package io.apigee.trireme.core.modules.crypto;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/apigee/trireme/core/modules/crypto/DefaultTrustStore.class */
public class DefaultTrustStore {
    private static final String DEFAULT_PASSWORD = "changeit";
    private TrustManager[] trustManagers;
    private static final Logger log = LoggerFactory.getLogger(DefaultTrustStore.class.getName());
    private static final DefaultTrustStore myself = new DefaultTrustStore();

    public static DefaultTrustStore get() {
        return myself;
    }

    public TrustManager[] getTrustManagers() {
        return this.trustManagers;
    }

    private DefaultTrustStore() {
        String password = getPassword();
        File file = null;
        if (System.getProperty("javax.net.ssl.trustStore") != null) {
            file = new File(System.getProperty("javax.net.ssl.trustStore"));
        } else {
            File findJavaSecurity = findJavaSecurity();
            if (findJavaSecurity != null) {
                file = new File(findJavaSecurity, "jssecacerts");
                if (!file.exists() || !file.isFile()) {
                    file = new File(findJavaSecurity, "cacerts");
                }
            }
        }
        if (file == null || !file.exists() || !file.isFile()) {
            log.debug("Can't find cacerts or jssecacerts file -- giving up");
            return;
        }
        if (log.isDebugEnabled()) {
            log.debug("Looking for root CA certs in {}", file.getPath());
        }
        try {
            makeTrustStore(file, password);
        } catch (IOException e) {
            log.debug("Error loading default root CA certs: {}", e, e);
        } catch (GeneralSecurityException e2) {
            log.debug("Error loading default root CA certs: {}", e2, e2);
        }
    }

    private String getPassword() {
        String property = System.getProperty("javax.net.ssl.trustStorePassword");
        if (property == null) {
            property = DEFAULT_PASSWORD;
        }
        return property;
    }

    private File findJavaSecurity() {
        String property = System.getProperty("java.home");
        if (property == null) {
            log.debug("java.home system property not defined -- giving up on CA search");
            return null;
        }
        File file = new File(property);
        File file2 = new File(file, "lib/security");
        if (file2.exists() && file2.isDirectory()) {
            return file2;
        }
        File file3 = new File(file, "jre/lib/security");
        if (file3.exists() && file3.isDirectory()) {
            return file3;
        }
        return null;
    }

    private void makeTrustStore(File file, String str) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            keyStore.load(fileInputStream, str.toCharArray());
            fileInputStream.close();
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            this.trustManagers = trustManagerFactory.getTrustManagers();
            if (log.isDebugEnabled()) {
                log.debug("Successfully created trust manager {}", this.trustManagers[0]);
            }
        } catch (Throwable th) {
            fileInputStream.close();
            throw th;
        }
    }
}
