package ghidra.net;

import ghidra.framework.preferences.Preferences;
import ghidra.security.KeyStorePasswordProvider;
import ghidra.util.Msg;
import ghidra.util.SystemUtilities;
import ghidra.util.exception.CancelledException;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.Socket;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:ghidra/net/ApplicationKeyManagerFactory.class */
public class ApplicationKeyManagerFactory {
    public static final String KEYSTORE_PATH_PROPERTY = "ghidra.keystore";
    public static final String KEYSTORE_PASSWORD_PROPERTY = "ghidra.password";
    public static final String DEFAULT_PASSWORD = "changeme";
    private static final int SELF_SIGNED_DURATION_DAYS = 730;
    private static KeyStorePasswordProvider customPasswordProvider;
    private static X500Principal defaultIdentity;
    private static List<String> subjectAlternativeNames;
    private static ApplicationKeyManagerFactory instance;
    private ApplicationKeyManager keyManagerWrapper = new ApplicationKeyManager(this);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:ghidra/net/ApplicationKeyManagerFactory$ApplicationKeyManager.class */
    public class ApplicationKeyManager extends X509ExtendedKeyManager {
        private X509KeyManager wrappedKeyManager;
        private String keystorePath;
        private boolean isSelfSigned = false;

        private ApplicationKeyManager(ApplicationKeyManagerFactory applicationKeyManagerFactory) {
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
            return super.chooseEngineServerAlias(str, principalArr, sSLEngine);
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
            return super.chooseEngineClientAlias(strArr, principalArr, sSLEngine);
        }

        @Override // javax.net.ssl.X509KeyManager
        public synchronized String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            try {
                init();
            } catch (CancelledException e) {
            }
            if (this.wrappedKeyManager == null) {
                return null;
            }
            return this.wrappedKeyManager.chooseClientAlias(strArr, principalArr, socket);
        }

        @Override // javax.net.ssl.X509KeyManager
        public synchronized String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            try {
                init();
            } catch (CancelledException e) {
            }
            if (this.wrappedKeyManager == null) {
                return null;
            }
            return this.wrappedKeyManager.chooseServerAlias(str, principalArr, socket);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            try {
                init();
            } catch (CancelledException e) {
            }
            if (this.wrappedKeyManager == null) {
                return null;
            }
            return this.wrappedKeyManager.getClientAliases(str, principalArr);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            try {
                init();
            } catch (CancelledException e) {
            }
            if (this.wrappedKeyManager == null) {
                return null;
            }
            return this.wrappedKeyManager.getServerAliases(str, principalArr);
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            if (this.wrappedKeyManager == null) {
                return null;
            }
            return this.wrappedKeyManager.getCertificateChain(str);
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            if (this.wrappedKeyManager == null) {
                return null;
            }
            return this.wrappedKeyManager.getPrivateKey(str);
        }

        private synchronized void invalidateKey() {
            this.wrappedKeyManager = null;
            this.keystorePath = null;
            this.isSelfSigned = false;
        }

        private synchronized String getKeyStore() {
            return this.wrappedKeyManager != null ? this.keystorePath : ApplicationKeyManagerFactory.getPreferredKeyStore();
        }

        private synchronized boolean usingGeneratedSelfSignedCertificate() {
            return this.wrappedKeyManager != null && this.isSelfSigned;
        }

        private synchronized boolean init() throws CancelledException {
            if (this.wrappedKeyManager != null) {
                return true;
            }
            return init(ApplicationKeyManagerFactory.getPreferredKeyStore());
        }

        /* JADX WARN: Removed duplicated region for block: B:26:0x00dd A[Catch: CancelledException -> 0x0112, Exception -> 0x0115, all -> 0x0134, TryCatch #1 {CancelledException -> 0x0112, blocks: (B:42:0x001e, B:44:0x0025, B:15:0x0081, B:17:0x00a8, B:19:0x00b2, B:24:0x00d2, B:26:0x00dd, B:32:0x00e9, B:34:0x00f0, B:35:0x00fc, B:12:0x002d, B:14:0x0033), top: B:41:0x001e, outer: #0 }] */
        /* JADX WARN: Removed duplicated region for block: B:29:0x0109  */
        /* JADX WARN: Removed duplicated region for block: B:31:0x0143 A[ORIG_RETURN, RETURN] */
        /* JADX WARN: Removed duplicated region for block: B:32:0x00e9 A[Catch: CancelledException -> 0x0112, Exception -> 0x0115, all -> 0x0134, TryCatch #1 {CancelledException -> 0x0112, blocks: (B:42:0x001e, B:44:0x0025, B:15:0x0081, B:17:0x00a8, B:19:0x00b2, B:24:0x00d2, B:26:0x00dd, B:32:0x00e9, B:34:0x00f0, B:35:0x00fc, B:12:0x002d, B:14:0x0033), top: B:41:0x001e, outer: #0 }] */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        private synchronized boolean init(java.lang.String r10) throws ghidra.util.exception.CancelledException {
            /*
                Method dump skipped, instructions count: 325
                To view this dump add '--comments-level debug' option
            */
            throw new UnsupportedOperationException("Method not decompiled: ghidra.net.ApplicationKeyManagerFactory.ApplicationKeyManager.init(java.lang.String):boolean");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:ghidra/net/ApplicationKeyManagerFactory$ProtectedKeyStoreData.class */
    public static class ProtectedKeyStoreData {
        KeyStore keyStore;
        char[] password;

        ProtectedKeyStoreData(KeyStore keyStore, char[] cArr) {
            this.keyStore = keyStore;
            this.password = cArr != null ? (char[]) cArr.clone() : null;
        }

        void dispose() {
            if (this.password != null) {
                Arrays.fill(this.password, ' ');
            }
            this.keyStore = null;
        }

        protected void finalize() throws Throwable {
            dispose();
            super.finalize();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static synchronized ApplicationKeyManagerFactory getInstance() {
        if (instance == null) {
            instance = new ApplicationKeyManagerFactory();
        }
        return instance;
    }

    private static ApplicationKeyManager getKeyManagerWrapper() {
        return getInstance().keyManagerWrapper;
    }

    public static synchronized void setKeyStorePasswordProvider(KeyStorePasswordProvider keyStorePasswordProvider) {
        customPasswordProvider = keyStorePasswordProvider;
    }

    private static String prunePath(String str) {
        if (str != null) {
            str = str.trim();
            if (str.length() == 0) {
                str = null;
            }
        }
        return str;
    }

    public static synchronized boolean setKeyStore(String str, boolean z) {
        if (System.getProperty(KEYSTORE_PATH_PROPERTY) != null) {
            Msg.showError(ApplicationKeyManagerFactory.class, null, "Set KeyStore Failed", "PKI KeyStore was set via system property and can not be changed");
            return false;
        }
        String prunePath = prunePath(str);
        try {
            boolean init = getKeyManagerWrapper().init(prunePath);
            if (z && (prunePath == null || init)) {
                Preferences.setProperty(KEYSTORE_PATH_PROPERTY, prunePath);
                Preferences.store();
            }
            return init;
        } catch (CancelledException e) {
            return false;
        }
    }

    public static synchronized String getKeyStore() {
        return getKeyManagerWrapper().getKeyStore();
    }

    public static synchronized String getPreferredKeyStore() {
        String prunePath = prunePath(System.getProperty(KEYSTORE_PATH_PROPERTY));
        if (prunePath == null && !SystemUtilities.isInHeadlessMode()) {
            prunePath = prunePath(Preferences.getProperty(KEYSTORE_PATH_PROPERTY));
        }
        return prunePath;
    }

    public static synchronized boolean usingGeneratedSelfSignedCertificate() {
        return getKeyManagerWrapper().usingGeneratedSelfSignedCertificate();
    }

    public static synchronized void setDefaultIdentity(X500Principal x500Principal) {
        defaultIdentity = x500Principal;
        getKeyManagerWrapper().invalidateKey();
    }

    public static synchronized void addSubjectAlternativeName(String str) {
        if (str == null) {
            subjectAlternativeNames = null;
        } else {
            if (subjectAlternativeNames == null) {
                subjectAlternativeNames = new ArrayList();
            }
            subjectAlternativeNames.add(str);
        }
        getKeyManagerWrapper().invalidateKey();
    }

    public static synchronized List<String> getSubjectAlternativeName() {
        return Collections.unmodifiableList(subjectAlternativeNames);
    }

    public static synchronized boolean initialize() {
        try {
            return getKeyManagerWrapper().init();
        } catch (CancelledException e) {
            return false;
        }
    }

    public static synchronized void invalidateKeyManagers() {
        getKeyManagerWrapper().invalidateKey();
    }

    private ApplicationKeyManagerFactory() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyManager[] getKeyManagers() {
        return new KeyManager[]{this.keyManagerWrapper};
    }

    private static ProtectedKeyStoreData getProtectedKeyStoreData(String str) throws CancelledException, KeyStoreException {
        char[] cArr;
        char[] cArr2;
        Msg.info(ApplicationKeyManagerFactory.class, "Using certificate keystore: " + str);
        String property = System.getProperty(KEYSTORE_PASSWORD_PROPERTY);
        int i = 0;
        while (true) {
            cArr = new char[0];
            cArr2 = null;
            if (i == 0) {
                break;
            }
            if (i == 1) {
                Msg.debug(ApplicationKeyManagerFactory.class, "Attempting to load keystore without password...");
                cArr = DEFAULT_PASSWORD.toCharArray();
                break;
            }
            if (i != 2) {
                if (customPasswordProvider != null) {
                    disposePassword(null);
                    cArr2 = cArr;
                    cArr = customPasswordProvider.getKeyStorePassword(str, i != 3);
                    if (cArr == null) {
                        throw new CancelledException();
                    }
                    if (Arrays.equals(cArr, cArr2)) {
                        disposePassword(cArr2);
                        disposePassword(cArr);
                    } else {
                        Msg.debug(ApplicationKeyManagerFactory.class, "Attempting to open keystore with user-supplied password...");
                    }
                } else {
                    disposePassword(null);
                    disposePassword(cArr);
                }
                throw new KeyStoreException("Failed to unlock key storage: " + str);
            }
            if (property != null) {
                Msg.debug(ApplicationKeyManagerFactory.class, "Attempting to load keystore with property-based password...");
                cArr = property.toCharArray();
                break;
            }
            try {
                try {
                    try {
                        i++;
                        disposePassword(null);
                        disposePassword(cArr);
                    } catch (IOException | KeyStoreException e) {
                        if (getIOException(e) == null) {
                            throw new KeyStoreException("Failed to process keystore (" + i + "): " + str, e);
                        }
                        disposePassword(null);
                        disposePassword(cArr);
                    }
                } catch (FileNotFoundException | NoSuchAlgorithmException | CertificateException e2) {
                    throw new KeyStoreException("Failed to process keystore: " + str, e2);
                }
            } catch (Throwable th) {
                disposePassword(null);
                disposePassword(cArr);
                throw th;
            }
        }
        int i2 = i + 1;
        ProtectedKeyStoreData protectedKeyStoreData = new ProtectedKeyStoreData(ApplicationKeyStore.getKeyStoreInstance(str, cArr), cArr);
        disposePassword(cArr2);
        disposePassword(cArr);
        return protectedKeyStoreData;
    }

    private static void disposePassword(char[] cArr) {
        if (cArr != null) {
            Arrays.fill(cArr, (char) 0);
        }
    }

    private static IOException getIOException(Exception exc) {
        Throwable th = exc;
        while (true) {
            Throwable th2 = th;
            if (th2 == null) {
                return null;
            }
            if (th2 instanceof IOException) {
                return (IOException) th2;
            }
            th = th2.getCause();
        }
    }
}
