package de.epikur.shared.security;

import de.epikur.shared.FileUtils;
import de.epikur.shared.SharedDirs;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.net.ssl.X509TrustManager;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:de/epikur/shared/security/EpikurTrustManager.class */
public class EpikurTrustManager implements X509TrustManager {

    @Nonnull
    private final X509Certificate[] trustedCaCerts;

    @Nonnull
    private X509Certificate[] trustedOwnCaCerts;

    @Nullable
    private EpikurTrustManagerNotTrustedHandler handler;

    @Nonnull
    private final String serverIP;

    @Nullable
    private X509Certificate currentChain;
    private boolean isOwnChain;
    private static final Logger LOG = LogManager.getLogger(EpikurTrustManager.class);

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(@Nonnull X509Certificate[] x509CertificateArr, @Nonnull String str) throws CertificateException {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(@Nonnull X509Certificate[] x509CertificateArr, @Nonnull String str) throws CertificateException {
        int addToExceptions;
        boolean z = false;
        int length = x509CertificateArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            X509Certificate x509Certificate = x509CertificateArr[i];
            z = isTrusted(x509Certificate, this.trustedOwnCaCerts);
            if (z) {
                this.currentChain = x509Certificate;
                this.isOwnChain = true;
                break;
            }
            i++;
        }
        if (!z) {
            int length2 = x509CertificateArr.length;
            int i2 = 0;
            while (true) {
                if (i2 >= length2) {
                    break;
                }
                X509Certificate x509Certificate2 = x509CertificateArr[i2];
                z = isTrusted(x509Certificate2, this.trustedCaCerts);
                if (z) {
                    this.currentChain = x509Certificate2;
                    this.isOwnChain = false;
                    break;
                }
                i2++;
            }
        }
        if (!z && this.handler != null && (addToExceptions = this.handler.addToExceptions(x509CertificateArr[0])) > 0) {
            z = true;
            X509Certificate[] x509CertificateArr2 = new X509Certificate[this.trustedOwnCaCerts.length + 1];
            System.arraycopy(this.trustedOwnCaCerts, 0, x509CertificateArr2, 0, this.trustedOwnCaCerts.length);
            x509CertificateArr2[x509CertificateArr2.length - 1] = x509CertificateArr[0];
            this.trustedOwnCaCerts = x509CertificateArr2;
            if (addToExceptions > 1) {
                String str2 = SharedDirs.getHomeDir() + "EpikurClient" + File.separator + "settings" + File.separator;
                SharedDirs.ensureDirExists(str2);
                int i3 = 0;
                while (true) {
                    if (new File(str2 + "server" + (i3 == 0 ? "" : Integer.valueOf(i3)) + ".csr").exists()) {
                        i3++;
                    } else {
                        try {
                            break;
                        } catch (IOException e) {
                            LOG.error(e.getMessage(), e);
                        }
                    }
                }
                FileOutputStream fileOutputStream = new FileOutputStream(str2 + "server" + (i3 == 0 ? "" : Integer.valueOf(i3)) + ".csr");
                try {
                    fileOutputStream.write(x509CertificateArr[0].getEncoded());
                    fileOutputStream.close();
                } finally {
                }
            }
            this.currentChain = x509CertificateArr[0];
            this.isOwnChain = true;
        }
        if (z) {
            try {
                x509CertificateArr[0].checkValidity();
                if (!this.isOwnChain) {
                    String valByAttributeTypeFromIssuerDN = getValByAttributeTypeFromIssuerDN(x509CertificateArr[0].getSubjectDN().getName());
                    if (!this.serverIP.equals(valByAttributeTypeFromIssuerDN.toLowerCase())) {
                        LOG.error("domain name is not " + valByAttributeTypeFromIssuerDN);
                        throw new CertificateException("domain name is not " + valByAttributeTypeFromIssuerDN);
                    }
                }
            } catch (Exception e2) {
                throw new CertificateException("Certificate not trusted. It has expired", e2);
            }
        }
        if (!z) {
            throw new CertificateException();
        }
    }

    @Nonnull
    private String getValByAttributeTypeFromIssuerDN(@Nonnull String str) {
        for (String str2 : str.split(",")) {
            if (str2.contains("CN=")) {
                String[] split = str2.trim().split("=");
                if (split[1] != null) {
                    return split[1].trim();
                }
            }
        }
        return "";
    }

    @Override // javax.net.ssl.X509TrustManager
    @Nullable
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }

    public EpikurTrustManager(@Nonnull String str, @Nonnull String str2) {
        this.serverIP = str.toLowerCase();
        String str3 = SharedDirs.getHomeDir() + "EpikurClient" + File.separator + "settings";
        SharedDirs.ensureDirExists(str3);
        ArrayList arrayList = new ArrayList();
        for (File file : FileUtils.getFileList(new File(str3))) {
            if (file.getName().toUpperCase().endsWith(".CSR")) {
                try {
                    FileInputStream fileInputStream = new FileInputStream(file);
                    try {
                        arrayList.add((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(fileInputStream));
                        fileInputStream.close();
                    } catch (Throwable th) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                        throw th;
                        break;
                    }
                } catch (Exception e) {
                    LOG.error(e.getMessage(), e);
                }
            }
        }
        this.trustedOwnCaCerts = arrayList.isEmpty() ? new X509Certificate[0] : (X509Certificate[]) arrayList.toArray(new X509Certificate[1]);
        if (new File(str2).exists()) {
            String defaultType = KeyStore.getDefaultType();
            try {
                FileInputStream fileInputStream2 = new FileInputStream(str2);
                try {
                    KeyStore keyStore = KeyStore.getInstance(defaultType);
                    keyStore.load(fileInputStream2, "epikur".toCharArray());
                    Enumeration<String> aliases = keyStore.aliases();
                    while (aliases.hasMoreElements()) {
                        arrayList.add((X509Certificate) keyStore.getCertificate(aliases.nextElement()));
                    }
                    fileInputStream2.close();
                } finally {
                }
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
                LOG.error(e2.getMessage(), e2);
            }
        }
        this.trustedCaCerts = arrayList.isEmpty() ? new X509Certificate[0] : (X509Certificate[]) arrayList.toArray(new X509Certificate[1]);
    }

    private boolean isTrusted(@Nonnull X509Certificate x509Certificate, @Nonnull X509Certificate[] x509CertificateArr) {
        for (X509Certificate x509Certificate2 : x509CertificateArr) {
            if (x509Certificate.getSubjectDN().equals(x509Certificate2.getSubjectDN()) && x509Certificate.equals(x509Certificate2)) {
                return true;
            }
        }
        for (X509Certificate x509Certificate3 : x509CertificateArr) {
            if (x509Certificate.getIssuerDN().equals(x509Certificate3.getSubjectDN())) {
                try {
                    x509Certificate.verify(x509Certificate3.getPublicKey());
                    return true;
                } catch (Exception e) {
                    LOG.error(e.getMessage(), e);
                }
            }
        }
        return false;
    }

    public boolean isOwnCertificate() {
        return this.isOwnChain;
    }

    @Nullable
    public EpikurTrustManagerNotTrustedHandler getHandler() {
        return this.handler;
    }

    public void setHandler(@Nullable EpikurTrustManagerNotTrustedHandler epikurTrustManagerNotTrustedHandler) {
        this.handler = epikurTrustManagerNotTrustedHandler;
    }

    @Nullable
    public X509Certificate getCurrentChain() {
        return this.currentChain;
    }
}
