package org.knopflerfish.framework.validator;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertPathParameters;
import java.security.cert.CertPathValidator;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import org.knopflerfish.framework.Debug;
import org.knopflerfish.framework.FrameworkContext;
import org.knopflerfish.framework.Util;
import org.knopflerfish.framework.Validator;
import org.osgi.framework.Constants;

/* loaded from: input_file:org/knopflerfish/framework/validator/JKSValidator.class */
public class JKSValidator implements Validator {
    private static final String CA_CERTS_PROP = "org.knopflerfish.framework.validator.jks.ca_certs";
    private static final String CA_CERTS_PASSWORD_PROP = "org.knopflerfish.framework.validator.jks.ca_certs_password";
    private static final String CERT_PROVIDER_PROP = "org.knopflerfish.framework.validator.jks.cert_provider";
    private String certProvider;
    private final Debug debug;
    private CertificateFactory certFactory = null;
    private CertPathValidator certValidator = null;
    private boolean trustKeys = true;
    private final KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());

    public JKSValidator(FrameworkContext frameworkContext) throws KeyStoreException {
        this.debug = frameworkContext.debug;
        frameworkContext.props.setPropertyDefault(CERT_PROVIDER_PROP, "");
        this.certProvider = frameworkContext.props.getProperty(CERT_PROVIDER_PROP);
        String property = frameworkContext.props.getProperty(Constants.FRAMEWORK_TRUST_REPOSITORIES);
        if (property.length() <= 0) {
            frameworkContext.props.setPropertyDefault(CA_CERTS_PROP, new StringBuffer().append(System.getProperty("java.home")).append("/lib/security/cacerts".replace('/', File.separatorChar)).toString());
            frameworkContext.props.setPropertyDefault(CA_CERTS_PASSWORD_PROP, "changeit");
            String property2 = frameworkContext.props.getProperty(CA_CERTS_PROP);
            if (property2 != null) {
                loadKeyStore(property2, frameworkContext.props.getProperty(CA_CERTS_PASSWORD_PROP));
                return;
            }
            return;
        }
        for (String str : Util.splitwords(property, File.pathSeparator)) {
            String trim = str.trim();
            if (trim.length() > 0) {
                loadKeyStore(trim, null);
            }
        }
    }

    @Override // org.knopflerfish.framework.Validator
    public boolean validateCertificateChain(List list) {
        if (this.keystore == null) {
            return false;
        }
        try {
            getCertPathValidator().validate(getCertificateFactory().generateCertPath((List<? extends Certificate>) list), getCertPathParameters(this.keystore));
            return true;
        } catch (GeneralSecurityException e) {
            return false;
        }
    }

    private CertificateFactory getCertificateFactory() throws GeneralSecurityException {
        if (this.certFactory == null) {
            if (this.certProvider.length() > 0) {
                this.certFactory = CertificateFactory.getInstance("X.509", this.certProvider);
            } else {
                this.certFactory = CertificateFactory.getInstance("X.509");
            }
        }
        return this.certFactory;
    }

    private CertPathParameters getCertPathParameters(KeyStore keyStore) throws GeneralSecurityException {
        HashSet hashSet = new HashSet();
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            Certificate certificate = keyStore.getCertificate(nextElement);
            if (certificate != null && (this.trustKeys || keyStore.isCertificateEntry(nextElement))) {
                hashSet.add(new TrustAnchor((X509Certificate) certificate, null));
            }
        }
        PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
        pKIXParameters.setRevocationEnabled(false);
        return pKIXParameters;
    }

    private CertPathValidator getCertPathValidator() throws GeneralSecurityException {
        if (this.certValidator == null) {
            if (this.certProvider.length() > 0) {
                this.certValidator = CertPathValidator.getInstance("PKIX", this.certProvider);
            } else {
                this.certValidator = CertPathValidator.getInstance("PKIX");
            }
        }
        return this.certValidator;
    }

    private void loadKeyStore(String str, String str2) {
        FileInputStream fileInputStream = null;
        try {
            fileInputStream = new FileInputStream(str);
            this.keystore.load(fileInputStream, str2 != null ? str2.toCharArray() : null);
            if (this.debug.certificates) {
                this.debug.println(new StringBuffer().append("Loaded keystore, ").append(str).toString());
            }
        } catch (Exception e) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e2) {
                }
            }
            this.debug.printStackTrace(new StringBuffer().append("Failed to load keystore, ").append(str).toString(), e);
        }
    }
}
