package com.sshtools.unitty;

import com.sshtools.appframework.util.IOUtil;
import java.awt.Component;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
import javax.net.ssl.X509TrustManager;
import javax.swing.JOptionPane;
import javax.swing.JPanel;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/sshtools/unitty/UniTTYTrustManager.class */
public class UniTTYTrustManager implements X509TrustManager, HostnameVerifier {
    static final String STORE_TYPE = "JKS";
    private KeyStore keyStore;
    private Exception keyStoreException;
    private Object keystoreLastModified;
    static final Logger log = LoggerFactory.getLogger((Class<?>) UniTTYTrustManager.class);
    private static UniTTYTrustManager trustManager = new UniTTYTrustManager();

    /* loaded from: input_file:com/sshtools/unitty/UniTTYTrustManager$CertificateViewer.class */
    public class CertificateViewer extends JPanel {
        public CertificateViewer() {
        }
    }

    public static UniTTYTrustManager getInstance() {
        return trustManager;
    }

    private UniTTYTrustManager() {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkChainTrusted(x509CertificateArr);
    }

    /* JADX WARN: Finally extract failed */
    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            checkChainTrusted(x509CertificateArr);
        } catch (CertificateException e) {
            log.info("Untrusted Certificate chain:");
            if (1 == JOptionPane.showConfirmDialog((Component) null, "Do you want to trust the certificate\n'" + x509CertificateArr[x509CertificateArr.length - 1].getSubjectDN().toString() + "'\n, issued by '" + x509CertificateArr[x509CertificateArr.length - 1].getIssuerDN().toString(), "Review Certificate", 0)) {
                throw new CertificateException("Certificate rejected by user.");
            }
            for (int i = 0; i < x509CertificateArr.length; i++) {
                log.info("Certificate chain[" + i + "]:");
                log.info("Subject: " + x509CertificateArr[i].getSubjectDN().toString());
                log.info("Issuer: " + x509CertificateArr[i].getIssuerDN().toString());
            }
            for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
                try {
                    this.keyStore.setCertificateEntry(x509CertificateArr[i2].getIssuerDN().toString(), x509CertificateArr[i2]);
                } catch (CertificateException e2) {
                    throw e2;
                } catch (Exception e3) {
                    log.error("Failed to check certificate.", (Throwable) e3);
                    throw new CertificateException(e3);
                }
            }
            FileOutputStream fileOutputStream = null;
            try {
                fileOutputStream = new FileOutputStream(getKeyStoreFile());
                this.keyStore.store(fileOutputStream, getKeyStorePassword());
                IOUtil.closeStream(fileOutputStream);
            } catch (Throwable th) {
                IOUtil.closeStream(fileOutputStream);
                throw th;
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        checkKeyStore();
        X509Certificate[] x509CertificateArr = null;
        try {
            int size = this.keyStore.size();
            if (size > 0) {
                x509CertificateArr = new X509Certificate[size];
                Enumeration<String> aliases = this.keyStore.aliases();
                int i = 0;
                while (aliases.hasMoreElements()) {
                    x509CertificateArr[i] = (X509Certificate) this.keyStore.getCertificate(aliases.nextElement());
                    i++;
                }
            }
        } catch (Exception e) {
            System.out.println("getAcceptedIssuers Exception: " + e.toString());
            x509CertificateArr = null;
        }
        return x509CertificateArr;
    }

    public KeyStore getKeyStore() {
        checkKeyStore();
        return this.keyStore;
    }

    public Throwable getKeyStoreError() {
        return this.keyStoreException;
    }

    void checkKeyStore() {
        try {
            File keyStoreFile = getKeyStoreFile();
            if (keyStoreFile.exists()) {
                Date date = new Date(keyStoreFile.lastModified());
                if (this.keyStore == null || this.keystoreLastModified == null || !this.keystoreLastModified.equals(date)) {
                    this.keystoreLastModified = date;
                    reloadKeystore();
                }
            } else if (this.keyStore == null) {
                this.keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                this.keyStore.load(null, null);
                this.keyStoreException = null;
            }
        } catch (Exception e) {
            log.error("Failed to check key store.", (Throwable) e);
            this.keyStoreException = e;
        }
    }

    File getKeyStoreFile() {
        return new File(UniTTY.PREF_DIR, "ssl-keystore");
    }

    char[] getKeyStorePassword() {
        return "secret".toCharArray();
    }

    /* JADX WARN: Finally extract failed */
    void reloadKeystore() {
        this.keyStoreException = null;
        this.keyStore = null;
        try {
            File keyStoreFile = getKeyStoreFile();
            FileInputStream fileInputStream = null;
            if (keyStoreFile.exists()) {
                this.keyStoreException = null;
                this.keyStore = null;
                try {
                    this.keyStore = KeyStore.getInstance(STORE_TYPE);
                    char[] keyStorePassword = getKeyStorePassword();
                    if (keyStorePassword == null) {
                        throw new Exception("Keystore authenticatiomn failed");
                    }
                    String str = new String(keyStorePassword);
                    if (keyStoreFile.length() != 0) {
                        fileInputStream = new FileInputStream(keyStoreFile);
                        this.keyStore.load(fileInputStream, str.toCharArray());
                    }
                    IOUtil.closeStream(fileInputStream);
                } catch (Throwable th) {
                    IOUtil.closeStream((InputStream) null);
                    throw th;
                }
            }
        } catch (Exception e) {
            log.error("Failed to check key store.", (Throwable) e);
            this.keyStoreException = e;
        }
    }

    private void checkChainTrusted(X509Certificate[] x509CertificateArr) throws CertificateException {
        checkKeyStore();
        if (this.keyStore == null) {
            throw new CertificateException("Key store does not exist.");
        }
        try {
            for (int length = x509CertificateArr.length - 1; length >= 0; length--) {
                if (this.keyStore.getCertificateAlias(x509CertificateArr[length]) != null) {
                    return;
                }
            }
            throw new CertificateException("Chain is not trusted.");
        } catch (Exception e) {
            throw new CertificateException("Chain is not trusted.", e);
        }
    }

    @Override // javax.net.ssl.HostnameVerifier
    public boolean verify(String str, SSLSession sSLSession) {
        System.err.println("TODO: Hostname verfification missing.");
        return true;
    }
}
