package com.urbancode.commons.util.ssl;

import com.infradna.tool.bridge_method_injector.BridgeMethodsAdded;
import com.urbancode.commons.util.crypto.SecureRandomHelper;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Set;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.log4j.Logger;

@BridgeMethodsAdded
/* loaded from: input_file:lib/udclient.jar:com/urbancode/commons/util/ssl/SslSupport.class */
public class SslSupport implements X509CertStore {
    private static final Logger log = Logger.getLogger(SslSupport.class);
    private SSLContext sslContext;
    private KeyStore keyStore;
    private boolean checkCertificates;
    private boolean storeUntrustedCertificates;
    private ClientAuthMode clientAuthMode;
    private String keyStorePassword;
    private String keyPassword;
    private File keyStoreFile;
    private Thread keyStoreCheckThread;
    private long keyStoreLastModified;
    private int keyStoreCheckSeconds;
    private final Set<StoredX509Cert> untrustedCertSet = new HashSet();
    private String sslContextProtocol = SSLContextProtocolDetector.detectSslContextProtocol();

    public SslSupport() {
        log.debug("Chose " + this.sslContextProtocol + " for SSLContext protocol.");
    }

    public synchronized ClientAuthMode getClientAuthMode() {
        return this.clientAuthMode;
    }

    public synchronized void setClientAuthMode(ClientAuthMode clientAuthMode) {
        assertNotInitialized();
        this.clientAuthMode = clientAuthMode;
    }

    public synchronized int getKeyStoreCheckSeconds() {
        return this.keyStoreCheckSeconds;
    }

    public synchronized void setKeyStoreCheckSeconds(int i) {
        assertNotInitialized();
        this.keyStoreCheckSeconds = i;
    }

    public synchronized boolean isCheckCertificates() {
        return this.checkCertificates;
    }

    public synchronized void setCheckCertificates(boolean z) {
        assertNotInitialized();
        this.checkCertificates = z;
    }

    public synchronized boolean isStoreUntrustedCertificates() {
        return this.storeUntrustedCertificates;
    }

    public synchronized void setStoreUntrustedCertificates(boolean z) {
        assertNotInitialized();
        this.storeUntrustedCertificates = z;
    }

    public synchronized String getKeyStorePassword() {
        return this.keyStorePassword;
    }

    public synchronized void setKeyStorePassword(String str) {
        assertNotInitialized();
        this.keyStorePassword = str;
    }

    public synchronized String getKeyPassword() {
        return this.keyPassword;
    }

    public synchronized void setKeyPassword(String str) {
        assertNotInitialized();
        this.keyPassword = str;
    }

    public synchronized File getKeyStoreFile() {
        return this.keyStoreFile;
    }

    public synchronized void setKeyStoreFile(File file) {
        assertNotInitialized();
        this.keyStoreFile = file;
    }

    public synchronized String getSslContextProtocol() {
        return this.sslContextProtocol;
    }

    public synchronized void setSslContextProtocol(String str) {
        this.sslContextProtocol = str;
    }

    public synchronized SSLSocketFactory getSSLSocketFactory() throws GeneralSecurityException, IOException {
        initialize();
        return getSSLContext().getSocketFactory();
    }

    public synchronized SSLServerSocketFactory getSSLServerSocketFactory() throws GeneralSecurityException, IOException {
        initialize();
        return new ClientAuthSSLServerSocketFactory(getSSLContext().getServerSocketFactory(), this.clientAuthMode);
    }

    public synchronized void initialize() throws GeneralSecurityException, IOException {
        if (isInitialized()) {
            return;
        }
        validateAtInitialization();
        loadKeyStore();
        if (this.keyStoreCheckSeconds > 0) {
            this.keyStoreCheckThread = new Thread(null, new Runnable() { // from class: com.urbancode.commons.util.ssl.SslSupport.1
                private long sleepMS;

                {
                    this.sleepMS = SslSupport.this.keyStoreCheckSeconds * 1000;
                }

                @Override // java.lang.Runnable
                public void run() {
                    while (true) {
                        try {
                            Thread.sleep(this.sleepMS);
                            synchronized (SslSupport.this) {
                                if (SslSupport.this.keyStoreFile.lastModified() > SslSupport.this.keyStoreLastModified) {
                                    SslSupport.log.info("Detected a changed to the SSL keystore, reloading the keystore");
                                    SslSupport.this.loadKeyStore();
                                }
                            }
                        } catch (IOException e) {
                            SslSupport.log.warn("SslSupport Keystore Monitor Error: " + e.toString());
                        } catch (InterruptedException e2) {
                            SslSupport.log.warn("SslSupport Keystore Monitor Error: " + e2.toString());
                        } catch (GeneralSecurityException e3) {
                            SslSupport.log.warn("SslSupport Keystore Monitor Error: " + e3.toString());
                        }
                    }
                }
            }, "SslSupport-KeyStoreMonitor");
            this.keyStoreCheckThread.setDaemon(true);
            this.keyStoreCheckThread.start();
        }
    }

    public synchronized boolean isKeyPresent(String str) throws GeneralSecurityException, IOException {
        initialize();
        return this.keyStore.isKeyEntry(str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void loadKeyStore() throws GeneralSecurityException, IOException {
        this.keyStoreLastModified = this.keyStoreFile.lastModified();
        this.keyStore = newKeyStore();
        loadKeyStore(this.keyStore, this.keyStoreFile, this.keyStorePassword);
        KeyManager[] newKeyManagers = newKeyManagers(this.keyStore, this.keyPassword);
        TrustManager[] newTrustManagers = newTrustManagers(this.keyStore);
        SecureRandom secureRandom = SecureRandomHelper.getSecureRandom();
        if (this.sslContext == null) {
            this.sslContext = newSSLContext(newKeyManagers, newTrustManagers, secureRandom);
        } else {
            this.sslContext.init(newKeyManagers, newTrustManagers, secureRandom);
        }
    }

    private void validateAtInitialization() {
        if (this.clientAuthMode == null) {
            throw new IllegalStateException("clientAuthMode not set");
        }
        if (this.keyStorePassword == null) {
            throw new IllegalStateException("keyStorePassword not set");
        }
        if (this.keyPassword == null) {
            throw new IllegalStateException("keyPassword not set");
        }
        if (this.keyStoreFile == null) {
            throw new IllegalStateException("keyStoreFile not set");
        }
    }

    private SSLContext getSSLContext() {
        return this.sslContext;
    }

    private boolean isInitialized() {
        return getSSLContext() != null;
    }

    private void assertNotInitialized() {
        if (isInitialized()) {
            throw new IllegalStateException("already initialized");
        }
    }

    private KeyManager[] newKeyManagers(KeyStore keyStore, String str) throws GeneralSecurityException {
        return newKeyManagerFactory(keyStore, str).getKeyManagers();
    }

    private TrustManager[] newTrustManagers(KeyStore keyStore) throws KeyStoreException {
        TrustManager[] newOpenTrustManagers;
        if (isCheckCertificates()) {
            TrustManagerFactory newTrustManagerFactory = newTrustManagerFactory();
            newTrustManagerFactory.init(keyStore);
            newOpenTrustManagers = newTrustManagerFactory.getTrustManagers();
        } else {
            newOpenTrustManagers = newOpenTrustManagers();
        }
        if (isStoreUntrustedCertificates()) {
            newOpenTrustManagers = StoringX509TrustManager.wrap(newOpenTrustManagers, this);
        }
        return newOpenTrustManagers;
    }

    private TrustManager[] newOpenTrustManagers() {
        return new TrustManager[]{new OpenX509TrustManager()};
    }

    private TrustManagerFactory newTrustManagerFactory() {
        try {
            return TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("The default trust manager algorithm is unavailable", e);
        }
    }

    private KeyManagerFactory newKeyManagerFactory(KeyStore keyStore, String str) throws GeneralSecurityException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, str.toCharArray());
        return keyManagerFactory;
    }

    private SSLContext newSSLContext(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, SecureRandom secureRandom) {
        try {
            SSLContext sSLContext = SSLContext.getInstance(this.sslContextProtocol);
            sSLContext.init(keyManagerArr, trustManagerArr, secureRandom);
            return sSLContext;
        } catch (KeyManagementException e) {
            throw new RuntimeException(e.toString(), e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException("SSL protocol \"" + this.sslContextProtocol + "\" is not available", e2);
        }
    }

    private void loadKeyStore(KeyStore keyStore, File file, String str) throws GeneralSecurityException, IOException {
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            keyStore.load(fileInputStream, str.toCharArray());
            fileInputStream.close();
        } catch (Throwable th) {
            fileInputStream.close();
            throw th;
        }
    }

    private KeyStore newKeyStore() {
        try {
            return KeyStore.getInstance("JKS");
        } catch (KeyStoreException e) {
            throw new RuntimeException("Key store type \"JKS\" is not available", e);
        }
    }

    @Override // com.urbancode.commons.util.ssl.X509CertStore
    public void store(StoredX509Cert storedX509Cert, boolean z) {
        if (z) {
            return;
        }
        synchronized (this.untrustedCertSet) {
            this.untrustedCertSet.add(storedX509Cert);
        }
    }

    @Override // com.urbancode.commons.util.ssl.X509CertStore
    public StoredX509Cert[] getStoredTrustedCerts() {
        return null;
    }

    @Override // com.urbancode.commons.util.ssl.X509CertStore
    public StoredX509Cert[] getStoredUntrustedCerts() {
        StoredX509Cert[] storedX509CertArr;
        synchronized (this.untrustedCertSet) {
            storedX509CertArr = (StoredX509Cert[]) this.untrustedCertSet.toArray(new StoredX509Cert[this.untrustedCertSet.size()]);
        }
        return storedX509CertArr;
    }

    @Override // com.urbancode.commons.util.ssl.X509CertStore
    public void removeUntrustedCert(StoredX509Cert storedX509Cert) {
        synchronized (this.untrustedCertSet) {
            this.untrustedCertSet.remove(storedX509Cert);
        }
    }

    @Override // com.urbancode.commons.util.ssl.X509CertStore
    public synchronized void trustCert(StoredX509Cert storedX509Cert, String str) throws Exception {
        log.info("Trusting cert " + storedX509Cert + " as alias '" + str + "'.");
        KeyStore newKeyStore = newKeyStore();
        loadKeyStore(newKeyStore, this.keyStoreFile, this.keyStorePassword);
        for (X509Certificate x509Certificate : storedX509Cert.getChain()) {
            newKeyStore.setCertificateEntry(str, x509Certificate);
        }
        try {
            log.info("Updating keystore '" + this.keyStoreFile + "'...");
            newKeyStore.store(new FileOutputStream(this.keyStoreFile), this.keyStorePassword.toCharArray());
            removeUntrustedCert(storedX509Cert);
            log.info("Reloading keystore '" + this.keyStoreFile + "'...");
            loadKeyStore();
            log.info("Reloading keystore complete.");
        } catch (Exception e) {
            log.error("Error updating keystore with trusted certificate.", e);
            throw new KeyStoreException(e);
        }
    }
}
