package com.turikhay.caf;

import com.turikhay.caf.util.Logger;
import java.io.File;
import java.io.FileInputStream;
import java.lang.instrument.Instrumentation;
import java.security.KeyStore;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;

/* loaded from: input_file:com/turikhay/caf/CAFixer.class */
public class CAFixer {
    private final Logger logger;
    private static final String LOG_PREFIX = "[CertJavaAgent] ";

    public static void premain(String str, Instrumentation instrumentation) {
        fix();
    }

    public static void main(String[] strArr) {
        fix();
    }

    public static void fix(Logger logger) {
        new CAFixer(logger == null ? Logger.PrintLogger.ofSystem() : logger).fixCA();
    }

    public static void fix() {
        fix(null);
    }

    private CAFixer(Logger logger) {
        this.logger = logger;
    }

    private void fixCA() {
        try {
            updateJreCAStoreIfNecessary();
        } catch (Exception e) {
            this.logger.logError("[CertJavaAgent] Failed", e);
        }
    }

    private void updateJreCAStoreIfNecessary() throws Exception {
        CAStore loadJreCAStore = loadJreCAStore();
        CAStore loadEmbeddedCAStore = loadEmbeddedCAStore();
        if (doesContainAllCerts(loadJreCAStore, loadEmbeddedCAStore)) {
            return;
        }
        KeyStore keyStore = loadJreCAStore.merge(loadEmbeddedCAStore).toKeyStore();
        log("Will use updated KeyStore that includes missing certificates");
        KeyStoreManager.useNewKeyStore(keyStore);
    }

    private boolean doesContainAllCerts(CAStore cAStore, CAStore cAStore2) {
        boolean z = true;
        for (Cert cert : cAStore2.getCerts()) {
            if (cert.asX509().map(x509Certificate -> {
                try {
                    x509Certificate.checkValidity();
                } catch (CertificateExpiredException e) {
                    log("Embedded certificate has expired " + cert);
                    return Boolean.TRUE;
                } catch (CertificateNotYetValidException e2) {
                    log("Embedded certificate is not yet valid..? " + cert);
                }
                return Boolean.FALSE;
            }).filter(bool -> {
                return bool == Boolean.TRUE;
            }).isPresent()) {
                log("Skipping " + cert);
            } else if (!cAStore.hasCert(cert)) {
                log("JRE trust store doesn't contain " + cert);
                z = false;
            }
        }
        return z;
    }

    private void log(String str) {
        this.logger.logMessage(LOG_PREFIX + str);
    }

    private static CAStore loadJreCAStore() throws Exception {
        return CAStore.load(new FileInputStream(new File(System.getProperty("java.home"), "lib/security/cacerts")), KeyStore.getDefaultType(), "changeit");
    }

    private static CAStore loadEmbeddedCAStore() throws Exception {
        return CAStore.load(CAFixer.class.getResourceAsStream("ca.jks"), "jks", "supersecretpassword");
    }
}
