package org.web3j.protocol.infura;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:org/web3j/protocol/infura/CertificateManager.class */
public class CertificateManager {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/web3j/protocol/infura/CertificateManager$CertificateChainTrustManager.class */
    public static class CertificateChainTrustManager implements X509TrustManager {
        private final X509TrustManager x509TrustManager;
        private X509Certificate[] x509Certificates;

        CertificateChainTrustManager(X509TrustManager x509TrustManager) {
            this.x509TrustManager = x509TrustManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.x509Certificates = x509CertificateArr;
            this.x509TrustManager.checkServerTrusted(x509CertificateArr, str);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static File buildKeyStore(String str, char[] cArr) {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, cArr);
            CertificateChainTrustManager createCertificateChainTrustManager = createCertificateChainTrustManager(keyStore);
            URI uri = new URI(str);
            if (!isTrustedEndPoint(createSslSocket(uri, createCertificateChainTrustManager))) {
                X509Certificate[] x509CertificateArr = createCertificateChainTrustManager.x509Certificates;
                if (x509CertificateArr == null) {
                    throw new RuntimeException("Unable to obtain x509 certificate from server");
                }
                for (int i = 0; i < x509CertificateArr.length; i++) {
                    keyStore.setCertificateEntry(uri.getHost() + i, x509CertificateArr[i]);
                }
            }
            File createTempFile = File.createTempFile("web3j-", "" + new SecureRandom().nextLong());
            FileOutputStream fileOutputStream = new FileOutputStream(createTempFile);
            keyStore.store(fileOutputStream, cArr);
            fileOutputStream.close();
            deleteFileOnShutdown(createTempFile);
            return createTempFile;
        } catch (IOException e) {
            throw new RuntimeException(e);
        } catch (URISyntaxException e2) {
            throw new RuntimeException(e2);
        } catch (KeyManagementException e3) {
            throw new RuntimeException(e3);
        } catch (KeyStoreException e4) {
            throw new RuntimeException(e4);
        } catch (NoSuchAlgorithmException e5) {
            throw new RuntimeException(e5);
        } catch (CertificateException e6) {
            throw new RuntimeException(e6);
        }
    }

    private static CertificateChainTrustManager createCertificateChainTrustManager(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        return new CertificateChainTrustManager((X509TrustManager) trustManagerFactory.getTrustManagers()[0]);
    }

    private static SSLSocket createSslSocket(URI uri, CertificateChainTrustManager certificateChainTrustManager) throws NoSuchAlgorithmException, KeyManagementException, IOException, URISyntaxException, KeyStoreException {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, new TrustManager[]{certificateChainTrustManager}, null);
        SSLSocket sSLSocket = (SSLSocket) sSLContext.getSocketFactory().createSocket(uri.getHost(), 443);
        sSLSocket.setSoTimeout(10000);
        return sSLSocket;
    }

    private static boolean isTrustedEndPoint(SSLSocket sSLSocket) throws IOException {
        try {
            sSLSocket.startHandshake();
            sSLSocket.close();
            return true;
        } catch (SSLException e) {
            return false;
        }
    }

    private static void deleteFileOnShutdown(final File file) {
        Runtime.getRuntime().addShutdownHook(new Thread() { // from class: org.web3j.protocol.infura.CertificateManager.1
            @Override // java.lang.Thread, java.lang.Runnable
            public void run() {
                try {
                    CertificateManager.deleteTempFile(file);
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void deleteTempFile(File file) throws IOException {
        if (file.exists() && !file.delete()) {
            throw new RuntimeException("Unable to remove file: " + file.getCanonicalPath());
        }
    }
}
