package org.commonjava.ssl;

import java.io.File;
import java.io.IOException;
import java.net.SocketException;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.HashMap;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.commonjava.ssl.util.Digester;
import org.commonjava.ssl.util.KeyStoreManager;
import org.commonjava.ssl.util.Logger;
import org.commonjava.ssl.util.SavingTrustManager;

/* loaded from: input_file:org/commonjava/ssl/CertificateImporter.class */
public class CertificateImporter {
    private static final Logger LOGGER = new Logger((Class<?>) CertificateImporter.class);
    private final KeyStore keystore;
    private boolean changed = false;

    private CertificateImporter(KeyStore keyStore) {
        this.keystore = keyStore;
    }

    public CertificateImporter importClientCertificate(File file, char[] cArr) throws SSLToolsException {
        if (file == null || !file.isFile() || !file.canRead()) {
            LOGGER.info("Invalid client certificate file: %s. Cannot import.", file);
            return this;
        }
        KeyStore load = KeyStoreManager.load(file, cArr, KeyStoreManager.PKCS12_KEYSTORE_TYPE);
        try {
            Enumeration<String> aliases = load.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (load.isKeyEntry(nextElement)) {
                    LOGGER.info("Adding key for: %s", nextElement);
                    this.keystore.setKeyEntry(nextElement, load.getKey(nextElement, cArr), cArr, load.getCertificateChain(nextElement));
                    this.changed = true;
                }
            }
            return this;
        } catch (KeyStoreException e) {
            throw new SSLToolsException("Failed to add new keys to keystore: %s", e, e.getMessage());
        } catch (NoSuchAlgorithmException e2) {
            throw new SSLToolsException("Failed to add new keys to keystore: %s", e2, e2.getMessage());
        } catch (UnrecoverableKeyException e3) {
            throw new SSLToolsException("Failed to add new keys to keystore: %s", e3, e3.getMessage());
        }
    }

    public CertificateImporter importServerCertificates(String str, int i, File file, char[] cArr, File file2, char[] cArr2) throws SSLToolsException {
        String str2;
        try {
            LOGGER.trace("Setting up SSL...", new Object[0]);
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(this.keystore);
            SavingTrustManager savingTrustManager = new SavingTrustManager((X509TrustManager) trustManagerFactory.getTrustManagers()[0]);
            sSLContext.init(null, new TrustManager[]{savingTrustManager}, null);
            SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
            LOGGER.trace("Opening connection to %s:%d...", str, Integer.valueOf(i));
            SSLSocket sSLSocket = (SSLSocket) socketFactory.createSocket(str, i);
            sSLSocket.setSoTimeout(10000);
            try {
                LOGGER.trace("Starting SSL handshake...", new Object[0]);
                sSLSocket.startHandshake();
                sSLSocket.close();
                LOGGER.debug("All certificates are already trusted. Nothing to do.", new Object[0]);
                return this;
            } catch (SSLException e) {
                LOGGER.debug("Some SSL certificates appear to be missing. Adding missing certificates...", new Object[0]);
                X509Certificate[] chain = savingTrustManager.getChain();
                if (chain == null) {
                    throw new SSLToolsException("Could not retrieve certificate chain: %s", e, e.getMessage());
                }
                Digester digester = new Digester();
                int i2 = 1;
                String str3 = str;
                HashMap hashMap = new HashMap();
                try {
                    Enumeration<String> aliases = this.keystore.aliases();
                    while (aliases.hasMoreElements()) {
                        String nextElement = aliases.nextElement();
                        if (nextElement.startsWith(str3)) {
                            str3 = i2 + "@" + str;
                            i2++;
                        }
                        if (nextElement != null && this.keystore.isCertificateEntry(nextElement)) {
                            hashMap.put(digester.newDigest(this.keystore.getCertificate(nextElement).getEncoded()), nextElement);
                        }
                    }
                    LOGGER.debug("Server sent %d certificate(s):", Integer.valueOf(chain.length));
                    int i3 = 0;
                    for (int i4 = 0; i4 < chain.length; i4++) {
                        X509Certificate x509Certificate = chain[i4];
                        LOGGER.debug(" %d Subject: %s\n    Issuer: %s", Integer.valueOf(i4 + 1), x509Certificate.getSubjectDN(), x509Certificate.getIssuerDN());
                        try {
                            Digester.Digest newDigest = digester.newDigest(x509Certificate.getEncoded());
                            LOGGER.debug("   sha1: %s", newDigest);
                            String str4 = (String) hashMap.get(newDigest);
                            if (str4 != null) {
                                LOGGER.debug("Keystore already contains certificate with this SHA1 hash, under alias: '%s' ...Skipping.", str4);
                            } else {
                                String str5 = str3;
                                while (true) {
                                    str2 = str5;
                                    if (!hashMap.containsValue(str2)) {
                                        try {
                                            break;
                                        } catch (KeyStoreException e2) {
                                            throw new SSLToolsException("Failed to add certificate to keystore: %s. Error: %s", e2, str2, e2.getMessage());
                                        }
                                    }
                                    i3++;
                                    str5 = str2 + "-" + i3;
                                }
                                hashMap.put(newDigest, str2);
                                this.keystore.setCertificateEntry(str2, x509Certificate);
                                this.changed = true;
                                LOGGER.info("Added certificate to keystore using alias: '%s'", str2);
                            }
                        } catch (Exception e3) {
                            throw new SSLToolsException("Failed to get encoded form of certificate: %s", e3, e3.getMessage());
                        }
                    }
                    return this;
                } catch (KeyStoreException e4) {
                    throw new SSLToolsException("Failed to scan keystore for existing certificates. Error: %s", e4, e4.getMessage());
                } catch (CertificateEncodingException e5) {
                    throw new SSLToolsException("Failed to scan keystore for existing certificates. Error: %s", e5, e5.getMessage());
                }
            } catch (IOException e6) {
                throw new SSLToolsException("I/O error performing SSL handshake for: %s:%d. Error: %s", e6, str, Integer.valueOf(i), e6.getMessage());
            }
        } catch (SocketException e7) {
            throw new SSLToolsException("Failed to initialize SSL socket: %s", e7, e7.getMessage());
        } catch (UnknownHostException e8) {
            throw new SSLToolsException("Unknown host: %s:%d", e8, str, Integer.valueOf(i));
        } catch (IOException e9) {
            throw new SSLToolsException("Failed to initialize SSL socket: %s", e9, e9.getMessage());
        } catch (KeyManagementException e10) {
            throw new SSLToolsException("Failed to initialize SSL: %s", e10, e10.getMessage());
        } catch (KeyStoreException e11) {
            throw new SSLToolsException("Failed to initialize SSL: %s", e11, e11.getMessage());
        } catch (NoSuchAlgorithmException e12) {
            throw new SSLToolsException("Failed to initialize SSL: %s", e12, e12.getMessage());
        }
    }

    public boolean isChanged() {
        return this.changed;
    }

    public static CertificateImporter open(File file, char[] cArr) throws SSLToolsException {
        if (file == null) {
            throw new SSLToolsException("Invalid keystore file: %s. Cannot import.", file);
        }
        return new CertificateImporter(KeyStoreManager.load(file, cArr));
    }

    public static CertificateImporter openOrCreate(File file, char[] cArr) throws SSLToolsException {
        if (file == null) {
            throw new SSLToolsException("Invalid keystore file: %s. Cannot import.", file);
        }
        return new CertificateImporter(!file.exists() ? KeyStoreManager.create() : KeyStoreManager.load(file, cArr));
    }

    public void save(File file, char[] cArr) throws SSLToolsException {
        KeyStoreManager.save(this.keystore, file, cArr);
    }

    public void save(File file, char[] cArr, boolean z) throws SSLToolsException {
        KeyStoreManager.save(this.keystore, file, cArr, z);
    }
}
