package org.safehaus.jettyjam.utils;

import com.fasterxml.jackson.core.util.MinimalPrettyPrinter;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.ConnectException;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:jettyjam-utils-2.1.5.jar:org/safehaus/jettyjam/utils/CertUtils.class
 */
/* loaded from: input_file:org/safehaus/jettyjam/utils/CertUtils.class */
public class CertUtils {
    private static final Logger LOG;
    private static final char[] HEX_DIGITS;
    private static final Set<String> trustedHosts;
    private static final Object lock;
    private static File certStore;

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:jettyjam-utils-2.1.5.jar:org/safehaus/jettyjam/utils/CertUtils$SavingTrustManager.class
     */
    /* loaded from: input_file:org/safehaus/jettyjam/utils/CertUtils$SavingTrustManager.class */
    public static class SavingTrustManager implements X509TrustManager {
        private final X509TrustManager tm;
        private X509Certificate[] chain;

        SavingTrustManager(X509TrustManager x509TrustManager) {
            this.tm = x509TrustManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.chain = x509CertificateArr;
            this.tm.checkServerTrusted(x509CertificateArr, str);
        }
    }

    public static void preparations(String str, int i) {
        if (isTrusted(str)) {
            return;
        }
        try {
            installHostKey(null, str);
        } catch (Exception e) {
            LOG.error("Failed to install certificate for host " + str, (Throwable) e);
            try {
                installCert(str, i, null);
            } catch (Exception e2) {
                LOG.error("Failed to get certificate from server {} on port {}: dumping stack trace!", str, Integer.valueOf(i));
                e.printStackTrace();
            }
        }
    }

    public static boolean isTrusted(String str) {
        boolean contains;
        synchronized (lock) {
            contains = trustedHosts.contains(str);
        }
        return contains;
    }

    public static boolean isStoreInitialized() {
        return certStore != null;
    }

    public static void installHostKey(char[] cArr, String... strArr) throws Exception {
        if (cArr == null) {
            cArr = "changeit".toCharArray();
        }
        File file = certStore != null ? certStore : new File("jssecacerts");
        if (!file.isFile()) {
            char c = File.separatorChar;
            File file2 = new File(System.getProperty("java.home") + c + "lib" + c + "security");
            file = new File(file2, "jssecacerts");
            if (!file.isFile()) {
                file = new File(file2, "cacerts");
            }
        }
        certStore = file;
        LOG.debug("Loading KeyStore {}", file);
        FileInputStream fileInputStream = new FileInputStream(file);
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(fileInputStream, cArr);
        fileInputStream.close();
        Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(getCertificateStream());
        for (String str : strArr) {
            keyStore.setCertificateEntry(str, generateCertificate);
            LOG.debug("Added certificate to keystore 'jssecacerts' using alias '" + str + "'");
        }
        FileOutputStream fileOutputStream = new FileOutputStream("jssecacerts");
        keyStore.store(fileOutputStream, cArr);
        fileOutputStream.close();
        synchronized (lock) {
            Collections.addAll(trustedHosts, strArr);
        }
    }

    private static InputStream getCertificateStream() throws IOException {
        DataInputStream dataInputStream = new DataInputStream(CertUtils.class.getClassLoader().getResourceAsStream("default-key.cer"));
        byte[] bArr = new byte[dataInputStream.available()];
        dataInputStream.readFully(bArr);
        return new ByteArrayInputStream(bArr);
    }

    public static void installCert(String str, int i, char[] cArr) throws Exception {
        int i2;
        if (cArr == null) {
            cArr = "changeit".toCharArray();
        }
        File file = certStore != null ? certStore : new File("jssecacerts");
        if (!file.isFile()) {
            char c = File.separatorChar;
            File file2 = new File(System.getProperty("java.home") + c + "lib" + c + "security");
            file = new File(file2, "jssecacerts");
            if (!file.isFile()) {
                file = new File(file2, "cacerts");
            }
        }
        certStore = file;
        LOG.debug("Loading KeyStore {}", file);
        FileInputStream fileInputStream = new FileInputStream(file);
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(fileInputStream, cArr);
        fileInputStream.close();
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        SavingTrustManager savingTrustManager = new SavingTrustManager((X509TrustManager) trustManagerFactory.getTrustManagers()[0]);
        sSLContext.init(null, new TrustManager[]{savingTrustManager}, null);
        SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
        SSLSocket sSLSocket = null;
        int i3 = 0;
        boolean z = false;
        ConnectException connectException = null;
        do {
            try {
                LOG.info("Opening connection to {}:{}", str, Integer.valueOf(i));
                sSLSocket = (SSLSocket) socketFactory.createSocket(str, i);
                sSLSocket.setSoTimeout(10000);
                z = true;
            } catch (ConnectException e) {
                connectException = e;
                Thread.sleep(1500L);
            }
            if (z) {
                break;
            }
            i2 = i3;
            i3++;
        } while (i2 < 10);
        if (!z) {
            throw connectException;
        }
        try {
            LOG.debug("Starting SSL handshake...");
            sSLSocket.startHandshake();
            sSLSocket.close();
            LOG.debug("No errors, certificate is already trusted");
        } catch (SSLException e2) {
            LOG.debug("Cert is NOT trusted: {}", e2.getMessage());
        }
        X509Certificate[] x509CertificateArr = savingTrustManager.chain;
        if (x509CertificateArr == null) {
            LOG.warn("Could not obtain server certificate chain");
            return;
        }
        LOG.debug("Server sent " + x509CertificateArr.length + " certificate(s):");
        MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
        MessageDigest messageDigest2 = MessageDigest.getInstance("MD5");
        for (int i4 = 0; i4 < x509CertificateArr.length; i4++) {
            X509Certificate x509Certificate = x509CertificateArr[i4];
            LOG.debug(MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR + (i4 + 1) + " Subject " + x509Certificate.getSubjectDN());
            LOG.debug("   Issuer  " + x509Certificate.getIssuerDN());
            messageDigest.update(x509Certificate.getEncoded());
            LOG.debug("   sha1    " + toHexString(messageDigest.digest()));
            messageDigest2.update(x509Certificate.getEncoded());
            LOG.debug("   md5     " + toHexString(messageDigest2.digest()));
        }
        X509Certificate x509Certificate2 = x509CertificateArr[0];
        keyStore.setCertificateEntry(str, x509Certificate2);
        FileOutputStream fileOutputStream = new FileOutputStream("jssecacerts");
        keyStore.store(fileOutputStream, cArr);
        fileOutputStream.close();
        LOG.debug("cert = {}", x509Certificate2);
        LOG.debug("Added certificate to keystore 'jssecacerts' using alias '" + str + "'");
    }

    private static String toHexString(byte[] bArr) {
        StringBuilder sb = new StringBuilder(bArr.length * 3);
        for (byte b : bArr) {
            int i = b & 255;
            sb.append(HEX_DIGITS[i >> 4]);
            sb.append(HEX_DIGITS[i & 15]);
            sb.append(' ');
        }
        return sb.toString();
    }

    static {
        System.setProperty("javax.net.ssl.trustStore", "jssecacerts");
        LOG = LoggerFactory.getLogger(CertUtils.class);
        HEX_DIGITS = "0123456789abcdef".toCharArray();
        trustedHosts = new HashSet();
        lock = new Object();
    }
}
