package com.github.ideahut.util;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.lang.reflect.Method;
import java.net.URL;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:com/github/ideahut/util/SslUtil.class */
public final class SslUtil {
    private static final File defaultCacerts = new File(System.getProperty("java.home") + File.separator + "lib" + File.separator + "security", "cacerts");
    private static final char[] passPhrase = "changeit".toCharArray();
    private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/github/ideahut/util/SslUtil$SavingTrustManager.class */
    public static class SavingTrustManager implements X509TrustManager {
        private final X509TrustManager tm;
        private X509Certificate[] chain;

        SavingTrustManager(X509TrustManager x509TrustManager) {
            this.tm = x509TrustManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.chain;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.chain = x509CertificateArr;
            this.tm.checkServerTrusted(x509CertificateArr, str);
        }
    }

    public static void main(String... strArr) throws Exception {
        autoSigned("https://api-sandbox.duitku.com", 10000);
    }

    public static X509Certificate autoSigned(URL url, int i) throws Exception {
        if (!"https".equals(url.getProtocol())) {
            return null;
        }
        String trim = System.getProperty("ssl.cacerts.file", "").trim();
        File file = null;
        if (trim.length() != 0) {
            file = new File(trim);
        }
        X509Certificate certificate = certificate(file, url);
        if (certificate == null || !valid(certificate)) {
            certificate = register(url, i);
        }
        return certificate;
    }

    public static X509Certificate autoSigned(String str, int i) throws Exception {
        return autoSigned(new URL(str), i);
    }

    public static X509Certificate register(File file, String str, String str2, int i, int i2) throws Exception {
        File file2 = (file == null || !file.exists()) ? defaultCacerts : file;
        KeyStore keyStore = getKeyStore(file2, passPhrase);
        X509Certificate regCertificate = regCertificate(keyStore, str, 0, str2, i, i2);
        if (regCertificate != null) {
            FileOutputStream fileOutputStream = null;
            try {
                try {
                    fileOutputStream = new FileOutputStream(file2);
                    keyStore.store(fileOutputStream, passPhrase);
                    if (fileOutputStream != null) {
                        try {
                            fileOutputStream.close();
                        } catch (IOException e) {
                        }
                    }
                } catch (Exception e2) {
                    throw e2;
                }
            } catch (Throwable th) {
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                    } catch (IOException e3) {
                    }
                }
                throw th;
            }
        }
        return regCertificate;
    }

    public static X509Certificate register(String str, String str2, int i, int i2) throws Exception {
        return register(null, str, str2, i, i2);
    }

    public static X509Certificate register(File file, URL url, int i) throws Exception {
        String host = url.getHost();
        int port = url.getPort() != -1 ? url.getPort() : 443;
        return register(file, host + "_" + port, host, port, i);
    }

    public static X509Certificate register(URL url, int i) throws Exception {
        return register(null, url, i);
    }

    public static X509Certificate certificate(File file, String str) throws Exception {
        return (X509Certificate) getKeyStore((file == null || !file.exists()) ? defaultCacerts : file, passPhrase).getCertificate(str);
    }

    public static X509Certificate certificate(String str) throws Exception {
        return certificate((File) null, str);
    }

    public static X509Certificate certificate(File file, URL url) throws Exception {
        return certificate(file, getAlias(url));
    }

    public static X509Certificate certificate(URL url) throws Exception {
        return certificate((File) null, url);
    }

    public static void remove(File file, String str) throws Exception {
        getKeyStore((file == null || !file.exists()) ? defaultCacerts : file, passPhrase).deleteEntry(str);
    }

    public static void remove(String str) throws Exception {
        remove((File) null, str);
    }

    public static void remove(File file, URL url) throws Exception {
        remove(file, getAlias(url));
    }

    public static void remove(URL url) throws Exception {
        remove((File) null, url);
    }

    public static boolean valid(X509Certificate x509Certificate) {
        try {
            x509Certificate.checkValidity(new Date());
            return true;
        } catch (CertificateExpiredException e) {
            return false;
        } catch (CertificateNotYetValidException e2) {
            return false;
        }
    }

    public static String info(X509Certificate x509Certificate) throws Exception {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
        messageDigest.update(x509Certificate.getEncoded());
        Method method = Class.forName("java.security.MessageDigest").getMethod("getInstance", String.class);
        Object invoke = method.invoke(method, "MD5");
        invoke.getClass().getMethod("update", byte[].class).invoke(invoke, x509Certificate.getEncoded());
        return "Subject[" + x509Certificate.getSubjectDN() + "], Issuer[" + x509Certificate.getIssuerDN() + "], Serial[ " + x509Certificate.getSerialNumber() + "], Version[ " + x509Certificate.getVersion() + "], SHA1[" + toHexString(messageDigest.digest()) + "], MD5[ " + toHexString((byte[]) invoke.getClass().getMethod("digest", new Class[0]).invoke(invoke, new Object[0])) + "]";
    }

    private static String getAlias(URL url) {
        return url.getHost() + "_" + (url.getPort() != -1 ? url.getPort() : 443);
    }

    private static KeyStore getKeyStore(File file, char[] cArr) throws Exception {
        FileInputStream fileInputStream = null;
        try {
            try {
                try {
                    try {
                        fileInputStream = new FileInputStream(file);
                        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                        keyStore.load(fileInputStream, cArr);
                        if (fileInputStream != null) {
                            try {
                                fileInputStream.close();
                            } catch (IOException e) {
                            }
                        }
                        return keyStore;
                    } catch (IOException e2) {
                        throw e2;
                    }
                } catch (Exception e3) {
                    throw e3;
                }
            } catch (FileNotFoundException e4) {
                throw e4;
            }
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e5) {
                }
            }
            throw th;
        }
    }

    private static X509Certificate regCertificate(KeyStore keyStore, String str, int i, String str2, int i2, int i3) throws Exception {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        SavingTrustManager savingTrustManager = new SavingTrustManager((X509TrustManager) trustManagerFactory.getTrustManagers()[0]);
        sSLContext.init(null, new TrustManager[]{savingTrustManager}, null);
        SSLSocket sSLSocket = null;
        try {
            sSLSocket = (SSLSocket) sSLContext.getSocketFactory().createSocket(str2, i2);
            sSLSocket.setSoTimeout(i3);
            sSLSocket.startHandshake();
            if (sSLSocket != null) {
                try {
                    sSLSocket.close();
                } catch (IOException e) {
                }
            }
        } catch (Exception e2) {
            if (sSLSocket != null) {
                try {
                    sSLSocket.close();
                } catch (IOException e3) {
                }
            }
        } catch (Throwable th) {
            if (sSLSocket != null) {
                try {
                    sSLSocket.close();
                } catch (IOException e4) {
                }
            }
            throw th;
        }
        X509Certificate[] x509CertificateArr = savingTrustManager.chain;
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw new Exception("Could not obtain server certificate chain");
        }
        if (i > x509CertificateArr.length - 1) {
            throw new Exception("Invalid 'cacerts.accepted.chain.index' value [" + i + "], server certificate chain length is " + x509CertificateArr.length);
        }
        X509Certificate x509Certificate = x509CertificateArr[i];
        keyStore.setCertificateEntry(str, x509Certificate);
        return x509Certificate;
    }

    private static String toHexString(byte[] bArr) {
        StringBuilder sb = new StringBuilder(bArr.length * 3);
        for (byte b : bArr) {
            int i = b & 255;
            sb.append(HEXDIGITS[i >> 4]);
            sb.append(HEXDIGITS[i & 15]);
            sb.append(' ');
        }
        return sb.toString();
    }
}
