package org.parosproxy.paros.extension.option;

import ch.csnc.extension.httpclient.SSLContextManager;
import java.io.File;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import org.apache.commons.httpclient.protocol.Protocol;
import org.apache.commons.httpclient.protocol.ProtocolSocketFactory;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.parosproxy.paros.Constant;
import org.parosproxy.paros.common.AbstractParam;
import org.parosproxy.paros.network.HttpHeader;
import org.parosproxy.paros.network.SSLConnector;

/* loaded from: input_file:org/parosproxy/paros/extension/option/OptionsParamCertificate.class */
public class OptionsParamCertificate extends AbstractParam {
    private static final Logger logger = LogManager.getLogger(OptionsParamCertificate.class);
    private static final String CERTIFICATE_BASE_KEY = "certificate";
    private static final String USE_CLIENT_CERT = "certificate.use";
    private static final String PERSIST_CLIENT_CERT = "certificate.persist";
    private static final String CLIENT_CERT_LOCATION = "certificate.pkcs12.path";
    private static final String CLIENT_CERT_PASSWORD = "certificate.pkcs12.password";
    private static final String CLIENT_CERT_INDEX = "certificate.pkcs12.index";
    private static final String ALLOW_UNSAFE_SSL_RENEGOTIATION = "certificate.allowUnsafeSslRenegotiation";
    private boolean useClientCert = false;
    private String clientCertLocation = Constant.USER_AGENT;
    private String clientCertPassword = Constant.USER_AGENT;
    private int clientCertIndex = 0;
    private boolean allowUnsafeSslRenegotiation = false;

    @Override // org.parosproxy.paros.common.AbstractParam
    protected void parse() {
        clientCertCheck();
        saveClientCertSettings();
        this.allowUnsafeSslRenegotiation = getBoolean(ALLOW_UNSAFE_SSL_RENEGOTIATION, false);
        setAllowUnsafeSslRenegotiationSystemProperty(this.allowUnsafeSslRenegotiation);
    }

    private void saveClientCertSettings() {
        if (!getBoolean(PERSIST_CLIENT_CERT, false)) {
            setUseClientCert(false);
            setClientCertLocation(Constant.USER_AGENT);
            setClientCertPassword(Constant.USER_AGENT);
            setClientCertIndex(0);
            return;
        }
        logger.warn("Saving Client Certificate settings: password will be found in config");
        setUseClientCert(getBoolean(USE_CLIENT_CERT, false));
        setClientCertLocation(getString(CLIENT_CERT_LOCATION, Constant.USER_AGENT));
        setClientCertPassword(getString(CLIENT_CERT_PASSWORD, Constant.USER_AGENT));
        setClientCertIndex(getInt(CLIENT_CERT_INDEX, 0));
    }

    private void clientCertCheck() {
        boolean z = getBoolean(USE_CLIENT_CERT, false);
        String string = getString(CLIENT_CERT_LOCATION, Constant.USER_AGENT);
        String string2 = getString(CLIENT_CERT_PASSWORD, Constant.USER_AGENT);
        int i = getInt(CLIENT_CERT_INDEX, 0);
        if (!z || string.isEmpty() || string2.isEmpty()) {
            return;
        }
        try {
            SSLContextManager sSLContextManager = getSSLContextManager();
            int loadPKCS12Certificate = sSLContextManager.loadPKCS12Certificate(string, string2);
            sSLContextManager.unlockKey(loadPKCS12Certificate, i, string2);
            sSLContextManager.setDefaultKey(loadPKCS12Certificate, i);
            setActiveCertificate();
            setEnableCertificate(true);
            logger.info("Client Certificate enabled from CLI");
            logger.info("Use -config certificate.persist=true to save settings");
        } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            logger.error("The certificate could not be enabled due to an error", e);
        }
    }

    public String getClientCertPassword() {
        return this.clientCertPassword;
    }

    public void setClientCertPassword(String str) {
        this.clientCertPassword = str;
        getConfig().setProperty(CLIENT_CERT_PASSWORD, str);
    }

    public String getClientCertLocation() {
        return this.clientCertLocation;
    }

    public void setClientCertLocation(String str) {
        if (str == null || str.equals(Constant.USER_AGENT)) {
            setUseClientCert(false);
        } else if (!new File(str).exists()) {
            setUseClientCert(false);
            return;
        }
        this.clientCertLocation = str;
        getConfig().setProperty(CLIENT_CERT_LOCATION, str);
    }

    public int getClientCertIndex() {
        return this.clientCertIndex;
    }

    public void setClientCertIndex(int i) {
        this.clientCertIndex = i;
        getConfig().setProperty(CLIENT_CERT_INDEX, Integer.toString(this.clientCertIndex));
    }

    public boolean isUseClientCert() {
        return this.useClientCert;
    }

    private void setUseClientCert(boolean z) {
        this.useClientCert = z;
        getConfig().setProperty(USE_CLIENT_CERT, Boolean.toString(this.useClientCert));
    }

    public void setEnableCertificate(boolean z) {
        ProtocolSocketFactory socketFactory = Protocol.getProtocol(HttpHeader.HTTPS).getSocketFactory();
        if (socketFactory instanceof SSLConnector) {
            ((SSLConnector) socketFactory).setEnableClientCert(z);
            setUseClientCert(z);
        }
    }

    public void setActiveCertificate() {
        ProtocolSocketFactory socketFactory = Protocol.getProtocol(HttpHeader.HTTPS).getSocketFactory();
        if (socketFactory instanceof SSLConnector) {
            ((SSLConnector) socketFactory).setActiveCertificate();
        }
    }

    public SSLContextManager getSSLContextManager() {
        ProtocolSocketFactory socketFactory = Protocol.getProtocol(HttpHeader.HTTPS).getSocketFactory();
        if (socketFactory instanceof SSLConnector) {
            return ((SSLConnector) socketFactory).getSSLContextManager();
        }
        return null;
    }

    public boolean isAllowUnsafeSslRenegotiation() {
        return this.allowUnsafeSslRenegotiation;
    }

    public void setAllowUnsafeSslRenegotiation(boolean z) {
        if (this.allowUnsafeSslRenegotiation != z) {
            this.allowUnsafeSslRenegotiation = z;
            setAllowUnsafeSslRenegotiationSystemProperty(this.allowUnsafeSslRenegotiation);
            getConfig().setProperty(ALLOW_UNSAFE_SSL_RENEGOTIATION, Boolean.valueOf(this.allowUnsafeSslRenegotiation));
        }
    }

    private static void setAllowUnsafeSslRenegotiationSystemProperty(boolean z) {
        String str;
        if (z) {
            logger.info("Unsafe SSL renegotiation enabled.");
            str = "ALL";
        } else {
            logger.info("Unsafe SSL renegotiation disabled.");
            str = "NONE";
        }
        System.setProperty("com.ibm.jsse2.renegotiate", str);
        System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", String.valueOf(z));
    }
}
