package com.ibm.ispim.appid.client.utils;

import com.ibm.ispim.appid.client.clt.ConsoleIO;
import com.ibm.ispim.appid.client.exceptions.CommunicationException;
import com.ibm.ispim.appid.client.messages.ClientMessages;
import com.ibm.ispim.appid.client.messages.MessageUtil;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.URL;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.cli.HelpFormatter;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.conn.ssl.BrowserCompatHostnameVerifier;
import org.codehaus.jackson.util.MinimalPrettyPrinter;

/* loaded from: input_file:com/ibm/ispim/appid/client/utils/CertManager.class */
public class CertManager {
    private static Log logger = LogFactory.getLog(CertManager.class.getName());
    private static final int HANDSHAKE_TIMEOUT_MSECS = 10000;

    /* loaded from: input_file:com/ibm/ispim/appid/client/utils/CertManager$X509ClientTrustManager.class */
    public static class X509ClientTrustManager implements X509TrustManager {
        private final X509TrustManager tm;
        private X509Certificate[] chain;

        X509ClientTrustManager(X509TrustManager x509TrustManager) {
            this.tm = x509TrustManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.tm.getAcceptedIssuers();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.chain = x509CertificateArr;
            this.tm.checkServerTrusted(x509CertificateArr, str);
        }
    }

    public static void checkCertInstall(URL url, String str, char[] cArr, boolean z) throws CommunicationException {
        if (url == null) {
            throw new CommunicationException(ClientMessages.APPID_CLIENT_ERROR_INSTALL_CERTIFICATE_FAILED, null);
        }
        ConsoleIO.verbose("Server URL: " + url);
        ConsoleIO.verbose("Keystore path: " + str);
        ConsoleIO.verbose("Starting SSL handshake...");
        X509ClientTrustManager x509ClientTrustManager = null;
        try {
            x509ClientTrustManager = getTrustManager(getKeyStore(str, cArr, true));
            SSLHandshake(x509ClientTrustManager, url.getHost(), url.getPort());
            verifyCertificates(x509ClientTrustManager.chain, url.getHost());
            ConsoleIO.verbose("Certificate is already trusted.");
        } catch (FileNotFoundException e) {
            throw new CommunicationException(ClientMessages.APPID_CLIENT_ERROR_INSTALL_CERTIFICATE_FAILED, null);
        } catch (SSLException e2) {
            ConsoleIO.verbose("Certificate is not trusted.");
            verifyCertificates(x509ClientTrustManager.chain, url.getHost());
            if (!z && !getCertificateInstallPermission(x509ClientTrustManager.chain)) {
                throw new CommunicationException(ClientMessages.APPID_CLIENT_ERROR_INSTALL_CERTIFICATE_FAILED, null);
            }
            saveCertToKeyStore(x509ClientTrustManager.chain, url.getHost(), str, cArr);
        }
    }

    public static SSLContext getSSLContext(URL url, String str, char[] cArr) throws CommunicationException {
        if (str == null || str.length() == 0 || cArr == null || cArr.length == 0) {
            throw new IllegalArgumentException(MessageUtil.INSTANCE.getMessage(ClientMessages.APPID_CLIENT_ERROR_INVALID_PARAMS, new String[0]));
        }
        ConsoleIO.verbose("Get SSL context.");
        SSLContext sSLContext = null;
        try {
            try {
                sSLContext = getSSLContextInternal(getTrustManager(getKeyStore(str, cArr, false)));
                if (sSLContext == null) {
                    ConsoleIO.verbose("Getting SSL context failed.");
                }
                return sSLContext;
            } catch (FileNotFoundException e) {
                throw new CommunicationException(ClientMessages.APPID_CLIENT_ERROR_INVALID_KEYSTORE_PATH, e);
            }
        } catch (Throwable th) {
            if (sSLContext == null) {
                ConsoleIO.verbose("Getting SSL context failed.");
            }
            throw th;
        }
    }

    private static void saveCertToKeyStore(X509Certificate[] x509CertificateArr, String str, String str2, char[] cArr) throws CommunicationException {
        try {
            KeyStore keyStore = getKeyStore(str2, cArr, true);
            FileOutputStream fileOutputStream = new FileOutputStream(str2);
            for (int i = 0; i < x509CertificateArr.length; i++) {
                X509Certificate x509Certificate = x509CertificateArr[i];
                String str3 = str + HelpFormatter.DEFAULT_OPT_PREFIX + (i + 1);
                keyStore.setCertificateEntry(str3, x509Certificate);
                keyStore.store(fileOutputStream, cArr);
                ConsoleIO.verbose("Added certificate to keystore using alias: " + str3);
            }
        } catch (FileNotFoundException e) {
            throw new CommunicationException(ClientMessages.APPID_CLIENT_ERROR_INVALID_KEYSTORE_PATH, e);
        } catch (IOException e2) {
            throw new CommunicationException(ClientMessages.APPID_CLIENT_ERROR_SAVE_TO_STORE_FAIL, e2);
        } catch (KeyStoreException e3) {
            logger.warn(e3.getMessage(), e3);
        } catch (NoSuchAlgorithmException e4) {
            logger.warn(e4.getMessage(), e4);
        } catch (CertificateException e5) {
            throw new CommunicationException(ClientMessages.APPID_CLIENT_ERROR_SAVE_TO_STORE_FAIL, e5);
        } catch (SSLException e6) {
            throw new CommunicationException(ClientMessages.APPID_CLIENT_ERROR_CERTIFICATE_ERROR, e6);
        }
    }

    private static KeyStore getKeyStore(String str, char[] cArr, boolean z) throws FileNotFoundException, CommunicationException {
        try {
            return findKeyStore(str, cArr);
        } catch (FileNotFoundException e) {
            if (z) {
                return createKeyStore();
            }
            throw e;
        }
    }

    public static KeyStore findKeyStore(String str, char[] cArr) throws CommunicationException, FileNotFoundException {
        File file = new File(str);
        if (!file.isFile()) {
            ConsoleIO.verbose("Keystore file not found: " + str);
            throw new FileNotFoundException();
        }
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            try {
                try {
                    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    ConsoleIO.verbose("Loading keystore: " + file);
                    keyStore.load(fileInputStream, cArr);
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e) {
                        }
                    }
                    return keyStore;
                } catch (Throwable th) {
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e2) {
                        }
                    }
                    throw th;
                }
            } catch (IOException e3) {
                throw new CommunicationException(ClientMessages.APPID_CLIENT_ERROR_KEYSTORE_PASSWORD, e3);
            } catch (NoSuchAlgorithmException e4) {
                logger.warn(e4.getMessage(), e4);
                if (fileInputStream == null) {
                    return null;
                }
                try {
                    fileInputStream.close();
                    return null;
                } catch (IOException e5) {
                    return null;
                }
            }
        } catch (KeyStoreException e6) {
            logger.warn(e6.getMessage(), e6);
            if (fileInputStream == null) {
                return null;
            }
            try {
                fileInputStream.close();
                return null;
            } catch (IOException e7) {
                return null;
            }
        } catch (CertificateException e8) {
            throw new CommunicationException(ClientMessages.APPID_CLIENT_ERROR_CANNOT_LOAD_CERT, e8);
        }
    }

    private static KeyStore createKeyStore() {
        try {
            ConsoleIO.verbose("Creating a new keystore.");
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null);
            return keyStore;
        } catch (IOException e) {
            logger.warn(e.getMessage(), e);
            return null;
        } catch (KeyStoreException e2) {
            logger.warn(e2.getMessage(), e2);
            return null;
        } catch (NoSuchAlgorithmException e3) {
            logger.warn(e3.getMessage(), e3);
            return null;
        } catch (CertificateException e4) {
            logger.warn(e4.getMessage(), e4);
            return null;
        }
    }

    private static X509ClientTrustManager getTrustManager(KeyStore keyStore) throws CommunicationException {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            return new X509ClientTrustManager((X509TrustManager) trustManagerFactory.getTrustManagers()[0]);
        } catch (KeyStoreException e) {
            throw new CommunicationException(ClientMessages.APPID_CLIENT_ERROR_CANNOT_INIT_TRUST_MANAGER, e);
        } catch (NoSuchAlgorithmException e2) {
            logger.warn(e2.getMessage(), e2);
            return null;
        }
    }

    private static SSLContext getSSLContextInternal(X509TrustManager x509TrustManager) throws CommunicationException {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{x509TrustManager}, null);
            return sSLContext;
        } catch (KeyManagementException e) {
            throw new CommunicationException(ClientMessages.APPID_CLIENT_ERROR_HTTP_ACTION_ERROR, e);
        } catch (NoSuchAlgorithmException e2) {
            logger.warn(e2.getMessage(), e2);
            return null;
        }
    }

    private static void SSLHandshake(X509TrustManager x509TrustManager, String str, int i) throws SSLException, CommunicationException {
        SSLSocket sSLSocket = null;
        try {
            try {
                try {
                    ConsoleIO.verbose("Opening connection to " + str + ":" + i);
                    sSLSocket = (SSLSocket) getSSLContextInternal(x509TrustManager).getSocketFactory().createSocket(str, i);
                    sSLSocket.setSoTimeout(10000);
                    ConsoleIO.verbose("Starting SSL handshake...");
                    sSLSocket.startHandshake();
                    if (sSLSocket != null) {
                        try {
                            sSLSocket.close();
                        } catch (IOException e) {
                        }
                    }
                } catch (IOException e2) {
                    throw new CommunicationException(ClientMessages.APPID_CLIENT_ERROR_HTTP_ACTION_ERROR, e2);
                }
            } catch (UnknownHostException e3) {
                throw new CommunicationException(ClientMessages.APPID_CLIENT_ERROR_UNKNOWN_SERVER, e3);
            } catch (SSLException e4) {
                throw e4;
            }
        } catch (Throwable th) {
            if (sSLSocket != null) {
                try {
                    sSLSocket.close();
                } catch (IOException e5) {
                }
            }
            throw th;
        }
    }

    private static void verifyCertificates(X509Certificate[] x509CertificateArr, String str) throws CommunicationException {
        if (x509CertificateArr != null) {
            try {
                if (x509CertificateArr.length != 0) {
                    new BrowserCompatHostnameVerifier().verify(str, x509CertificateArr[0]);
                    return;
                }
            } catch (SSLException e) {
                throw new CommunicationException(ClientMessages.APPID_CLIENT_ERROR_CERTIFICATE_ERROR, e);
            }
        }
        throw new CommunicationException(ClientMessages.APPID_CLIENT_ERROR_INSTALL_CERTIFICATE_FAILED, null);
    }

    private static boolean getCertificateInstallPermission(X509Certificate[] x509CertificateArr) {
        ConsoleIO.info(StringProvider.getString("info_server_cert_info"));
        for (int length = x509CertificateArr.length - 1; length >= 0; length--) {
            ConsoleIO.info("\n" + StringProvider.getString("info_certificate") + (x509CertificateArr.length - length));
            ConsoleIO.info(StringProvider.getString("info_subject_dn") + x509CertificateArr[length].getSubjectDN());
            ConsoleIO.info(StringProvider.getString("info_issuer_dn") + x509CertificateArr[length].getIssuerDN());
            ConsoleIO.info(StringProvider.getString("info_serial_number") + formatSerialNumber(x509CertificateArr[length].getSerialNumber()));
        }
        ConsoleIO.info(MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR);
        return ConsoleIO.getCertificateInstallPermission();
    }

    private static String formatSerialNumber(BigInteger bigInteger) {
        String upperCase = bigInteger.toString(16).toUpperCase();
        if (upperCase.length() % 2 != 0) {
            upperCase = "0" + upperCase;
        }
        char[] charArray = upperCase.toCharArray();
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < charArray.length; i += 2) {
            sb.append(charArray[i]).append(charArray[i + 1]).append(' ');
        }
        return sb.toString();
    }
}
