package aQute.bnd.url;

import aQute.bnd.annotation.plugin.BndPlugin;
import aQute.bnd.osgi.Processor;
import aQute.lib.io.IO;
import java.io.File;
import java.io.FileInputStream;
import java.net.URLConnection;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;

@BndPlugin(name = "url.https.verification", parameters = Config.class)
/* loaded from: input_file:WEB-INF/lib/bnd.jar:aQute/bnd/url/HttpsVerification.class */
public class HttpsVerification extends DefaultURLConnectionHandler {
    private SSLSocketFactory factory;
    private HostnameVerifier verifier;
    private final List<X509Certificate> certificates = new ArrayList();

    /* loaded from: input_file:WEB-INF/lib/bnd.jar:aQute/bnd/url/HttpsVerification$Config.class */
    interface Config {
        String trusted();
    }

    private synchronized void init() throws NoSuchAlgorithmException, KeyManagementException {
        if (this.factory == null) {
            final X509Certificate[] x509CertificateArr = (X509Certificate[]) this.certificates.toArray(new X509Certificate[this.certificates.size()]);
            TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: aQute.bnd.url.HttpsVerification.1
                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return x509CertificateArr;
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr2, String str) throws CertificateException {
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr2, String str) throws CertificateException {
                }
            }};
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            this.factory = sSLContext.getSocketFactory();
            this.verifier = new HostnameVerifier() { // from class: aQute.bnd.url.HttpsVerification.2
                @Override // javax.net.ssl.HostnameVerifier
                public boolean verify(String str, SSLSession sSLSession) {
                    return true;
                }
            };
        }
    }

    @Override // aQute.bnd.url.DefaultURLConnectionHandler, aQute.bnd.service.url.URLConnectionHandler
    public void handle(URLConnection uRLConnection) throws Exception {
        if ((uRLConnection instanceof HttpsURLConnection) && matches(uRLConnection)) {
            init();
            if (this.certificates.isEmpty()) {
                trace("Https verification for %s is DISABLED", uRLConnection.getURL());
            }
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) uRLConnection;
            httpsURLConnection.setSSLSocketFactory(this.factory);
            httpsURLConnection.setHostnameVerifier(this.verifier);
        }
    }

    @Override // aQute.bnd.url.DefaultURLConnectionHandler, aQute.bnd.service.Plugin
    public void setProperties(Map<String, String> map) throws Exception {
        super.setProperties(map);
        String str = map.get("trusted");
        if (str != null) {
            for (String str2 : str.split(Processor.LIST_SPLITTER)) {
                File file = IO.getFile(str2);
                if (file.isFile()) {
                    FileInputStream fileInputStream = new FileInputStream(file);
                    try {
                        this.certificates.add((X509Certificate) CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID).generateCertificate(fileInputStream));
                        fileInputStream.close();
                    } catch (Throwable th) {
                        fileInputStream.close();
                        throw th;
                    }
                }
            }
        }
    }
}
