package org.freshcookies.security.cert;

import com.ecyrd.jspwiki.Release;
import com.opensymphony.oscache.plugins.diskpersistence.HashDiskPersistenceListener;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.text.DateFormat;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:org/freshcookies/security/cert/Trustee.class */
public class Trustee {
    private String trustedCAPath;
    private final KeyStore trustedCAStore = initSystemCAStore();
    private final X509TrustManager sslTrustManager = initSSLTrustManager();
    private boolean certsAdded = false;

    public static String getAlias(X509Certificate x509Certificate) {
        CertificateDN certificateDN = new CertificateDN(x509Certificate.getSubjectDN());
        return certificateDN.getCommonName() != null ? certificateDN.getCommonName() : certificateDN.getOrganizationalUnit() != null ? new StringBuffer(String.valueOf(certificateDN.getOrganizationalUnit())).append("-").append(x509Certificate.getSerialNumber().toString()).toString() : certificateDN.getDomainComponent() != null ? new StringBuffer(String.valueOf(certificateDN.getDomainComponent())).append("-").append(x509Certificate.getSerialNumber().toString()).toString() : x509Certificate.getSerialNumber().toString();
    }

    public static String getCertificateInfo(X509Certificate x509Certificate) {
        String stringBuffer = new StringBuffer(String.valueOf(new StringBuffer("Creation date: ").append(DateFormat.getDateInstance(2).format(x509Certificate.getNotBefore())).append("\n").toString())).append("Owner:\n").toString();
        CertificateDN certificateDN = new CertificateDN(x509Certificate.getSubjectDN());
        String stringBuffer2 = new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(stringBuffer)).append(certificateDN.getCommonName() != null ? new StringBuffer("         CN=").append(certificateDN.getCommonName()).append("\n").toString() : Release.BUILD).toString())).append(certificateDN.getOrganization() != null ? new StringBuffer("         O=").append(certificateDN.getOrganization()).append("\n").toString() : Release.BUILD).toString())).append(certificateDN.getOrganizationalUnit() != null ? new StringBuffer("         OU=").append(certificateDN.getOrganizationalUnit()).append("\n").toString() : Release.BUILD).toString())).append(certificateDN.getDomainComponent() != null ? new StringBuffer("         DC=").append(certificateDN.getDomainComponent()).append("\n").toString() : Release.BUILD).toString())).append(certificateDN.getLocality() != null ? new StringBuffer("         L=").append(certificateDN.getLocality()).append("\n").toString() : Release.BUILD).toString())).append(certificateDN.getState() != null ? new StringBuffer("         S=").append(certificateDN.getState()).append("\n").toString() : Release.BUILD).toString())).append(certificateDN.getCountry() != null ? new StringBuffer("         C=").append(certificateDN.getCountry()).append("\n").toString() : Release.BUILD).toString())).append(certificateDN.getEmail() != null ? new StringBuffer("         E=").append(certificateDN.getEmail()).append("\n").toString() : Release.BUILD).toString())).append("Issuer:\n").toString();
        CertificateDN certificateDN2 = new CertificateDN(x509Certificate.getIssuerDN());
        return new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(stringBuffer2)).append(certificateDN2.getCommonName() != null ? new StringBuffer("         CN=").append(certificateDN2.getCommonName()).append("\n").toString() : Release.BUILD).toString())).append(certificateDN2.getOrganization() != null ? new StringBuffer("         O=").append(certificateDN2.getOrganization()).append("\n").toString() : Release.BUILD).toString())).append(certificateDN2.getOrganizationalUnit() != null ? new StringBuffer("         OU=").append(certificateDN2.getOrganizationalUnit()).append("\n").toString() : Release.BUILD).toString())).append(certificateDN2.getDomainComponent() != null ? new StringBuffer("         DC=").append(certificateDN2.getDomainComponent()).append("\n").toString() : Release.BUILD).toString())).append(certificateDN2.getLocality() != null ? new StringBuffer("         L=").append(certificateDN2.getLocality()).append("\n").toString() : Release.BUILD).toString())).append(certificateDN2.getState() != null ? new StringBuffer("         S=").append(certificateDN2.getState()).append("\n").toString() : Release.BUILD).toString())).append(certificateDN2.getCountry() != null ? new StringBuffer("         C=").append(certificateDN2.getCountry()).append("\n").toString() : Release.BUILD).toString())).append(certificateDN2.getEmail() != null ? new StringBuffer("         E=").append(certificateDN2.getEmail()).append("\n").toString() : Release.BUILD).toString())).append("Serial number: ").append(x509Certificate.getSerialNumber()).append("\n").toString())).append("Valid from: ").append(x509Certificate.getNotBefore()).append(" until: ").append(x509Certificate.getNotAfter()).append("\n").toString())).append("Certificate fingerprints:\n").toString())).append("         MD5:  ").append(getCertFingerPrint(HashDiskPersistenceListener.DEFAULT_HASH_ALGORITHM, x509Certificate)).append("\n").toString())).append("         SHA1: ").append(getCertFingerPrint("SHA1", x509Certificate)).append("\n").toString();
    }

    private static void byte2hex(byte b, StringBuffer stringBuffer) {
        char[] cArr = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
        stringBuffer.append(cArr[(b & 240) >> 4]);
        stringBuffer.append(cArr[b & 15]);
    }

    private static String getCertFingerPrint(String str, Certificate certificate) {
        try {
            return toHexString(MessageDigest.getInstance(str).digest(certificate.getEncoded()));
        } catch (Exception e) {
            return "(error)";
        }
    }

    private static String toHexString(byte[] bArr) {
        StringBuffer stringBuffer = new StringBuffer();
        int length = bArr.length;
        for (int i = 0; i < length; i++) {
            byte2hex(bArr[i], stringBuffer);
            if (i < length - 1) {
                stringBuffer.append(":");
            }
        }
        return stringBuffer.toString();
    }

    public boolean trustCACertificate(X509Certificate x509Certificate) throws KeyStoreException {
        if (!isTrustedCA(x509Certificate)) {
            System.out.println("This is a CA certificate. It is NOT trusted.");
            try {
                if (yesResponse("Do you want to trust this certificate?")) {
                    String alias = getAlias(x509Certificate);
                    System.out.println(new StringBuffer("Adding CA to trust store with alias ").append(alias).toString());
                    this.trustedCAStore.setCertificateEntry(alias, x509Certificate);
                    System.out.println("..success");
                    this.certsAdded = true;
                    return true;
                }
            } catch (IOException e) {
                System.out.println(new StringBuffer("Could not add certificate: ").append(e.getLocalizedMessage()).toString());
                return false;
            }
        }
        System.out.println("This is a CA certificate. It is already trusted.");
        return false;
    }

    public boolean commit() {
        if (!this.certsAdded) {
            System.err.println("No need to commit (no certificates added).");
            return false;
        }
        try {
            if (!new File(this.trustedCAPath).canWrite()) {
                System.out.println(new StringBuffer("FATAL: You do not have write privileges to the Java JSSE trust store ").append(this.trustedCAPath).append("\n\nTry running the application using sudo, or as root.\n").toString());
                return false;
            }
            FileOutputStream fileOutputStream = new FileOutputStream(this.trustedCAPath);
            this.trustedCAStore.store(fileOutputStream, "changeit".toCharArray());
            fileOutputStream.close();
            return true;
        } catch (IOException e) {
            System.out.println(new StringBuffer("IO exception: ").append(e.getMessage()).toString());
            return false;
        } catch (KeyStoreException e2) {
            System.out.println(new StringBuffer("Keystore exception: ").append(e2.getMessage()).toString());
            return false;
        } catch (NoSuchAlgorithmException e3) {
            System.out.println(new StringBuffer("No such algorithm: ").append(e3.getMessage()).toString());
            return false;
        } catch (CertificateException e4) {
            System.out.println(new StringBuffer("Certificate exception: ").append(e4.getMessage()).toString());
            return false;
        }
    }

    public void saveCertificate(X509Certificate x509Certificate) throws IOException, CertificateEncodingException {
        String stringBuffer = new StringBuffer(String.valueOf(System.getProperty("user.dir"))).append("/").append(getAlias(x509Certificate).replaceAll("[,\\.\\\\/]", Release.BUILD)).append(".cer").toString();
        FileOutputStream fileOutputStream = new FileOutputStream(stringBuffer);
        fileOutputStream.write(x509Certificate.getEncoded());
        fileOutputStream.close();
        System.out.println(new StringBuffer("Saved certificate as ").append(stringBuffer).toString());
    }

    private X509TrustManager initSSLTrustManager() {
        TrustManager[] trustManagerArr = new TrustManager[0];
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(this.trustedCAStore);
            trustManagerArr = trustManagerFactory.getTrustManagers();
        } catch (KeyStoreException e) {
            System.out.println(new StringBuffer("Could not initialize trust manager with system keystore: ").append(e.getMessage()).toString());
        } catch (NoSuchAlgorithmException e2) {
            System.out.println(new StringBuffer("No such algorithm: ").append(e2.getMessage()).toString());
        }
        for (int i = 0; i < trustManagerArr.length; i++) {
            if (trustManagerArr[i] instanceof X509TrustManager) {
                return (X509TrustManager) trustManagerArr[i];
            }
        }
        return null;
    }

    private KeyStore initSystemCAStore() {
        this.trustedCAPath = System.getProperty("javax.net.ssl.trustStore");
        if (this.trustedCAPath == null) {
            this.trustedCAPath = new StringBuffer(String.valueOf(System.getProperty("java.home"))).append("/lib/security/cacerts").toString();
        }
        KeyStore keyStore = null;
        try {
            keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            FileInputStream fileInputStream = new FileInputStream(this.trustedCAPath);
            System.out.println(new StringBuffer("Locating certificate trust store: ").append(this.trustedCAPath).toString());
            keyStore.load(fileInputStream, "changeit".toCharArray());
            fileInputStream.close();
        } catch (FileNotFoundException e) {
            System.out.println(new StringBuffer("Could not open keystore file: ").append(e.getMessage()).toString());
        } catch (IOException e2) {
            System.out.println(new StringBuffer("IO exception: ").append(e2.getMessage()).toString());
        } catch (KeyStoreException e3) {
            System.out.println(new StringBuffer("Could not get keystore: ").append(e3.getMessage()).toString());
        } catch (NoSuchAlgorithmException e4) {
            System.out.println(new StringBuffer("No such algorithm: ").append(e4.getMessage()).toString());
        } catch (CertificateException e5) {
            System.out.println(new StringBuffer("Certificate exception: ").append(e5.getMessage()).toString());
        }
        return keyStore;
    }

    private boolean isTrustedCA(X509Certificate x509Certificate) {
        X509Certificate[] acceptedIssuers = this.sslTrustManager.getAcceptedIssuers();
        boolean z = false;
        int i = 0;
        while (true) {
            if (i >= acceptedIssuers.length) {
                break;
            }
            if (x509Certificate.equals(acceptedIssuers[i])) {
                z = true;
                break;
            }
            i++;
        }
        return z;
    }

    private synchronized boolean yesResponse(String str) throws IOException {
        String str2 = " ";
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(System.in));
        while (!"YES".equals(str2) && !"NO".equals(str2)) {
            System.out.print(new StringBuffer(String.valueOf(str)).append(" (yes/no): ").toString());
            str2 = bufferedReader.readLine().toUpperCase().trim();
        }
        return "YES".equals(str2);
    }
}
