package eu.cec.digit.ecas.util.httpclient.protocol;

import eu.cec.digit.ecas.client.constants.DefaultValue;
import eu.cec.digit.ecas.util.JavaVersion;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivilegedAction;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Enumeration;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import javax.net.ssl.TrustManagerFactorySpi;

/* loaded from: input_file:eu/cec/digit/ecas/util/httpclient/protocol/TrustStoreUtil.class */
public final class TrustStoreUtil {
    public static void addAllCertificatesFromTrustStore(KeyStore keyStore, Set<X509Certificate> set) {
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                if (null != certificateChain) {
                    for (Certificate certificate : certificateChain) {
                        set.add((X509Certificate) certificate);
                    }
                } else {
                    set.add((X509Certificate) keyStore.getCertificate(nextElement));
                }
            }
        } catch (KeyStoreException e) {
            throw new IllegalStateException(e);
        }
    }

    public static Set<X509Certificate> computeTrustedCertificates(List<X509Certificate> list) {
        Set<X509Certificate> allCertificatesFromTrustStore = getAllCertificatesFromTrustStore(getCacertsKeyStore());
        addAllCertificatesFromTrustStore(getEcasClientEmbeddedTrustStore(), allCertificatesFromTrustStore);
        if (null != list) {
            allCertificatesFromTrustStore.addAll(list);
        }
        return Collections.unmodifiableSet(allCertificatesFromTrustStore);
    }

    public static Set<X509Certificate> getAllCertificatesFromTrustStore(KeyStore keyStore) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        addAllCertificatesFromTrustStore(keyStore, linkedHashSet);
        return linkedHashSet;
    }

    public static KeyStore getCacertsKeyStore() {
        return (KeyStore) AccessController.doPrivileged(new PrivilegedAction<KeyStore>() { // from class: eu.cec.digit.ecas.util.httpclient.protocol.TrustStoreUtil.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public KeyStore run() {
                return TrustStoreUtil.access$000();
            }
        });
    }

    private static KeyStore getCacertsKeyStoreNonPriv() {
        try {
            Class<?> cls = Class.forName(JavaVersion.isJava7OrBetter() ? "sun.security.ssl.TrustManagerFactoryImpl" : "com.sun.net.ssl.internal.ssl.TrustManagerFactoryImpl", true, TrustManagerFactorySpi.class.getClassLoader());
            try {
                Method declaredMethod = cls.getDeclaredMethod("getCacertsKeyStore", String.class);
                declaredMethod.setAccessible(true);
                return (KeyStore) declaredMethod.invoke(cls, "trustmanager");
            } catch (InvocationTargetException e) {
                throw new IllegalStateException(e.getTargetException());
            } catch (Exception e2) {
                throw new IllegalStateException(e2);
            }
        } catch (ClassNotFoundException e3) {
            throw new IllegalStateException(e3);
        }
    }

    private static ClassLoader getCommonClassLoader() {
        ClassLoader classLoader = TrustStoreUtil.class.getClassLoader();
        if (null == classLoader) {
            classLoader = ClassLoader.getSystemClassLoader();
        }
        return classLoader;
    }

    public static Set<X509Certificate> getDefaultTrustedCertificates() {
        return computeTrustedCertificates(null);
    }

    public static KeyStore getEcasClientEmbeddedTrustStore() {
        InputStream resourceAsStream = getCommonClassLoader().getResourceAsStream(DefaultValue.EUROPEAN_COMMISSION_TRUST_STORE.toString());
        if (null == resourceAsStream) {
            throw new IllegalStateException("The European Commission TrustStore was not found in the classpath");
        }
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance("JKS");
                keyStore.load(resourceAsStream, "changeit".toCharArray());
                return keyStore;
            } catch (Exception e) {
                throw new IllegalStateException("The European Commission TrustStore could not be loaded: " + e, e);
            }
        } finally {
            try {
                resourceAsStream.close();
            } catch (IOException e2) {
                e2.printStackTrace();
            }
        }
    }

    static /* synthetic */ KeyStore access$000() {
        return getCacertsKeyStoreNonPriv();
    }
}
