package com.intellij.util.net.ssl;

import com.intellij.openapi.application.Application;
import com.intellij.openapi.application.ApplicationManager;
import com.intellij.openapi.diagnostic.Logger;
import com.intellij.openapi.util.NlsContexts;
import com.intellij.openapi.util.text.StringUtil;
import com.intellij.openapi.util.text.Strings;
import com.intellij.util.EventDispatcher;
import com.intellij.util.ThrowableConsumer;
import com.intellij.util.containers.ContainerUtil;
import com.intellij.util.io.DigestUtilKt;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.SocketAddress;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.jetbrains.annotations.VisibleForTesting;

/* loaded from: input_file:com/intellij/util/net/ssl/ConfirmingTrustManager.class */
public final class ConfirmingTrustManager extends ClientOnlyTrustManager {
    private static final Logger LOG = Logger.getInstance(ConfirmingTrustManager.class);
    private static final X509Certificate[] NO_CERTIFICATES = new X509Certificate[0];
    public final ThreadLocal<UntrustedCertificateStrategy> myUntrustedCertificateStrategy = ThreadLocal.withInitial(() -> {
        return null;
    });
    private final List<X509TrustManager> mySystemManagers;
    private final MutableTrustManager myCustomManager;

    /* loaded from: input_file:com/intellij/util/net/ssl/ConfirmingTrustManager$CertificateConfirmationParameters.class */
    public static final class CertificateConfirmationParameters {
        private final boolean myAskUser;

        @Nullable
        private final String myAskOrRejectReason;
        private final boolean myAddToKeyStore;

        @Nullable
        private final String myCertificateDetails;

        @Nullable
        private final Runnable myOnUserAcceptCallback;

        @NotNull
        public static CertificateConfirmationParameters askConfirmation(boolean z, @NlsContexts.DialogMessage @Nullable String str, @Nullable Runnable runnable) {
            return new CertificateConfirmationParameters(true, z, str, runnable, null);
        }

        @NotNull
        public static CertificateConfirmationParameters doNotAskConfirmation() {
            return new CertificateConfirmationParameters(false, false, null, null, null);
        }

        private CertificateConfirmationParameters(boolean z, boolean z2, @NlsContexts.DialogMessage @Nullable String str, @Nullable Runnable runnable, @Nullable String str2) {
            this.myAskUser = z;
            this.myAddToKeyStore = z2;
            this.myCertificateDetails = str;
            this.myOnUserAcceptCallback = runnable;
            this.myAskOrRejectReason = str2;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            CertificateConfirmationParameters certificateConfirmationParameters = (CertificateConfirmationParameters) obj;
            return this.myAskUser == certificateConfirmationParameters.myAskUser && this.myAddToKeyStore == certificateConfirmationParameters.myAddToKeyStore && Objects.equals(this.myCertificateDetails, certificateConfirmationParameters.myCertificateDetails) && Objects.equals(this.myOnUserAcceptCallback, certificateConfirmationParameters.myOnUserAcceptCallback);
        }

        public int hashCode() {
            return Objects.hash(Boolean.valueOf(this.myAskUser), Boolean.valueOf(this.myAddToKeyStore), this.myCertificateDetails, this.myOnUserAcceptCallback);
        }
    }

    /* loaded from: input_file:com/intellij/util/net/ssl/ConfirmingTrustManager$MutableTrustManager.class */
    public static final class MutableTrustManager extends ClientOnlyTrustManager {
        private final String myPath;
        private final String myPassword;
        private final TrustManagerFactory myFactory;
        private final KeyStore myKeyStore;
        private final ReadWriteLock myLock;
        private final Lock myReadLock;
        private final Lock myWriteLock;
        private X509TrustManager myTrustManager;
        private final EventDispatcher<CertificateListener> myDispatcher;

        private MutableTrustManager(@NotNull String str, @NotNull String str2) {
            if (str == null) {
                $$$reportNull$$$0(0);
            }
            if (str2 == null) {
                $$$reportNull$$$0(1);
            }
            this.myLock = new ReentrantReadWriteLock();
            this.myReadLock = this.myLock.readLock();
            this.myWriteLock = this.myLock.writeLock();
            this.myDispatcher = EventDispatcher.create(CertificateListener.class);
            this.myPath = str;
            this.myPassword = str2;
            this.myWriteLock.lock();
            try {
                this.myFactory = createFactory();
                this.myKeyStore = createKeyStore(str, str2);
                this.myTrustManager = initFactoryAndGetManager();
            } finally {
                this.myWriteLock.unlock();
            }
        }

        private static TrustManagerFactory createFactory() {
            try {
                return TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            } catch (NoSuchAlgorithmException e) {
                ConfirmingTrustManager.LOG.error("Cannot create trust manager factory", e);
                return null;
            }
        }

        private static KeyStore createKeyStore(@NotNull String str, @NotNull String str2) {
            if (str == null) {
                $$$reportNull$$$0(2);
            }
            if (str2 == null) {
                $$$reportNull$$$0(3);
            }
            try {
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                Path of = Path.of(str, new String[0]);
                if (Files.exists(of, new LinkOption[0])) {
                    InputStream newInputStream = Files.newInputStream(of, new OpenOption[0]);
                    try {
                        keyStore.load(newInputStream, str2.toCharArray());
                        if (newInputStream != null) {
                            newInputStream.close();
                        }
                    } finally {
                    }
                } else {
                    try {
                        Files.createDirectories(of.getParent(), new FileAttribute[0]);
                        keyStore.load(null, str2.toCharArray());
                    } catch (IOException e) {
                        ConfirmingTrustManager.LOG.error("Cannot create directories: " + of.getParent(), e);
                        return null;
                    }
                }
                return keyStore;
            } catch (Exception e2) {
                ConfirmingTrustManager.LOG.error("Cannot create key store", e2);
                return null;
            }
        }

        public boolean addCertificate(@NotNull X509Certificate x509Certificate) {
            if (x509Certificate == null) {
                $$$reportNull$$$0(4);
            }
            this.myWriteLock.lock();
            try {
                try {
                    if (isBroken()) {
                        return false;
                    }
                    this.myKeyStore.setCertificateEntry(createAlias(x509Certificate), x509Certificate);
                    flushKeyStore();
                    ConfirmingTrustManager.LOG.info("Added certificate for '" + x509Certificate.getSubjectX500Principal().toString() + "' to " + this.myPath);
                    this.myTrustManager = initFactoryAndGetManager();
                    ((CertificateListener) this.myDispatcher.getMulticaster()).certificateAdded(x509Certificate);
                    this.myWriteLock.unlock();
                    return true;
                } catch (Exception e) {
                    ConfirmingTrustManager.LOG.error("Cannot add certificate", e);
                    this.myWriteLock.unlock();
                    return false;
                }
            } finally {
                this.myWriteLock.unlock();
            }
        }

        public boolean addCertificate(@NotNull String str) {
            if (str == null) {
                $$$reportNull$$$0(5);
            }
            X509Certificate loadX509Certificate = CertificateUtil.loadX509Certificate(str);
            return loadX509Certificate != null && addCertificate(loadX509Certificate);
        }

        private static String createAlias(@NotNull X509Certificate x509Certificate) {
            if (x509Certificate == null) {
                $$$reportNull$$$0(6);
            }
            return CertificateUtil.getCommonName(x509Certificate);
        }

        public boolean removeCertificate(@NotNull X509Certificate x509Certificate) {
            if (x509Certificate == null) {
                $$$reportNull$$$0(7);
            }
            return removeCertificate(createAlias(x509Certificate));
        }

        public boolean removeCertificate(@NotNull String str) {
            if (str == null) {
                $$$reportNull$$$0(8);
            }
            this.myWriteLock.lock();
            try {
                try {
                    if (isBroken()) {
                        this.myWriteLock.unlock();
                        return false;
                    }
                    X509Certificate certificate = getCertificate(str);
                    if (certificate == null) {
                        ConfirmingTrustManager.LOG.error("No certificate found for alias: " + str);
                        this.myWriteLock.unlock();
                        return false;
                    }
                    this.myKeyStore.deleteEntry(str);
                    flushKeyStore();
                    this.myTrustManager = initFactoryAndGetManager();
                    ((CertificateListener) this.myDispatcher.getMulticaster()).certificateRemoved(certificate);
                    this.myWriteLock.unlock();
                    return true;
                } catch (Exception e) {
                    ConfirmingTrustManager.LOG.error("Cannot remove certificate for alias: " + str, e);
                    this.myWriteLock.unlock();
                    return false;
                }
            } catch (Throwable th) {
                this.myWriteLock.unlock();
                throw th;
            }
        }

        @Nullable
        public X509Certificate getCertificate(@NotNull String str) {
            if (str == null) {
                $$$reportNull$$$0(9);
            }
            this.myReadLock.lock();
            try {
                X509Certificate x509Certificate = (X509Certificate) this.myKeyStore.getCertificate(str);
                this.myReadLock.unlock();
                return x509Certificate;
            } catch (KeyStoreException e) {
                this.myReadLock.unlock();
                return null;
            } catch (Throwable th) {
                this.myReadLock.unlock();
                throw th;
            }
        }

        public List<String> getAliases() {
            this.myReadLock.lock();
            try {
                return Collections.list(this.myKeyStore.aliases());
            } catch (KeyStoreException e) {
                return Collections.emptyList();
            } finally {
                this.myReadLock.unlock();
            }
        }

        public List<X509Certificate> getCertificates() {
            this.myReadLock.lock();
            try {
                try {
                    ArrayList arrayList = new ArrayList();
                    Iterator it = Collections.list(this.myKeyStore.aliases()).iterator();
                    while (it.hasNext()) {
                        arrayList.add(getCertificate((String) it.next()));
                    }
                    List<X509Certificate> copyOf = List.copyOf(arrayList);
                    this.myReadLock.unlock();
                    return copyOf;
                } catch (Exception e) {
                    ConfirmingTrustManager.LOG.error(e);
                    List<X509Certificate> emptyList = Collections.emptyList();
                    this.myReadLock.unlock();
                    return emptyList;
                }
            } catch (Throwable th) {
                this.myReadLock.unlock();
                throw th;
            }
        }

        public boolean containsCertificate(@NotNull String str) {
            if (str == null) {
                $$$reportNull$$$0(10);
            }
            this.myReadLock.lock();
            try {
                try {
                    boolean containsAlias = this.myKeyStore.containsAlias(str);
                    this.myReadLock.unlock();
                    return containsAlias;
                } catch (KeyStoreException e) {
                    ConfirmingTrustManager.LOG.error(e);
                    this.myReadLock.unlock();
                    return false;
                }
            } catch (Throwable th) {
                this.myReadLock.unlock();
                throw th;
            }
        }

        boolean removeAllCertificates() {
            Iterator<X509Certificate> it = getCertificates().iterator();
            while (it.hasNext()) {
                if (!removeCertificate(it.next())) {
                    return false;
                }
            }
            return true;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.myReadLock.lock();
            try {
                if (keyStoreIsEmpty() || isBroken()) {
                    throw new CertificateException();
                }
                this.myTrustManager.checkServerTrusted(x509CertificateArr, str);
            } finally {
                this.myReadLock.unlock();
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            this.myReadLock.lock();
            try {
                return (keyStoreIsEmpty() || isBroken()) ? ConfirmingTrustManager.NO_CERTIFICATES : this.myTrustManager.getAcceptedIssuers();
            } finally {
                this.myReadLock.unlock();
            }
        }

        public void addListener(@NotNull CertificateListener certificateListener) {
            if (certificateListener == null) {
                $$$reportNull$$$0(11);
            }
            this.myDispatcher.addListener(certificateListener);
        }

        public void removeListener(@NotNull CertificateListener certificateListener) {
            if (certificateListener == null) {
                $$$reportNull$$$0(12);
            }
            this.myDispatcher.removeListener(certificateListener);
        }

        private boolean keyStoreIsEmpty() {
            try {
                return this.myKeyStore.size() == 0;
            } catch (KeyStoreException e) {
                ConfirmingTrustManager.LOG.error(e);
                return true;
            }
        }

        private X509TrustManager initFactoryAndGetManager() {
            try {
                if (this.myFactory == null || this.myKeyStore == null) {
                    return null;
                }
                this.myFactory.init(this.myKeyStore);
                TrustManager[] trustManagers = this.myFactory.getTrustManagers();
                X509TrustManager findX509TrustManager = ConfirmingTrustManager.findX509TrustManager(trustManagers);
                if (findX509TrustManager == null) {
                    ConfirmingTrustManager.LOG.error("Cannot find X509 trust manager among " + Arrays.toString(trustManagers));
                }
                return findX509TrustManager;
            } catch (KeyStoreException e) {
                ConfirmingTrustManager.LOG.error("Cannot initialize trust store", e);
                return null;
            }
        }

        private boolean isBroken() {
            return this.myKeyStore == null || this.myFactory == null || this.myTrustManager == null;
        }

        private void flushKeyStore() throws Exception {
            FileOutputStream fileOutputStream = new FileOutputStream(this.myPath);
            try {
                this.myKeyStore.store(fileOutputStream, this.myPassword.toCharArray());
                fileOutputStream.close();
            } catch (Throwable th) {
                try {
                    fileOutputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }

        private static /* synthetic */ void $$$reportNull$$$0(int i) {
            Object[] objArr = new Object[3];
            switch (i) {
                case 0:
                case 2:
                case 5:
                default:
                    objArr[0] = "path";
                    break;
                case 1:
                case 3:
                    objArr[0] = "password";
                    break;
                case 4:
                case 6:
                case 7:
                    objArr[0] = "certificate";
                    break;
                case 8:
                case 9:
                case 10:
                    objArr[0] = "alias";
                    break;
                case 11:
                case 12:
                    objArr[0] = "listener";
                    break;
            }
            objArr[1] = "com/intellij/util/net/ssl/ConfirmingTrustManager$MutableTrustManager";
            switch (i) {
                case 0:
                case 1:
                default:
                    objArr[2] = "<init>";
                    break;
                case 2:
                case 3:
                    objArr[2] = "createKeyStore";
                    break;
                case 4:
                case 5:
                    objArr[2] = "addCertificate";
                    break;
                case 6:
                    objArr[2] = "createAlias";
                    break;
                case 7:
                case 8:
                    objArr[2] = "removeCertificate";
                    break;
                case 9:
                    objArr[2] = "getCertificate";
                    break;
                case 10:
                    objArr[2] = "containsCertificate";
                    break;
                case 11:
                    objArr[2] = "addListener";
                    break;
                case 12:
                    objArr[2] = "removeListener";
                    break;
            }
            throw new IllegalArgumentException(String.format("Argument for @NotNull parameter '%s' of %s.%s must not be null", objArr));
        }
    }

    public static ConfirmingTrustManager createForStorage(@NotNull String str, @NotNull String str2) {
        if (str == null) {
            $$$reportNull$$$0(0);
        }
        if (str2 == null) {
            $$$reportNull$$$0(1);
        }
        return new ConfirmingTrustManager(getSystemTrustManagers(), new MutableTrustManager(str, str2));
    }

    @NotNull
    private static List<X509TrustManager> getSystemTrustManagers() {
        ArrayList arrayList = new ArrayList();
        X509TrustManager operatingSystemTrustManager = getOperatingSystemTrustManager();
        if (operatingSystemTrustManager != null) {
            arrayList.add(operatingSystemTrustManager);
        }
        X509TrustManager javaRuntimeDefaultTrustManager = getJavaRuntimeDefaultTrustManager();
        if (javaRuntimeDefaultTrustManager != null) {
            arrayList.add(javaRuntimeDefaultTrustManager);
        }
        if (arrayList == null) {
            $$$reportNull$$$0(2);
        }
        return arrayList;
    }

    @Nullable
    private static X509TrustManager getJavaRuntimeDefaultTrustManager() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            X509TrustManager findX509TrustManager = findX509TrustManager(trustManagerFactory.getTrustManagers());
            if (findX509TrustManager == null) {
                return null;
            }
            if (findX509TrustManager.getAcceptedIssuers().length != 0) {
                return findX509TrustManager;
            }
            return null;
        } catch (Exception e) {
            LOG.error("Cannot get default JVM trust store", e);
            return null;
        }
    }

    @Nullable
    private static X509TrustManager getOperatingSystemTrustManager() {
        try {
            Collection<X509Certificate> customOsSpecificTrustedCertificates = OsCertificatesService.getInstance().getCustomOsSpecificTrustedCertificates();
            if (customOsSpecificTrustedCertificates.isEmpty()) {
                if (ApplicationManager.getApplication().isUnitTestMode()) {
                    return null;
                }
                LOG.warn("Received an empty list of custom trusted root certificates from the system. Check log above for possible errors, enable debug logging in category 'org.jetbrains.nativecerts' for more information");
                return null;
            }
            X509TrustManager createTrustManagerFromCertificates = createTrustManagerFromCertificates(customOsSpecificTrustedCertificates);
            LOG.debug("Accepted trusted certificate roots from the system: \n" + StringUtil.join(Arrays.stream(createTrustManagerFromCertificates.getAcceptedIssuers()).map(x509Certificate -> {
                return x509Certificate.getSubjectX500Principal().toString();
            }).sorted().toList(), "\n"));
            return createTrustManagerFromCertificates;
        } catch (Throwable th) {
            LOG.error("Unable to build system trusted certificates manager, only JVM-bundled roots will be used: " + th.getMessage(), th);
            return null;
        }
    }

    @NotNull
    static X509TrustManager createTrustManagerFromCertificates(@NotNull Collection<? extends X509Certificate> collection) throws Exception {
        if (collection == null) {
            $$$reportNull$$$0(3);
        }
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        for (X509Certificate x509Certificate : collection) {
            keyStore.setCertificateEntry(x509Certificate.getSubjectX500Principal().toString() + "-" + DigestUtilKt.hashToHexString(x509Certificate.getEncoded(), DigestUtilKt.sha3_256()), x509Certificate);
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        List filterIsInstance = ContainerUtil.filterIsInstance(trustManagerFactory.getTrustManagers(), X509TrustManager.class);
        if (filterIsInstance.isEmpty()) {
            throw new IllegalStateException("Unable to create X509TrustManager from keystore: no X509TrustManager instances returned, only " + Strings.join(Arrays.asList(trustManagerFactory.getTrustManagers()), " "));
        }
        if (filterIsInstance.size() > 1) {
            throw new IllegalStateException("Unable to create X509TrustManager from keystore: more than one X509TrustManager instance returned: " + Strings.join(filterIsInstance, " "));
        }
        X509TrustManager x509TrustManager = (X509TrustManager) filterIsInstance.get(0);
        if (x509TrustManager == null) {
            $$$reportNull$$$0(4);
        }
        return x509TrustManager;
    }

    private ConfirmingTrustManager(List<X509TrustManager> list, MutableTrustManager mutableTrustManager) {
        this.mySystemManagers = list;
        this.myCustomManager = mutableTrustManager;
    }

    @VisibleForTesting
    void addSystemTrustManager(X509TrustManager x509TrustManager) {
        this.mySystemManagers.add(x509TrustManager);
    }

    @VisibleForTesting
    void removeSystemTrustManager(X509TrustManager x509TrustManager) {
        if (!this.mySystemManagers.remove(x509TrustManager)) {
            throw new IllegalArgumentException("trust manager was not in the list of system trust managers: " + x509TrustManager);
        }
    }

    @Nullable
    private static X509TrustManager findX509TrustManager(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        return null;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkServerTrusted(x509CertificateArr, str, (String) null);
    }

    @Override // com.intellij.util.net.ssl.ClientOnlyTrustManager, javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        String obj;
        SocketAddress remoteSocketAddress = socket.getRemoteSocketAddress();
        if (remoteSocketAddress instanceof InetSocketAddress) {
            InetSocketAddress inetSocketAddress = (InetSocketAddress) remoteSocketAddress;
            obj = inetSocketAddress.getHostString() + ":" + inetSocketAddress.getPort();
        } else {
            obj = remoteSocketAddress.toString();
        }
        checkServerTrusted(x509CertificateArr, str, obj);
    }

    @Override // com.intellij.util.net.ssl.ClientOnlyTrustManager, javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        String peerHost = sSLEngine.getPeerHost();
        int peerPort = sSLEngine.getPeerPort();
        if (peerPort > 0) {
            peerHost = peerHost + ":" + peerPort;
        }
        checkServerTrusted(x509CertificateArr, str, peerHost);
    }

    private void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, String str2) throws CertificateException {
        withCalculatedCertificateStrategy(untrustedCertificateStrategyWithReason -> {
            checkServerTrusted(x509CertificateArr, str, str2, new CertificateConfirmationParameters(untrustedCertificateStrategyWithReason.getStrategy() == UntrustedCertificateStrategy.ASK_USER, true, null, null, untrustedCertificateStrategyWithReason.getReason()));
        });
    }

    private void withCalculatedCertificateStrategy(ThrowableConsumer<? super UntrustedCertificateStrategyWithReason, ? extends CertificateException> throwableConsumer) throws CertificateException {
        UntrustedCertificateStrategy untrustedCertificateStrategy = this.myUntrustedCertificateStrategy.get();
        if (untrustedCertificateStrategy != null) {
            throwableConsumer.consume(new UntrustedCertificateStrategyWithReason(untrustedCertificateStrategy, null));
        } else {
            throwableConsumer.consume(((InitialUntrustedCertificateStrategyProvider) ApplicationManager.getApplication().getService(InitialUntrustedCertificateStrategyProvider.class)).getStrategy());
        }
    }

    @Deprecated
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, boolean z, boolean z2) throws CertificateException {
        checkServerTrusted(x509CertificateArr, str, (String) null, new CertificateConfirmationParameters(z2, z, null, null, null));
    }

    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, @NotNull CertificateConfirmationParameters certificateConfirmationParameters) throws CertificateException {
        if (certificateConfirmationParameters == null) {
            $$$reportNull$$$0(5);
        }
        checkServerTrusted(x509CertificateArr, str, (String) null, certificateConfirmationParameters);
    }

    private void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, String str2, @NotNull CertificateConfirmationParameters certificateConfirmationParameters) throws CertificateException {
        if (certificateConfirmationParameters == null) {
            $$$reportNull$$$0(6);
        }
        CertificateException certificateException = null;
        Iterator<X509TrustManager> it = this.mySystemManagers.iterator();
        while (it.hasNext()) {
            try {
                it.next().checkServerTrusted(x509CertificateArr, str);
                return;
            } catch (CertificateException e) {
                certificateException = e;
            }
        }
        synchronized (this.myCustomManager) {
            try {
                this.myCustomManager.checkServerTrusted(x509CertificateArr, str);
            } catch (CertificateException e2) {
                if (this.myCustomManager.isBroken() || !confirmAndUpdate(x509CertificateArr, str2, certificateConfirmationParameters, str)) {
                    if (certificateException == null) {
                        throw e2;
                    }
                }
            }
        }
    }

    private boolean confirmAndUpdate(X509Certificate[] x509CertificateArr, String str, @NotNull CertificateConfirmationParameters certificateConfirmationParameters, String str2) {
        if (certificateConfirmationParameters == null) {
            $$$reportNull$$$0(7);
        }
        Application application = ApplicationManager.getApplication();
        X509Certificate x509Certificate = x509CertificateArr[0];
        if (Strings.notNullize(Thread.currentThread().getClass().getCanonicalName()).equals("sun.awt.image.ImageFetcher")) {
            LOG.debug("Image Fetcher thread is detected. Certificate check will be skipped.");
            return true;
        }
        if (application.isHeadlessEnvironment() || CertificateManager.getInstance().getState().ACCEPT_AUTOMATICALLY) {
            LOG.debug("Certificate will be accepted automatically");
            if (!certificateConfirmationParameters.myAddToKeyStore) {
                return true;
            }
            this.myCustomManager.addCertificate(x509Certificate);
            return true;
        }
        if (application.isUnitTestMode()) {
            return false;
        }
        boolean z = false;
        HashSet hashSet = new HashSet();
        if (certificateConfirmationParameters.myAskUser) {
            String str3 = "Going to ask user about certificate for: " + x509Certificate.getSubjectX500Principal().toString() + ", issuer: " + x509Certificate.getIssuerX500Principal().toString();
            if (certificateConfirmationParameters.myAskOrRejectReason != null) {
                str3 = str3 + ". Reason: " + certificateConfirmationParameters.myAskOrRejectReason;
            }
            LOG.info(str3);
            CertificateWarningDialogProvider companion = CertificateWarningDialogProvider.Companion.getInstance();
            if (companion == null) {
                LOG.warn("Accepting dialog wasn't shown, because DialogProvider in unavailable now");
            } else {
                z = CertificateManager.Companion.showAcceptDialog(() -> {
                    return companion.createCertificateWarningDialog(Arrays.stream(x509CertificateArr).toList(), this.myCustomManager, str, str2, hashSet);
                });
            }
        } else {
            String str4 = "Didn't show certificate dialog for: " + x509Certificate.getSubjectX500Principal().toString() + ", issuer: " + x509Certificate.getIssuerX500Principal().toString();
            if (certificateConfirmationParameters.myAskOrRejectReason != null) {
                str4 = str4 + ". Reason: " + certificateConfirmationParameters.myAskOrRejectReason;
            }
            LOG.warn(str4);
        }
        if (z) {
            LOG.info("Certificate was accepted by user");
            if (certificateConfirmationParameters.myAddToKeyStore) {
                MutableTrustManager mutableTrustManager = this.myCustomManager;
                Objects.requireNonNull(mutableTrustManager);
                hashSet.forEach(mutableTrustManager::addCertificate);
            }
            if (certificateConfirmationParameters.myOnUserAcceptCallback != null) {
                certificateConfirmationParameters.myOnUserAcceptCallback.run();
            }
            if (!hashSet.contains(x509Certificate)) {
                z = false;
            }
        }
        return z;
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        HashSet hashSet = new HashSet();
        for (X509TrustManager x509TrustManager : this.mySystemManagers) {
            try {
                hashSet.addAll(Arrays.asList(x509TrustManager.getAcceptedIssuers()));
            } catch (Throwable th) {
                LOG.error("Could not get list of accepted issuers (trusted root identities) from " + x509TrustManager.toString() + " (" + x509TrustManager.getClass().getName() + ")", th);
            }
        }
        hashSet.addAll(Arrays.asList(this.myCustomManager.getAcceptedIssuers()));
        return (X509Certificate[]) hashSet.toArray(i -> {
            return new X509Certificate[i];
        });
    }

    public MutableTrustManager getCustomManager() {
        return this.myCustomManager;
    }

    private static /* synthetic */ void $$$reportNull$$$0(int i) {
        String str;
        int i2;
        switch (i) {
            case 0:
            case 1:
            case 3:
            case 5:
            case 6:
            case 7:
            default:
                str = "Argument for @NotNull parameter '%s' of %s.%s must not be null";
                break;
            case 2:
            case 4:
                str = "@NotNull method %s.%s must not return null";
                break;
        }
        switch (i) {
            case 0:
            case 1:
            case 3:
            case 5:
            case 6:
            case 7:
            default:
                i2 = 3;
                break;
            case 2:
            case 4:
                i2 = 2;
                break;
        }
        Object[] objArr = new Object[i2];
        switch (i) {
            case 0:
            default:
                objArr[0] = "path";
                break;
            case 1:
                objArr[0] = "password";
                break;
            case 2:
            case 4:
                objArr[0] = "com/intellij/util/net/ssl/ConfirmingTrustManager";
                break;
            case 3:
                objArr[0] = "certificates";
                break;
            case 5:
            case 6:
            case 7:
                objArr[0] = "parameters";
                break;
        }
        switch (i) {
            case 0:
            case 1:
            case 3:
            case 5:
            case 6:
            case 7:
            default:
                objArr[1] = "com/intellij/util/net/ssl/ConfirmingTrustManager";
                break;
            case 2:
                objArr[1] = "getSystemTrustManagers";
                break;
            case 4:
                objArr[1] = "createTrustManagerFromCertificates";
                break;
        }
        switch (i) {
            case 0:
            case 1:
            default:
                objArr[2] = "createForStorage";
                break;
            case 2:
            case 4:
                break;
            case 3:
                objArr[2] = "createTrustManagerFromCertificates";
                break;
            case 5:
            case 6:
                objArr[2] = "checkServerTrusted";
                break;
            case 7:
                objArr[2] = "confirmAndUpdate";
                break;
        }
        String format = String.format(str, objArr);
        switch (i) {
            case 0:
            case 1:
            case 3:
            case 5:
            case 6:
            case 7:
            default:
                throw new IllegalArgumentException(format);
            case 2:
            case 4:
                throw new IllegalStateException(format);
        }
    }
}
