package com.sap.platin.base.protocol.security;

import com.sap.platin.micro.PathInfo;
import com.sap.platin.micro.util.IOUtils;
import com.sap.platin.trace.T;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Vector;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:platincoreS.jar:com/sap/platin/base/protocol/security/GuiTrustManager.class */
public class GuiTrustManager implements X509TrustManager {
    public static final char[] KEYSTORE_PWD = new String("changeit").toCharArray();
    public static final File SAPKEYSTORE_PATH = PathInfo.getCurrent().locatePath(PathInfo.F_SYSTEMKEYSTORE);
    public static final File USERKEYSTORE_PATH = PathInfo.getCurrent().locatePath(PathInfo.F_USERKEYSTORE);
    private static GuiTrustManager mInstance = new GuiTrustManager();
    private TrustManager mTrustManager = null;
    private KeyStore mUserKeyStore = null;
    private KeyStore mKeyStore = null;
    private Hashtable<X509Certificate, Boolean> mCheckedCerts = null;

    private GuiTrustManager() {
        try {
            init();
        } catch (Exception e) {
            T.raceError("GuiTrustManager(): GuiTrustManager could not be instantiated, got exception: " + e.getClass() + ", message =  " + e.getMessage());
        }
    }

    public static GuiTrustManager getTrustManager() {
        return mInstance;
    }

    public static void initTrustManager() {
        try {
            mInstance.init();
        } catch (Exception e) {
            T.raceError("GuiTrustManager.initTrustManager(): GuiTrustManager could not be initialized, got exception: " + e.getClass() + ", message =  " + e.getMessage());
        }
    }

    private boolean moveUserKeystore() {
        boolean z = true;
        File file = new File(System.getProperty("user.home"), "wdpcacerts");
        if (file.exists() && !USERKEYSTORE_PATH.exists()) {
            try {
                z = IOUtils.transferData(file, USERKEYSTORE_PATH);
            } catch (IOException e) {
                T.raceError("GuiTrustManager.moveUserKeystore(): Can't copy old keystore from \"" + file + "\" to \"" + USERKEYSTORE_PATH, e);
            }
        }
        return z;
    }

    private void init() throws Exception {
        TrustManagerFactory trustManagerFactory;
        moveUserKeystore();
        this.mKeyStore = getJavaDefaultKeystore();
        this.mUserKeyStore = initKeystore(USERKEYSTORE_PATH, KEYSTORE_PWD);
        if (this.mUserKeyStore != null) {
            addCertificates(this.mKeyStore, this.mUserKeyStore);
        }
        KeyStore initKeystore = initKeystore(SAPKEYSTORE_PATH, KEYSTORE_PWD);
        if (initKeystore != null) {
            addCertificates(this.mKeyStore, initKeystore);
        }
        try {
            trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
        } catch (NoSuchAlgorithmException e) {
            trustManagerFactory = TrustManagerFactory.getInstance("IbmX509");
        }
        trustManagerFactory.init(this.mKeyStore);
        this.mTrustManager = trustManagerFactory.getTrustManagers()[0];
        if (this.mTrustManager == null) {
            throw new SSLException("Could not get default TrustManager instance.");
        }
        this.mCheckedCerts = new Hashtable<>();
    }

    public static boolean storeKeystore(File file, char[] cArr, KeyStore keyStore) {
        FileOutputStream fileOutputStream = null;
        try {
            try {
                fileOutputStream = new FileOutputStream(file);
                keyStore.store(fileOutputStream, cArr);
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                    } catch (IOException e) {
                        T.raceError("GuiTrustManager.storeKeystore(): error closing output stream: " + e, e);
                    }
                }
                return true;
            } catch (Exception e2) {
                T.raceError("GuiTrustManager.storeKeystore(): got exception of type: " + e2.getClass() + ", message =  " + e2.getMessage());
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                    } catch (IOException e3) {
                        T.raceError("GuiTrustManager.storeKeystore(): error closing output stream: " + e3, e3);
                    }
                }
                return false;
            }
        } catch (Throwable th) {
            if (fileOutputStream != null) {
                try {
                    fileOutputStream.close();
                } catch (IOException e4) {
                    T.raceError("GuiTrustManager.storeKeystore(): error closing output stream: " + e4, e4);
                }
            }
            throw th;
        }
    }

    public static KeyStore initKeystore(File file, char[] cArr, boolean z) {
        return z ? getJavaDefaultKeystore() : initKeystore(file, cArr);
    }

    public static Vector<Certificate> getKeystoreCerts(KeyStore keyStore) {
        Vector<Certificate> vector = new Vector<>();
        if (keyStore == null) {
            return vector;
        }
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isCertificateEntry(nextElement)) {
                    vector.add(keyStore.getCertificate(nextElement));
                }
            }
            return vector;
        } catch (KeyStoreException e) {
            return vector;
        }
    }

    public static void removeCertificate(KeyStore keyStore, Certificate certificate) {
        if (certificate == null) {
            return;
        }
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isCertificateEntry(nextElement) && keyStore.getCertificate(nextElement).equals(certificate)) {
                    keyStore.deleteEntry(nextElement);
                    return;
                }
            }
        } catch (KeyStoreException e) {
        }
    }

    private static KeyStore getJavaDefaultKeystore() {
        KeyStore keyStore = null;
        String str = System.getProperty("java.home") + File.separator + "jre" + File.separator + "lib" + File.separator + "security" + File.separator + "cacerts";
        if (!new File(str).exists()) {
            str = System.getProperty("java.home") + File.separator + "lib" + File.separator + "security" + File.separator + "cacerts";
        }
        FileInputStream fileInputStream = null;
        try {
            try {
                keyStore = KeyStore.getInstance("JKS");
                fileInputStream = new FileInputStream(str);
                keyStore.load(fileInputStream, KEYSTORE_PWD);
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e) {
                        T.raceError("GuiTrustManager.getJavaDefaultKeystore(): error closing input stream: " + e, e);
                    }
                }
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e2) {
                        T.raceError("GuiTrustManager.getJavaDefaultKeystore(): error closing input stream: " + e2, e2);
                    }
                }
                throw th;
            }
        } catch (Exception e3) {
            T.raceError("Java default keystore \"cacerts\" could not be loaded: " + e3.getMessage());
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e4) {
                    T.raceError("GuiTrustManager.getJavaDefaultKeystore(): error closing input stream: " + e4, e4);
                }
            }
        }
        return keyStore;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (T.race("SECURITY")) {
            T.race("SECURITY", "GuiTrustManager.checkClientTrusted(): client authentication is required.");
        }
        ((X509TrustManager) this.mTrustManager).checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (T.race("SECURITY")) {
            String str2 = "";
            for (int i = 0; i < x509CertificateArr.length; i++) {
                str2 = str2 + "\nchain[" + i + "]:" + x509CertificateArr[i].getIssuerDN().getName();
            }
            T.race("SECURITY", "GuiTrustManager.checkServerTrusted(): got X509 certificate from server: " + str2);
        }
        Enumeration<X509Certificate> keys = this.mCheckedCerts.keys();
        while (keys.hasMoreElements()) {
            X509Certificate nextElement = keys.nextElement();
            if (nextElement.equals(x509CertificateArr[0])) {
                if (!this.mCheckedCerts.get(nextElement).booleanValue()) {
                    throw new CertificateException("Certificate has been denied");
                }
                return;
            }
        }
        try {
            ((X509TrustManager) this.mTrustManager).checkServerTrusted(x509CertificateArr, str);
            this.mCheckedCerts.put(x509CertificateArr[0], Boolean.TRUE);
        } catch (CertificateException e) {
            if (T.race("SECURITY")) {
                T.race("SECURITY", "GuiTrustManager.checkServerTrusted(): TrustManager failed to verify server certificate of the authType = " + str + ", got certificate exception: " + e.getMessage());
            }
            if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                throw e;
            }
            boolean z = false;
            boolean z2 = false;
            for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
                if (!verifyCertificate(this.mKeyStore, x509CertificateArr[i2])) {
                    z = true;
                }
                try {
                    x509CertificateArr[i2].checkValidity();
                } catch (CertificateExpiredException e2) {
                    z2 = true;
                } catch (CertificateNotYetValidException e3) {
                    z2 = true;
                }
            }
            int showDialog = new GuiTrustDeciderDialog(x509CertificateArr, z, z2).showDialog();
            if (showDialog == 1 || showDialog == -1) {
                this.mCheckedCerts.put(x509CertificateArr[0], Boolean.FALSE);
                throw e;
            }
            if (showDialog == 0) {
                this.mCheckedCerts.put(x509CertificateArr[0], Boolean.TRUE);
                return;
            }
            if (showDialog == 2) {
                FileOutputStream fileOutputStream = null;
                try {
                    try {
                        if (this.mUserKeyStore == null) {
                            this.mUserKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                            this.mUserKeyStore.load(null, KEYSTORE_PWD);
                        }
                        this.mUserKeyStore.setCertificateEntry(Integer.toString(x509CertificateArr[0].hashCode()), x509CertificateArr[0]);
                        fileOutputStream = new FileOutputStream(USERKEYSTORE_PATH);
                        this.mUserKeyStore.store(fileOutputStream, KEYSTORE_PWD);
                        this.mCheckedCerts.put(x509CertificateArr[0], Boolean.TRUE);
                        if (T.race("SECURITY")) {
                            T.race("SECURITY", "GuiTrustManager.checkServerTrusted(): certificate chain added to the user keystore " + USERKEYSTORE_PATH);
                        }
                        if (fileOutputStream != null) {
                            try {
                                fileOutputStream.close();
                            } catch (IOException e4) {
                            }
                        }
                    } catch (Exception e5) {
                        T.raceError("GuiTrustManager.checkServerTrusted(): got exception of type: " + e5.getClass() + ", message =  " + e5.getMessage());
                        this.mCheckedCerts.put(x509CertificateArr[0], Boolean.FALSE);
                        throw e;
                    }
                } catch (Throwable th) {
                    if (fileOutputStream != null) {
                        try {
                            fileOutputStream.close();
                        } catch (IOException e6) {
                        }
                    }
                    throw th;
                }
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        X509Certificate[] acceptedIssuers = ((X509TrustManager) this.mTrustManager).getAcceptedIssuers();
        X509Certificate[] x509CertificateArr = null;
        if (T.race("SECURITY")) {
            String str = "";
            for (int i = 0; i < acceptedIssuers.length; i++) {
                str = str + "\nchain[" + i + "]:" + acceptedIssuers[i].getIssuerDN().getName() + "\t\t[" + acceptedIssuers[i].getSubjectDN().getName() + "]";
            }
            T.race("SECURITY", "GuiTrustManager.getAcceptedIssuers(): " + str);
        }
        if (this.mUserKeyStore != null) {
            try {
                Enumeration<String> aliases = this.mUserKeyStore.aliases();
                Vector vector = new Vector();
                while (aliases.hasMoreElements()) {
                    vector.add(this.mUserKeyStore.getCertificate(aliases.nextElement().toString()));
                }
                int length = acceptedIssuers.length + vector.size();
                x509CertificateArr = new X509Certificate[length];
                Iterator it = vector.iterator();
                for (int i2 = 0; i2 < length; i2++) {
                    if (i2 < acceptedIssuers.length) {
                        x509CertificateArr[i2] = acceptedIssuers[i2];
                    } else {
                        x509CertificateArr[i2] = (X509Certificate) it.next();
                    }
                }
            } catch (KeyStoreException e) {
                T.raceError("GuiTrustManager.getAcceptedIssuers(): got exception of type: " + e.getClass() + ", message =  " + e.getMessage());
            }
        }
        if (T.race("SECURITY") && x509CertificateArr != null) {
            String str2 = "";
            for (int i3 = 0; i3 < x509CertificateArr.length; i3++) {
                str2 = str2 + "\nallCertificates[" + i3 + "]:" + x509CertificateArr[i3].getIssuerDN().getName() + "\t\t[" + x509CertificateArr[i3].getSubjectDN().getName() + "]";
            }
            T.race("SECURITY", "GuiTrustManager.getAcceptedIssuers(): \n" + str2);
        }
        return x509CertificateArr;
    }

    private static KeyStore initKeystore(File file, char[] cArr) {
        KeyStore keyStore;
        FileInputStream fileInputStream = null;
        try {
            try {
                fileInputStream = new FileInputStream(file);
                keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(fileInputStream, cArr);
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e) {
                    }
                }
            } catch (Exception e2) {
                if (T.race("SECURITY")) {
                    T.race("SECURITY", "GuiTrustManager.initKeystore() initializing keystore " + file + " failed: " + e2.getMessage());
                }
                keyStore = null;
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e3) {
                    }
                }
            }
            return keyStore;
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e4) {
                }
            }
            throw th;
        }
    }

    private void addCertificates(KeyStore keyStore, KeyStore keyStore2) {
        try {
            Enumeration<String> aliases = keyStore2.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate[] certificateChain = keyStore2.getCertificateChain(nextElement);
                if (certificateChain != null) {
                    for (int i = 0; i < certificateChain.length; i++) {
                        if (certificateChain[i] instanceof X509Certificate) {
                            keyStore.setCertificateEntry(((X509Certificate) certificateChain[i]).getIssuerDN().toString(), certificateChain[i]);
                        }
                    }
                } else {
                    Certificate certificate = keyStore2.getCertificate(nextElement);
                    if (certificate != null && (certificate instanceof X509Certificate)) {
                        keyStore.setCertificateEntry(((X509Certificate) certificate).getIssuerDN().toString(), certificate);
                    }
                }
            }
        } catch (Exception e) {
            T.raceError("GuiTrustManager.addCertificates(): got exception of type: " + e.getClass() + ", message =  " + e.getMessage());
        }
    }

    private boolean verifyCertificate(KeyStore keyStore, Certificate certificate) {
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                try {
                    certificate.verify(keyStore.getCertificate(aliases.nextElement()).getPublicKey());
                    return true;
                } catch (Exception e) {
                    if (T.race("SECURITY")) {
                        T.raceError("GuiTrustManager.verifyCertificate(): got exception of type: " + e.getClass() + ", message =  " + e.getMessage());
                    }
                }
            }
            return false;
        } catch (Exception e2) {
            if (!T.race("SECURITY")) {
                return false;
            }
            T.raceError("GuiTrustManager.verifyCertificate(): got exception of type: " + e2.getClass() + ", message =  " + e2.getMessage());
            return false;
        }
    }
}
