package de.bos_bremen.commons.net.http.conf;

import de.bos_bremen.commons.net.http.TransportHelper;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:de/bos_bremen/commons/net/http/conf/DefaultSSLCertificateProvider.class */
public class DefaultSSLCertificateProvider extends BaseSSLCertificateProvider {
    static final Log LOG = LogFactory.getLog(DefaultSSLCertificateProvider.class);

    public DefaultSSLCertificateProvider() throws GeneralSecurityException, IOException {
        addJVMDefaultCertificates();
        addTrustStorePropCertificates();
    }

    private void addJVMDefaultCertificates() throws GeneralSecurityException, IOException {
        StringBuilder sb = new StringBuilder(System.getProperty("java.home"));
        sb.append(File.separator).append("lib").append(File.separator).append("security").append(File.separator).append("cacerts");
        File file = new File(sb.toString());
        if (!file.exists()) {
            LOG.error("No default trust store " + file.getAbsolutePath() + " exists");
            return;
        }
        if (!file.canRead()) {
            LOG.error("Cannot read default trust store " + file.getAbsolutePath());
            return;
        }
        LOG.debug("Adding trusted issuer certificates from " + file.getAbsolutePath());
        KeyStore keyStore = KeyStore.getInstance("JKS");
        FileInputStream fileInputStream = null;
        try {
            try {
                fileInputStream = new FileInputStream(file);
                keyStore.load(fileInputStream, "changeit".toCharArray());
                TransportHelper.close(fileInputStream);
                addSSLServerCertificates(keyStore);
            } catch (IOException e) {
                LOG.warn("could not open default trust store", e);
                TransportHelper.close(fileInputStream);
            } catch (NoSuchAlgorithmException e2) {
                LOG.warn("could not open default trust store", e2);
                TransportHelper.close(fileInputStream);
            } catch (CertificateException e3) {
                LOG.warn("could not open default trust store", e3);
                TransportHelper.close(fileInputStream);
            }
        } catch (Throwable th) {
            TransportHelper.close(fileInputStream);
            throw th;
        }
    }

    private void addTrustStorePropCertificates() throws IOException {
        if (System.getProperties().containsKey("javax.net.ssl.trustStore")) {
            File file = new File(System.getProperty("javax.net.ssl.trustStore"));
            if (!file.exists()) {
                LOG.warn("The trust store " + file.getAbsolutePath() + " does not exist. Check the property  javax.net.ssl.trustStorePassword");
                return;
            }
            if (!file.canRead()) {
                LOG.error("Cannot read trust store " + file.getAbsolutePath());
                return;
            }
            FileInputStream fileInputStream = new FileInputStream(file);
            LOG.debug("Loading keystore from " + fileInputStream);
            try {
                try {
                    try {
                        KeyStore keyStore = KeyStore.getInstance("JKS");
                        keyStore.load(fileInputStream, System.getProperty("javax.net.ssl.trustStorePassword", "changeit").toCharArray());
                        LOG.debug("Adding " + keyStore.size() + " certificates in " + file.getAbsolutePath() + " to the list of trusted SSL server certificates.");
                        addSSLServerCertificates(keyStore);
                        TransportHelper.close(fileInputStream);
                    } catch (CertificateException e) {
                        LOG.warn("Could not add the SSL certificates defined in javax.net.ssl.trustStore = " + System.getProperty("javax.net.ssl.trustStore"), e);
                        TransportHelper.close(fileInputStream);
                    } catch (Exception e2) {
                        LOG.warn("Could not add the SSL certificates defined in javax.net.ssl.trustStorePassword (" + file.getAbsolutePath() + "): ", e2);
                        TransportHelper.close(fileInputStream);
                    }
                } catch (IOException e3) {
                    LOG.warn("Could not add the SSL certificates defined in javax.net.ssl.trustStore = " + System.getProperty("javax.net.ssl.trustStore"), e3);
                    TransportHelper.close(fileInputStream);
                } catch (NoSuchAlgorithmException e4) {
                    LOG.warn("Could not add the SSL certificates defined in javax.net.ssl.trustStore = " + System.getProperty("javax.net.ssl.trustStore"), e4);
                    TransportHelper.close(fileInputStream);
                }
            } catch (Throwable th) {
                TransportHelper.close(fileInputStream);
                throw th;
            }
        }
    }
}
