package org.jetbrains.nativecerts.linux;

import java.io.InputStream;
import java.nio.file.AccessDeniedException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.nativecerts.NativeTrustedRootsInternalUtils;

/* loaded from: input_file:org/jetbrains/nativecerts/linux/LinuxTrustedCertificatesUtil.class */
public class LinuxTrustedCertificatesUtil {
    private static final Logger LOGGER = Logger.getLogger(LinuxTrustedCertificatesUtil.class.getName());
    private static final List<String> possibleFiles = List.of("/etc/ssl/certs/ca-certificates.crt", "/etc/pki/tls/certs/ca-bundle.crt", "/etc/ssl/ca-bundle.pem", "/etc/pki/tls/cacert.pem", "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", "/etc/ssl/cert.pem");
    private static final List<String> possibleDirectories = List.of("/etc/ssl/certs", "/etc/pki/tls/certs", "/system/etc/security/cacerts");

    public static Collection<X509Certificate> getSystemCertificates() {
        HashSet hashSet = new HashSet();
        Iterator<String> it = possibleFiles.iterator();
        while (it.hasNext()) {
            hashSet.addAll(tryReadFromFile(Path.of(it.next(), new String[0])));
        }
        Iterator<String> it2 = possibleDirectories.iterator();
        while (it2.hasNext()) {
            hashSet.addAll(tryReadFromDirectory(Path.of(it2.next(), new String[0])));
        }
        if (LOGGER.isLoggable(Level.FINE)) {
            StringBuilder sb = new StringBuilder();
            sb.append(hashSet.size()).append(" certificates were read from various system locations");
            Iterator it3 = hashSet.iterator();
            while (it3.hasNext()) {
                sb.append("\n  ").append(((X509Certificate) it3.next()).getSubjectDN());
            }
            LOGGER.fine(sb.toString());
        }
        return hashSet;
    }

    private static Set<X509Certificate> tryReadFromDirectory(@NotNull Path path) {
        if (!Files.isDirectory(path, new LinkOption[0])) {
            LOGGER.fine("Not reading certificates from " + path + ": not a directory");
            return Collections.emptySet();
        }
        LOGGER.fine("Reading certificates from " + path + ": file does not exist");
        try {
            Stream<Path> list = Files.list(path);
            try {
                List<Path> list2 = (List) list.collect(Collectors.toList());
                HashSet hashSet = new HashSet();
                for (Path path2 : list2) {
                    if (Files.isRegularFile(path2, new LinkOption[0])) {
                        hashSet.addAll(tryReadFromFile(path2));
                    }
                }
                if (list != null) {
                    list.close();
                }
                return hashSet;
            } finally {
            }
        } catch (Throwable th) {
            LOGGER.warning(NativeTrustedRootsInternalUtils.renderExceptionMessage("Unable to read certificates from directory " + path, th));
            return Collections.emptySet();
        }
    }

    private static List<X509Certificate> tryReadFromFile(@NotNull Path path) {
        try {
            if (!Files.exists(path, new LinkOption[0])) {
                LOGGER.fine("Not reading certificates from " + path + ": file does not exist");
                return Collections.emptyList();
            }
            if (!Files.isRegularFile(path, new LinkOption[0])) {
                LOGGER.warning("Not reading certificates from " + path + ": not a regular file");
                return Collections.emptyList();
            }
            InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
            try {
                List<X509Certificate> readPemBundle = PemReaderUtil.readPemBundle(newInputStream, path.toString());
                if (LOGGER.isLoggable(Level.FINE)) {
                    StringBuilder sb = new StringBuilder();
                    sb.append("Received ").append(readPemBundle.size()).append(" certificates from ").append(path);
                    Iterator<X509Certificate> it = readPemBundle.iterator();
                    while (it.hasNext()) {
                        sb.append("\n  ").append(it.next().getSubjectDN());
                    }
                    LOGGER.fine(sb.toString());
                }
                if (newInputStream != null) {
                    newInputStream.close();
                }
                return readPemBundle;
            } catch (Throwable th) {
                if (newInputStream != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (AccessDeniedException e) {
            LOGGER.warning("Not reading certificates from " + path + ": access denied");
            return Collections.emptyList();
        } catch (Throwable th3) {
            LOGGER.warning(NativeTrustedRootsInternalUtils.renderExceptionMessage("Unable to read certificates from " + path, th3));
            return Collections.emptyList();
        }
    }
}
