package ch.csnc.extension.httpclient;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.nio.charset.StandardCharsets;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.io.FileUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.parosproxy.paros.Constant;

/* loaded from: input_file:ch/csnc/extension/httpclient/SSLContextManager.class */
public class SSLContextManager {
    public static final String SUN_PKCS11_CANONICAL_CLASS_NAME = "sun.security.pkcs11.SunPKCS11";
    public static final String IBM_PKCS11_CONONICAL_CLASS_NAME = "com.ibm.crypto.pkcs11impl.provider.IBMPKCS11Impl";
    private static final String SUN_PKCS11_PROVIDER_NAME = "SunPKCS11";
    public static final String PKCS11_PROVIDER_TYPE = "PKCS11";
    private static final String SUN_PKCS11_KEYSTORE_TYPE = "PKCS11";
    private static final String IBM_PKCS11_KEYSTORE_TYPE = "PKCS11IMPLKS";
    private static Boolean java9SunPKCS11;
    private SSLContext _noClientCertContext;
    private static Logger log = LogManager.getLogger(SSLContextManager.class);
    private static TrustManager[] _trustAllCerts = {new X509TrustManager() { // from class: ch.csnc.extension.httpclient.SSLContextManager.1
        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }
    }};
    private Map<String, SSLContext> _contextMaps = new TreeMap();
    private String _defaultKey = null;
    private Map<String, Map<?, ?>> _aliasPasswords = new HashMap();
    private List<KeyStore> _keyStores = new ArrayList();
    private Map<KeyStore, String> _keyStoreDescriptions = new HashMap();
    private Map<KeyStore, String> _keyStorePasswords = new HashMap();
    private int _defaultKeystoreIndex = -1;
    private int _defaultAliasIndex = -1;

    public SSLContextManager() {
        try {
            this._noClientCertContext = SSLContext.getInstance("SSL");
            this._noClientCertContext.init(null, _trustAllCerts, new SecureRandom());
        } catch (KeyManagementException e) {
            log.error("Error initialising the SSL Context:  " + e.getMessage(), e);
        } catch (NoSuchAlgorithmException e2) {
            log.error("Could not get an instance of the SSL algorithm: " + e2.getMessage(), e2);
        }
        try {
            initMSCAPI();
        } catch (Exception e3) {
        }
    }

    public boolean isProviderAvailable(String str) {
        try {
            if (str.equals("PKCS11")) {
                try {
                    Class.forName(SUN_PKCS11_CANONICAL_CLASS_NAME);
                    return true;
                } catch (Throwable th) {
                    Class.forName(IBM_PKCS11_CONONICAL_CLASS_NAME);
                    return true;
                }
            }
            if (!str.equals("msks")) {
                return false;
            }
            Class.forName("se.assembla.jce.provider.ms.MSProvider");
            return true;
        } catch (Throwable th2) {
            return false;
        }
    }

    private int addKeyStore(KeyStore keyStore, String str, String str2) {
        int indexOf = this._keyStores.indexOf(keyStore);
        if (indexOf == -1) {
            this._keyStores.add(keyStore);
            indexOf = this._keyStores.size() - 1;
        }
        this._keyStoreDescriptions.put(keyStore, str);
        this._keyStorePasswords.put(keyStore, str2);
        return indexOf;
    }

    public boolean removeKeyStore(int i) {
        boolean z = i == this._defaultKeystoreIndex;
        KeyStore keyStore = this._keyStores.get(i);
        this._keyStores.remove(keyStore);
        this._keyStoreDescriptions.remove(keyStore);
        this._keyStorePasswords.remove(keyStore);
        if (z) {
            this._defaultKeystoreIndex = -1;
            this._defaultAliasIndex = -1;
        }
        return z;
    }

    public int getKeyStoreCount() {
        return this._keyStores.size();
    }

    public String getKeyStoreDescription(int i) {
        return this._keyStoreDescriptions.get(this._keyStores.get(i));
    }

    public String getKeyStorePassword(int i) {
        return this._keyStorePasswords.get(this._keyStores.get(i));
    }

    public int getAliasCount(int i) {
        return getAliases(this._keyStores.get(i)).size();
    }

    public String getAliasAt(int i, int i2) {
        return getAliases(this._keyStores.get(i)).get(i2).getAlias();
    }

    private List<AliasCertificate> getAliases(KeyStore keyStore) {
        ArrayList arrayList = new ArrayList();
        try {
            Enumeration<String> aliases = keyStore.aliases();
            boolean isIbmPKCS11Provider = isIbmPKCS11Provider();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isKeyEntry(nextElement) || (isIbmPKCS11Provider && keyStore.isCertificateEntry(nextElement))) {
                    arrayList.add(new AliasCertificate(keyStore.getCertificate(nextElement), nextElement));
                }
            }
        } catch (KeyStoreException e) {
            e.printStackTrace();
        }
        return arrayList;
    }

    public List<AliasCertificate> getAliases(int i) {
        return getAliases(this._keyStores.get(i));
    }

    public Certificate getCertificate(int i, int i2) {
        try {
            return this._keyStores.get(i).getCertificate(getAliasAt(i, i2));
        } catch (Exception e) {
            return null;
        }
    }

    public String getFingerPrint(Certificate certificate) throws KeyStoreException {
        if (!(certificate instanceof X509Certificate)) {
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer();
        X509Certificate x509Certificate = (X509Certificate) certificate;
        try {
            String md5Hex = DigestUtils.md5Hex(certificate.getEncoded());
            for (int i = 0; i < md5Hex.length(); i += 2) {
                stringBuffer.append(md5Hex.substring(i, i + 1)).append(":");
            }
            stringBuffer.deleteCharAt(stringBuffer.length() - 1);
            String name = x509Certificate.getSubjectDN().getName();
            log.info("Fingerprint is " + stringBuffer.toString().toUpperCase());
            return stringBuffer.toString().toUpperCase() + " " + name;
        } catch (CertificateEncodingException e) {
            throw new KeyStoreException(e.getMessage());
        }
    }

    public boolean isKeyUnlocked(int i, int i2) {
        KeyStore keyStore = this._keyStores.get(i);
        String aliasAt = getAliasAt(i, i2);
        Map<?, ?> map = this._aliasPasswords.get(keyStore);
        if (map == null) {
            return false;
        }
        return map.containsKey(aliasAt);
    }

    public void setDefaultKey(int i, int i2) throws KeyStoreException {
        this._defaultKeystoreIndex = i;
        this._defaultAliasIndex = i2;
        if (this._defaultKeystoreIndex == -1 || this._defaultAliasIndex == -1) {
            this._defaultKey = Constant.USER_AGENT;
        } else {
            this._defaultKey = getFingerPrint(getCertificate(i, i2));
        }
    }

    public String getDefaultKey() {
        return this._defaultKey;
    }

    public Certificate getDefaultCertificate() {
        return getCertificate(this._defaultKeystoreIndex, this._defaultAliasIndex);
    }

    public int initMSCAPI() throws KeyStoreException, NoSuchProviderException, IOException, NoSuchAlgorithmException, CertificateException {
        try {
            if (!isProviderAvailable("msks")) {
                return -1;
            }
            Security.addProvider((Provider) Class.forName("se.assembla.jce.provider.ms.MSProvider").getDeclaredConstructor(new Class[0]).newInstance(new Object[0]));
            KeyStore keyStore = KeyStore.getInstance("msks", "assembla");
            keyStore.load(null, null);
            return addKeyStore(keyStore, "Microsoft CAPI Store", null);
        } catch (Exception e) {
            log.error("Error instantiating the MSCAPI provider: " + e.getMessage(), e);
            return -1;
        }
    }

    public int initPKCS11(PKCS11Configuration pKCS11Configuration, String str) throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException, ClassNotFoundException, SecurityException, NoSuchMethodException, IllegalArgumentException, InstantiationException, IllegalAccessException, InvocationTargetException {
        if (!isProviderAvailable("PKCS11")) {
            return -1;
        }
        Provider createPKCS11Provider = createPKCS11Provider(pKCS11Configuration);
        Security.addProvider(createPKCS11Provider);
        KeyStore pKCS11KeyStore = getPKCS11KeyStore(createPKCS11Provider.getName());
        pKCS11KeyStore.load(null, str == null ? null : str.toCharArray());
        return addKeyStore(pKCS11KeyStore, "PKCS#11: " + pKCS11Configuration.getName(), Constant.USER_AGENT);
    }

    private static Provider createPKCS11Provider(PKCS11Configuration pKCS11Configuration) throws ClassNotFoundException, NoSuchMethodException, InstantiationException, IllegalAccessException, InvocationTargetException, IOException {
        Provider provider = null;
        if (isSunPKCS11Provider()) {
            if (isJava9SunPKCS11()) {
                Provider provider2 = Security.getProvider(SUN_PKCS11_PROVIDER_NAME);
                Method method = provider2.getClass().getMethod("configure", String.class);
                File createTempFile = File.createTempFile("pkcs11", ".cfg");
                createTempFile.deleteOnExit();
                FileUtils.write(createTempFile, pKCS11Configuration.toString(), StandardCharsets.UTF_8);
                provider = (Provider) method.invoke(provider2, createTempFile.getAbsolutePath());
            } else {
                provider = createInstance(SUN_PKCS11_CANONICAL_CLASS_NAME, InputStream.class, pKCS11Configuration.toInpuStream());
            }
        } else if (isIbmPKCS11Provider()) {
            provider = createInstance(IBM_PKCS11_CONONICAL_CLASS_NAME, BufferedReader.class, new BufferedReader(new InputStreamReader(pKCS11Configuration.toInpuStream())));
        }
        return provider;
    }

    private static Provider createInstance(String str, Class<?> cls, Object obj) throws ClassNotFoundException, NoSuchMethodException, InstantiationException, IllegalAccessException, InvocationTargetException {
        return (Provider) Class.forName(str).getConstructor(cls).newInstance(obj);
    }

    private static boolean isSunPKCS11Provider() {
        try {
            Class.forName(SUN_PKCS11_CANONICAL_CLASS_NAME);
            return true;
        } catch (Throwable th) {
            return false;
        }
    }

    private static boolean isJava9SunPKCS11() {
        if (java9SunPKCS11 != null) {
            return java9SunPKCS11.booleanValue();
        }
        java9SunPKCS11 = Boolean.FALSE;
        try {
            Provider provider = Security.getProvider(SUN_PKCS11_PROVIDER_NAME);
            if (provider != null) {
                provider.getClass().getMethod("configure", String.class);
                java9SunPKCS11 = Boolean.TRUE;
            }
        } catch (NoSuchMethodException e) {
        }
        return java9SunPKCS11.booleanValue();
    }

    private static boolean isIbmPKCS11Provider() {
        try {
            Class.forName(IBM_PKCS11_CONONICAL_CLASS_NAME);
            return true;
        } catch (Throwable th) {
            return false;
        }
    }

    private static KeyStore getPKCS11KeyStore(String str) throws KeyStoreException {
        return KeyStore.getInstance(isIbmPKCS11Provider() ? IBM_PKCS11_KEYSTORE_TYPE : "PKCS11", Security.getProvider(str));
    }

    public int loadPKCS12Certificate(String str, String str2) throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException {
        File file = new File(str);
        if (!file.exists()) {
            throw new FileNotFoundException(str + " could not be found");
        }
        String name = file.getName();
        FileInputStream fileInputStream = new FileInputStream(file);
        Throwable th = null;
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance("PKCS12");
                keyStore.load(fileInputStream, str2 == null ? null : str2.toCharArray());
                int addKeyStore = addKeyStore(keyStore, "PKCS#12: " + name, str2);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                return addKeyStore;
            } finally {
            }
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (th != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }

    public boolean unlockKeyWithDefaultPassword(int i, int i2) throws KeyManagementException, KeyStoreException {
        return unlockKey(i, i2, getKeyStorePassword(i));
    }

    public boolean unlockKey(int i, int i2, String str) throws KeyStoreException, KeyManagementException {
        KeyStore keyStore = this._keyStores.get(i);
        String aliasAt = getAliasAt(i, i2);
        AliasKeyManager aliasKeyManager = new AliasKeyManager(keyStore, aliasAt, str);
        try {
            aliasKeyManager.getPrivateKey(aliasAt).toString();
            String fingerPrint = getFingerPrint(getCertificate(i, i2));
            if (fingerPrint == null) {
                log.info("No fingerprint found");
                return false;
            }
            try {
                SSLContext sSLContext = SSLContext.getInstance("SSL");
                sSLContext.init(new KeyManager[]{aliasKeyManager}, _trustAllCerts, new SecureRandom());
                String str2 = fingerPrint;
                if (str2.indexOf(" ") > 0) {
                    str2 = str2.substring(0, str2.indexOf(" "));
                }
                this._contextMaps.put(str2, sSLContext);
                log.info("Key has been unlocked.");
                return true;
            } catch (NoSuchAlgorithmException e) {
                log.error("Could not get an instance of the SSL algorithm: " + e.getMessage(), e);
                return false;
            }
        } catch (NullPointerException e2) {
            log.error("Could not get private key: " + e2.getMessage(), e2);
            return false;
        }
    }

    public void invalidateSessions() {
        invalidateSession(this._noClientCertContext);
        Iterator<String> it = this._contextMaps.keySet().iterator();
        while (it.hasNext()) {
            invalidateSession(this._contextMaps.get(it.next()));
        }
    }

    private void invalidateSession(SSLContext sSLContext) {
        SSLSessionContext clientSessionContext = sSLContext.getClientSessionContext();
        if (clientSessionContext != null) {
            int sessionTimeout = clientSessionContext.getSessionTimeout();
            clientSessionContext.setSessionTimeout(1);
            clientSessionContext.setSessionTimeout(sessionTimeout);
        }
        SSLSessionContext serverSessionContext = sSLContext.getServerSessionContext();
        if (serverSessionContext != null) {
            int sessionTimeout2 = serverSessionContext.getSessionTimeout();
            serverSessionContext.setSessionTimeout(1);
            serverSessionContext.setSessionTimeout(sessionTimeout2);
        }
    }

    public SSLContext getSSLContext(String str) {
        log.info("Requested SSLContext for " + str);
        if (str == null || str.equals("none")) {
            return this._noClientCertContext;
        }
        if (str.indexOf(" ") > 0) {
            str = str.substring(0, str.indexOf(" "));
        }
        return this._contextMaps.get(str);
    }
}
