package com.maconomy.api.security;

import com.maconomy.api.messages.McApiText;
import com.maconomy.eclipse.core.file.McPlatformUtil;
import com.maconomy.util.McOpt;
import com.maconomy.util.MiOpt;
import com.maconomy.util.errorhandling.McError;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.codec.binary.Hex;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/maconomy/api/security/McTrustedCertificateImport.class */
public final class McTrustedCertificateImport {
    private static final Logger logger = LoggerFactory.getLogger(McTrustedCertificateImport.class);
    private static final String TRUST_STORE_PROPERTY = "javax.net.ssl.trustStore";
    private static final String KEYSTORE_NAME = "jssecacerts";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/maconomy/api/security/McTrustedCertificateImport$SavingTrustManager.class */
    public static class SavingTrustManager implements X509TrustManager {
        private final X509TrustManager tm;
        private X509Certificate[] chain;

        SavingTrustManager(X509TrustManager x509TrustManager) {
            this.tm = x509TrustManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.chain = x509CertificateArr;
            this.tm.checkServerTrusted(x509CertificateArr, str);
        }
    }

    /* loaded from: input_file:com/maconomy/api/security/McTrustedCertificateImport$SecureSocketConfigurator.class */
    public interface SecureSocketConfigurator {
        void configure(SSLSocket sSLSocket);
    }

    private McTrustedCertificateImport() {
    }

    public static void tryLoadCertificateToKeystore(String str, int i) {
        tryLoadCertificateToKeystore(str, i, (MiOpt<SecureSocketConfigurator>) McOpt.none());
    }

    public static void tryLoadCertificateToKeystore(String str, int i, SecureSocketConfigurator secureSocketConfigurator) {
        tryLoadCertificateToKeystore(str, i, (MiOpt<SecureSocketConfigurator>) McOpt.opt(secureSocketConfigurator));
    }

    private static void tryLoadCertificateToKeystore(String str, int i, MiOpt<SecureSocketConfigurator> miOpt) {
        checkConnection(str, i, miOpt);
        try {
            loadCertificateToKeystore(str, i, ensureTrustStorePropertyIsSet(), miOpt);
        } catch (Exception e) {
            throw McError.create("Error(s) when attempting a certificate chain import, possible SSL misconfigurations.", e);
        }
    }

    private static void checkConnection(String str, int i, MiOpt<SecureSocketConfigurator> miOpt) {
        try {
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(null, null, null);
            SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
            if (logger.isDebugEnabled()) {
                logger.debug("Checking connection to {}:{}", str, Integer.valueOf(i));
            }
            SSLSocket sSLSocket = (SSLSocket) socketFactory.createSocket(str, i);
            Iterator it = miOpt.iterator();
            while (it.hasNext()) {
                ((SecureSocketConfigurator) it.next()).configure(sSLSocket);
            }
            sSLSocket.close();
            if (logger.isDebugEnabled()) {
                logger.debug("Successfully connected to {}:{}", str, Integer.valueOf(i));
            }
        } catch (IOException e) {
            throw McError.createNetworkExceptionWithMessage(McApiText.couldNoConnectTo(str, i), e);
        } catch (Exception e2) {
            throw McError.create(McApiText.couldNoConnectTo(str, i), e2);
        }
    }

    private static String ensureTrustStorePropertyIsSet() {
        if (System.getProperty(TRUST_STORE_PROPERTY) == null) {
            char c = File.separatorChar;
            MiOpt instanceLocation = McPlatformUtil.getInstanceLocation();
            if (instanceLocation.isDefined()) {
                System.setProperty(TRUST_STORE_PROPERTY, String.valueOf(((File) instanceLocation.get()).getPath()) + c + KEYSTORE_NAME);
            } else {
                System.setProperty(TRUST_STORE_PROPERTY, String.valueOf(System.getProperty("user.home")) + c + KEYSTORE_NAME);
            }
        }
        String property = System.getProperty(TRUST_STORE_PROPERTY);
        if (property == null) {
            throw McError.create("Could not initialize {javax.net.ssl.trustStore} to load the certificates");
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Successfully initialized {}={}", TRUST_STORE_PROPERTY, property);
        }
        return property;
    }

    private static void loadCertificateToKeystore(String str, int i, String str2, MiOpt<SecureSocketConfigurator> miOpt) throws Exception {
        char[] charArray = "cspubpass".toCharArray();
        File file = new File(str2);
        KeyStore loadKeystore = loadKeystore(file, charArray);
        X509Certificate[] certificateChain = getCertificateChain(str, i, loadKeystore, miOpt);
        if (certificateChain != null) {
            addCertificateChainToKeystore(certificateChain, loadKeystore, str2);
            saveKeystore(file, loadKeystore, charArray);
        }
    }

    private static KeyStore loadKeystore(File file, char[] cArr) throws Exception {
        FileInputStream fileInputStream;
        if (file.isFile()) {
            fileInputStream = new FileInputStream(file);
            if (logger.isDebugEnabled()) {
                logger.debug("Non-empty KeyStore '{}' - loading its contents...", file);
            }
        } else {
            fileInputStream = null;
            if (logger.isDebugEnabled()) {
                logger.debug("Empty KeyStore '{}' - it will be created...", file);
            }
        }
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(fileInputStream, cArr);
        if (fileInputStream != null) {
            fileInputStream.close();
        }
        return keyStore;
    }

    private static X509Certificate[] getCertificateChain(String str, int i, KeyStore keyStore, MiOpt<SecureSocketConfigurator> miOpt) {
        try {
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            SavingTrustManager savingTrustManager = new SavingTrustManager((X509TrustManager) trustManagerFactory.getTrustManagers()[0]);
            sSLContext.init(null, new TrustManager[]{savingTrustManager}, null);
            SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
            if (logger.isDebugEnabled()) {
                logger.debug("Opening connection to {}:{}", str, Integer.valueOf(i));
            }
            SSLSocket sSLSocket = (SSLSocket) socketFactory.createSocket(str, i);
            Iterator it = miOpt.iterator();
            while (it.hasNext()) {
                ((SecureSocketConfigurator) it.next()).configure(sSLSocket);
            }
            sSLSocket.setSoTimeout(10000);
            try {
                if (logger.isDebugEnabled()) {
                    logger.debug("Starting SSL handshake...");
                }
                sSLSocket.startHandshake();
                sSLSocket.close();
                if (!logger.isDebugEnabled()) {
                    return null;
                }
                logger.debug("No errors during SSL handshake, assuming certificate is already trusted");
                return null;
            } catch (SSLException unused) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Errors during SSL handshake, assuming certificate is not yet trusted");
                }
                X509Certificate[] x509CertificateArr = savingTrustManager.chain;
                if (x509CertificateArr == null && logger.isDebugEnabled()) {
                    logger.debug("Could not obtain server certificate chain");
                }
                return x509CertificateArr;
            }
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private static void addCertificateChainToKeystore(X509Certificate[] x509CertificateArr, KeyStore keyStore, String str) throws Exception {
        if (logger.isDebugEnabled()) {
            logger.debug("Server sent {} certificate(s):", Integer.valueOf(x509CertificateArr.length));
        }
        MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
        MessageDigest messageDigest2 = MessageDigest.getInstance("MD5");
        if (logger.isDebugEnabled()) {
            logger.debug("Adding all certificates present in the chain to the KeyStore '{}'", str);
        }
        for (int i = 0; i < x509CertificateArr.length; i++) {
            X509Certificate x509Certificate = x509CertificateArr[i];
            if (logger.isDebugEnabled()) {
                logger.debug("{} Subject {}", Integer.valueOf(i + 1), x509Certificate.getSubjectX500Principal());
                logger.debug("   Issuer  {}", x509Certificate.getIssuerDN());
            }
            messageDigest.update(x509Certificate.getEncoded());
            if (logger.isDebugEnabled()) {
                logger.debug("   sha1    {}", new String(Hex.encodeHex(messageDigest.digest())));
            }
            messageDigest2.update(x509Certificate.getEncoded());
            if (logger.isDebugEnabled()) {
                logger.debug("   md5     {}", new String(Hex.encodeHex(messageDigest2.digest())));
            }
            String name = x509Certificate.getSubjectX500Principal().getName();
            keyStore.setCertificateEntry(name, x509Certificate);
            if (logger.isDebugEnabled()) {
                logger.debug("Added certificate to keystore '{}' using alias '{}'", str, name);
            }
        }
    }

    private static void saveKeystore(File file, KeyStore keyStore, char[] cArr) throws Exception {
        createKeystoreFileIfNecessary(file);
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        keyStore.store(fileOutputStream, cArr);
        fileOutputStream.close();
    }

    private static void createKeystoreFileIfNecessary(File file) throws IOException {
        createKeystorePathDirsIfNecessary(file);
        file.createNewFile();
    }

    private static void createKeystorePathDirsIfNecessary(File file) {
        if (file.getParentFile() != null) {
            file.getParentFile().mkdirs();
        }
    }
}
