package com.alibaba.nacos.common.tls;

import ch.qos.logback.core.net.ssl.SSL;
import com.alibaba.nacos.common.utils.IoUtils;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/nacos-client-2.0.3.jar:com/alibaba/nacos/common/tls/SelfTrustManager.class */
public final class SelfTrustManager {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) SelfTrustManager.class);
    static TrustManager[] trustAll = {new X509TrustManager() { // from class: com.alibaba.nacos.common.tls.SelfTrustManager.1
        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }};

    public static TrustManager[] trustManager(boolean z, String str) {
        if (!z) {
            return trustAll;
        }
        if (str == null) {
            return null;
        }
        try {
            return buildSecureTrustManager(str);
        } catch (SSLException e) {
            LOGGER.warn("degrade trust manager as build failed, will trust all certs.");
            return trustAll;
        }
    }

    private static TrustManager[] buildSecureTrustManager(String str) throws SSLException {
        FileInputStream fileInputStream = null;
        try {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                KeyStore keyStore = KeyStore.getInstance(SSL.DEFAULT_KEYSTORE_TYPE);
                keyStore.load(null, null);
                fileInputStream = new FileInputStream(str);
                int i = 0;
                Iterator<? extends Certificate> it = CertificateFactory.getInstance("X.509").generateCertificates(fileInputStream).iterator();
                while (it.hasNext()) {
                    int i2 = i;
                    i++;
                    keyStore.setCertificateEntry("cert-" + i2, it.next());
                }
                trustManagerFactory.init(keyStore);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                IoUtils.closeQuietly((InputStream) fileInputStream);
                return trustManagers;
            } catch (Exception e) {
                LOGGER.error("build client trustManagerFactory failed", (Throwable) e);
                throw new SSLException(e);
            }
        } catch (Throwable th) {
            IoUtils.closeQuietly((InputStream) fileInputStream);
            throw th;
        }
    }
}
