrayList.add(readSingleX509Certificate(matcher.group()));
        }
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[0]);
    }

    public static X509Certificate readSingleX509Certificate(String str) {
        return securityProviderTool.decodePemEncodedCertificate(new StringReader(str));
    }

    public static X509TrustManager getDefaultJavaTrustManager() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    return (X509TrustManager) trustManager;
                }
            }
            throw new TrustSourceException("No X509TrustManager found");
        } catch (KeyStoreException | NoSuchAlgorithmException e) {
            throw new TrustSourceException("Unable to retrieve default TrustManagerFactory", e);
        }
    }

    public static List<X509Certificate> extractTrustedCertificateEntries(KeyStore keyStore) {
        try {
            ArrayList<String> list = Collections.list(keyStore.aliases());
            ArrayList arrayList = new ArrayList(list.size());
            for (String str : list) {
                if (keyStore.entryInstanceOf(str, KeyStore.TrustedCertificateEntry.class)) {
                    Certificate certificate = keyStore.getCertificate(str);
                    if (certificate instanceof X509Certificate) {
                        arrayList.add((X509Certificate) certificate);
                    } else {
                        log.debug("Skipping non-X509Certificate in KeyStore. Certificate type: {}", certificate.getType());
                    }
                }
            }
            return arrayList;
        } catch (KeyStoreException e) {
            throw new KeyStoreAccessException("Error occurred while retrieving trusted CAs from KeyStore", e);
        }
    }
}
