package org.freshcookies.security.cert;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.text.DateFormat;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.logging.log4j.message.ParameterizedMessage;

/* loaded from: input_file:WEB-INF/lib/freshcookies-security-0.60.jar:org/freshcookies/security/cert/Trustee.class */
public class Trustee {
    private String trustedCAPath;
    private final KeyStore trustedCAStore = initSystemCAStore();
    private final X509TrustManager sslTrustManager = initSSLTrustManager();
    private boolean certsAdded = false;

    public static String getAlias(X509Certificate x509Certificate) {
        CertificateDN certificateDN = new CertificateDN(x509Certificate.getSubjectDN());
        return certificateDN.getCommonName() != null ? certificateDN.getCommonName() : certificateDN.getOrganizationalUnit() != null ? certificateDN.getOrganizationalUnit() + "-" + x509Certificate.getSerialNumber().toString() : certificateDN.getDomainComponent() != null ? certificateDN.getDomainComponent() + "-" + x509Certificate.getSerialNumber().toString() : x509Certificate.getSerialNumber().toString();
    }

    public static String getCertificateInfo(X509Certificate x509Certificate) {
        String str = ("Creation date: " + DateFormat.getDateInstance(2).format(x509Certificate.getNotBefore()) + "\n") + "Owner:\n";
        CertificateDN certificateDN = new CertificateDN(x509Certificate.getSubjectDN());
        String str2 = ((((((((str + (certificateDN.getCommonName() != null ? "         CN=" + certificateDN.getCommonName() + "\n" : "")) + (certificateDN.getOrganization() != null ? "         O=" + certificateDN.getOrganization() + "\n" : "")) + (certificateDN.getOrganizationalUnit() != null ? "         OU=" + certificateDN.getOrganizationalUnit() + "\n" : "")) + (certificateDN.getDomainComponent() != null ? "         DC=" + certificateDN.getDomainComponent() + "\n" : "")) + (certificateDN.getLocality() != null ? "         L=" + certificateDN.getLocality() + "\n" : "")) + (certificateDN.getState() != null ? "         S=" + certificateDN.getState() + "\n" : "")) + (certificateDN.getCountry() != null ? "         C=" + certificateDN.getCountry() + "\n" : "")) + (certificateDN.getEmail() != null ? "         E=" + certificateDN.getEmail() + "\n" : "")) + "Issuer:\n";
        CertificateDN certificateDN2 = new CertificateDN(x509Certificate.getIssuerDN());
        return ((((((((((((str2 + (certificateDN2.getCommonName() != null ? "         CN=" + certificateDN2.getCommonName() + "\n" : "")) + (certificateDN2.getOrganization() != null ? "         O=" + certificateDN2.getOrganization() + "\n" : "")) + (certificateDN2.getOrganizationalUnit() != null ? "         OU=" + certificateDN2.getOrganizationalUnit() + "\n" : "")) + (certificateDN2.getDomainComponent() != null ? "         DC=" + certificateDN2.getDomainComponent() + "\n" : "")) + (certificateDN2.getLocality() != null ? "         L=" + certificateDN2.getLocality() + "\n" : "")) + (certificateDN2.getState() != null ? "         S=" + certificateDN2.getState() + "\n" : "")) + (certificateDN2.getCountry() != null ? "         C=" + certificateDN2.getCountry() + "\n" : "")) + (certificateDN2.getEmail() != null ? "         E=" + certificateDN2.getEmail() + "\n" : "")) + "Serial number: " + x509Certificate.getSerialNumber() + "\n") + "Valid from: " + x509Certificate.getNotBefore() + " until: " + x509Certificate.getNotAfter() + "\n") + "Certificate fingerprints:\n") + "         MD5:  " + getCertFingerPrint("MD5", x509Certificate) + "\n") + "         SHA1: " + getCertFingerPrint("SHA1", x509Certificate) + "\n";
    }

    private static void byte2hex(byte b, StringBuffer stringBuffer) {
        char[] cArr = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
        stringBuffer.append(cArr[(b & 240) >> 4]);
        stringBuffer.append(cArr[b & 15]);
    }

    private static String getCertFingerPrint(String str, Certificate certificate) {
        try {
            return toHexString(MessageDigest.getInstance(str).digest(certificate.getEncoded()));
        } catch (Exception e) {
            return "(error)";
        }
    }

    private static String toHexString(byte[] bArr) {
        StringBuffer stringBuffer = new StringBuffer();
        int length = bArr.length;
        for (int i = 0; i < length; i++) {
            byte2hex(bArr[i], stringBuffer);
            if (i < length - 1) {
                stringBuffer.append(ParameterizedMessage.ERROR_MSG_SEPARATOR);
            }
        }
        return stringBuffer.toString();
    }

    public boolean trustCACertificate(X509Certificate x509Certificate) throws KeyStoreException {
        if (!isTrustedCA(x509Certificate)) {
            System.out.println("This is a CA certificate. It is NOT trusted.");
            try {
                if (yesResponse("Do you want to trust this certificate?")) {
                    String alias = getAlias(x509Certificate);
                    System.out.println("Adding CA to trust store with alias " + alias);
                    this.trustedCAStore.setCertificateEntry(alias, x509Certificate);
                    System.out.println("..success");
                    this.certsAdded = true;
                    return true;
                }
            } catch (IOException e) {
                System.out.println("Could not add certificate: " + e.getLocalizedMessage());
                return false;
            }
        }
        System.out.println("This is a CA certificate. It is already trusted.");
        return false;
    }

    public boolean commit() {
        if (!this.certsAdded) {
            System.err.println("No need to commit (no certificates added).");
            return false;
        }
        try {
            if (!new File(this.trustedCAPath).canWrite()) {
                System.out.println("FATAL: You do not have write privileges to the Java JSSE trust store " + this.trustedCAPath + "\n\nTry running the application using sudo, or as root.\n");
                return false;
            }
            FileOutputStream fileOutputStream = new FileOutputStream(this.trustedCAPath);
            this.trustedCAStore.store(fileOutputStream, "changeit".toCharArray());
            fileOutputStream.close();
            return true;
        } catch (IOException e) {
            System.out.println("IO exception: " + e.getMessage());
            return false;
        } catch (KeyStoreException e2) {
            System.out.println("Keystore exception: " + e2.getMessage());
            return false;
        } catch (NoSuchAlgorithmException e3) {
            System.out.println("No such algorithm: " + e3.getMessage());
            return false;
        } catch (CertificateException e4) {
            System.out.println("Certificate exception: " + e4.getMessage());
            return false;
        }
    }

    public void saveCertificate(X509Certificate x509Certificate) throws IOException, CertificateEncodingException {
        String str = System.getProperty("user.dir") + "/" + getAlias(x509Certificate).replaceAll("[,\\.\\\\/]", "") + ".cer";
        FileOutputStream fileOutputStream = new FileOutputStream(str);
        fileOutputStream.write(x509Certificate.getEncoded());
        fileOutputStream.close();
        System.out.println("Saved certificate as " + str);
    }

    private X509TrustManager initSSLTrustManager() {
        TrustManager[] trustManagerArr = new TrustManager[0];
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(this.trustedCAStore);
            trustManagerArr = trustManagerFactory.getTrustManagers();
        } catch (KeyStoreException e) {
            System.out.println("Could not initialize trust manager with system keystore: " + e.getMessage());
        } catch (NoSuchAlgorithmException e2) {
            System.out.println("No such algorithm: " + e2.getMessage());
        }
        for (int i = 0; i < trustManagerArr.length; i++) {
            if (trustManagerArr[i] instanceof X509TrustManager) {
                return (X509TrustManager) trustManagerArr[i];
            }
        }
        return null;
    }

    private KeyStore initSystemCAStore() {
        this.trustedCAPath = System.getProperty("javax.net.ssl.trustStore");
        if (this.trustedCAPath == null) {
            this.trustedCAPath = System.getProperty("java.home") + "/lib/security/cacerts";
        }
        KeyStore keyStore = null;
        try {
            keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            FileInputStream fileInputStream = new FileInputStream(this.trustedCAPath);
            System.out.println("Locating certificate trust store: " + this.trustedCAPath);
            keyStore.load(fileInputStream, "changeit".toCharArray());
            fileInputStream.close();
        } catch (FileNotFoundException e) {
            System.out.println("Could not open keystore file: " + e.getMessage());
        } catch (IOException e2) {
            System.out.println("IO exception: " + e2.getMessage());
        } catch (KeyStoreException e3) {
            System.out.println("Could not get keystore: " + e3.getMessage());
        } catch (NoSuchAlgorithmException e4) {
            System.out.println("No such algorithm: " + e4.getMessage());
        } catch (CertificateException e5) {
            System.out.println("Certificate exception: " + e5.getMessage());
        }
        return keyStore;
    }

    private boolean isTrustedCA(X509Certificate x509Certificate) {
        X509Certificate[] acceptedIssuers = this.sslTrustManager.getAcceptedIssuers();
        boolean z = false;
        int i = 0;
        while (true) {
            if (i >= acceptedIssuers.length) {
                break;
            }
            if (x509Certificate.equals(acceptedIssuers[i])) {
                z = true;
                break;
            }
            i++;
        }
        return z;
    }

    private synchronized boolean yesResponse(String str) throws IOException {
        String str2 = " ";
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(System.in));
        while (!"YES".equals(str2) && !"NO".equals(str2)) {
            System.out.print(str + " (yes/no): ");
            str2 = bufferedReader.readLine().toUpperCase().trim();
        }
        return "YES".equals(str2);
    }
}
