package tigase.io;

import java.io.CharArrayReader;
import java.io.File;
import java.io.FileFilter;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.ConcurrentSkipListMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.X509TrustManager;
import tigase.cert.CertificateEntry;
import tigase.cert.CertificateUtil;
import tigase.db.jdbc.TigaseCustomAuth;

/* loaded from: input_file:tigase/io/SSLContextContainer.class */
public class SSLContextContainer implements SSLContextContainerIfc {
    private static final Logger log = Logger.getLogger(SSLContextContainer.class.getName());
    public static final String PER_DOMAIN_CERTIFICATE_KEY = "virt-hosts-cert-";
    private ArrayList<X509Certificate> acceptedIssuers = new ArrayList<>(200);
    private File[] certsDirs = null;
    private String def_cert_alias = null;
    private String email = "admin@tigase.org";
    private char[] emptyPass = new char[0];
    private Map<String, KeyManagerFactory> kmfs = new ConcurrentSkipListMap();
    private String o = "Tigase.org";
    private String ou = "XMPP Service";
    private SecureRandom secureRandom = new SecureRandom();
    private Map<String, SSLContext> sslContexts = new ConcurrentSkipListMap();
    private X509TrustManager[] tms = {new FakeTrustManager()};
    private KeyStore trustKeyStore = null;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:tigase/io/SSLContextContainer$FakeTrustManager.class */
    public static class FakeTrustManager implements X509TrustManager {
        private X509Certificate[] issuers;

        FakeTrustManager() {
            this.issuers = null;
        }

        FakeTrustManager(X509Certificate[] x509CertificateArr) {
            this.issuers = null;
            this.issuers = x509CertificateArr;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.issuers;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:tigase/io/SSLContextContainer$PEMFileFilter.class */
    public class PEMFileFilter implements FileFilter {
        private PEMFileFilter() {
        }

        @Override // java.io.FileFilter
        public boolean accept(File file) {
            if (file.isFile()) {
                return file.getName().endsWith(".pem") || file.getName().endsWith(".PEM") || file.getName().endsWith(".crt") || file.getName().endsWith(".CRT") || file.getName().endsWith(".cer") || file.getName().endsWith(".CER");
            }
            return false;
        }
    }

    private KeyManagerFactory addCertificateEntry(CertificateEntry certificateEntry, String str, boolean z) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, this.emptyPass);
        keyStore.setKeyEntry(str, certificateEntry.getPrivateKey(), this.emptyPass, certificateEntry.getCertChain());
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        keyManagerFactory.init(keyStore, this.emptyPass);
        this.kmfs.put(str, keyManagerFactory);
        if (z) {
            CertificateUtil.storeCertificate(new File(this.certsDirs[0], str + ".pem").toString(), certificateEntry);
        }
        return keyManagerFactory;
    }

    @Override // tigase.io.SSLContextContainerIfc
    public void addCertificates(Map<String, String> map) throws CertificateParsingException {
        String str = map.get(SSLContextContainerIfc.PEM_CERTIFICATE_KEY);
        String str2 = map.get(SSLContextContainerIfc.CERT_SAVE_TO_DISK_KEY);
        boolean z = str2 != null && str2.equalsIgnoreCase(SSLContextContainerIfc.ALLOW_SELF_SIGNED_CERTS_VAL);
        String str3 = map.get(SSLContextContainerIfc.CERT_ALIAS_KEY);
        if (str3 == null) {
            throw new RuntimeException("Certificate alias must be specified");
        }
        if (str != null) {
            try {
                addCertificateEntry(CertificateUtil.parseCertificate(new CharArrayReader(str.toCharArray())), str3, z);
                this.sslContexts.remove(str3);
            } catch (Exception e) {
                throw new CertificateParsingException("Problem adding a new certificate.", e);
            }
        }
    }

    private Map<String, File> findPredefinedCertificates(Map<String, Object> map) {
        HashMap hashMap = new HashMap();
        if (map == null) {
            return hashMap;
        }
        for (String str : map.keySet()) {
            if (str.startsWith(PER_DOMAIN_CERTIFICATE_KEY)) {
                hashMap.put(str.substring(PER_DOMAIN_CERTIFICATE_KEY.length()), new File(map.get(str).toString()));
            }
        }
        return hashMap;
    }

    @Override // tigase.io.SSLContextContainerIfc
    public SSLContext getSSLContext(String str, String str2) {
        SSLContext sSLContext;
        String str3 = str2;
        if (str3 == null) {
            try {
                str3 = this.def_cert_alias;
            } catch (Exception e) {
                log.log(Level.SEVERE, "Can not initialize SSLContext for domain: " + str3 + ", protocol: " + str, (Throwable) e);
                sSLContext = null;
            }
        }
        sSLContext = this.sslContexts.get(str3);
        if (sSLContext == null) {
            KeyManagerFactory keyManagerFactory = this.kmfs.get(str3);
            if (keyManagerFactory == null) {
                KeyPair createKeyPair = CertificateUtil.createKeyPair(1024, "secret");
                X509Certificate createSelfSignedCertificate = CertificateUtil.createSelfSignedCertificate(this.email, str3, this.ou, this.o, (String) null, (String) null, (String) null, createKeyPair);
                CertificateEntry certificateEntry = new CertificateEntry();
                certificateEntry.setPrivateKey(createKeyPair.getPrivate());
                certificateEntry.setCertChain(new Certificate[]{createSelfSignedCertificate});
                keyManagerFactory = addCertificateEntry(certificateEntry, str3, true);
                log.log(Level.WARNING, "Auto-generated certificate for domain: {0}", str3);
            }
            sSLContext = SSLContext.getInstance(str);
            sSLContext.init(keyManagerFactory.getKeyManagers(), this.tms, this.secureRandom);
            this.sslContexts.put(str3, sSLContext);
        }
        return sSLContext;
    }

    @Override // tigase.io.SSLContextContainerIfc
    public KeyStore getTrustStore() {
        return this.trustKeyStore;
    }

    /* JADX WARN: Type inference failed for: r0v7, types: [tigase.io.SSLContextContainer$1] */
    @Override // tigase.io.SSLContextContainerIfc
    public void init(Map<String, Object> map) {
        try {
            this.def_cert_alias = (String) map.get(SSLContextContainerIfc.DEFAULT_DOMAIN_CERT_KEY);
            if (this.def_cert_alias == null) {
                this.def_cert_alias = SSLContextContainerIfc.DEFAULT_DOMAIN_CERT_VAL;
            }
            String str = (String) map.get(SSLContextContainerIfc.SERVER_CERTS_LOCATION_KEY);
            if (str == null) {
                str = SSLContextContainerIfc.SERVER_CERTS_LOCATION_VAL;
            }
            String[] split = str.split(",");
            this.certsDirs = new File[split.length];
            int i = -1;
            Map<String, File> findPredefinedCertificates = findPredefinedCertificates(map);
            log.log(Level.CONFIG, "Loading predefined server certificates");
            for (Map.Entry<String, File> entry : findPredefinedCertificates.entrySet()) {
                try {
                    CertificateEntry loadCertificate = CertificateUtil.loadCertificate(entry.getValue());
                    String key = entry.getKey();
                    addCertificateEntry(loadCertificate, key, false);
                    log.log(Level.CONFIG, "Loaded server certificate for domain: {0} from file: {1}", new Object[]{key, entry.getValue()});
                } catch (Exception e) {
                    log.log(Level.WARNING, "Cannot load certficate from file: " + entry.getValue(), (Throwable) e);
                }
            }
            for (String str2 : split) {
                log.log(Level.CONFIG, "Loading server certificates from PEM directory: {0}", str2);
                i++;
                this.certsDirs[i] = new File(str2);
                for (File file : this.certsDirs[i].listFiles(new PEMFileFilter())) {
                    try {
                        CertificateEntry loadCertificate2 = CertificateUtil.loadCertificate(file);
                        String name = file.getName();
                        if (name.endsWith(".pem")) {
                            name = name.substring(0, name.length() - 4);
                        }
                        addCertificateEntry(loadCertificate2, name, false);
                        log.log(Level.CONFIG, "Loaded server certificate for domain: {0} from file: {1}", new Object[]{name, file});
                    } catch (Exception e2) {
                        log.log(Level.WARNING, "Cannot load certficate from file: " + file, (Throwable) e2);
                    }
                }
            }
        } catch (Exception e3) {
            log.log(Level.WARNING, "There was a problem initializing SSL certificates.", (Throwable) e3);
        }
        String str3 = (String) map.get(SSLContextContainerIfc.TRUSTED_CERTS_DIR_KEY);
        if (str3 == null) {
            str3 = SSLContextContainerIfc.TRUSTED_CERTS_DIR_VAL;
        }
        final String[] split2 = str3.split(",");
        new Thread() { // from class: tigase.io.SSLContextContainer.1
            @Override // java.lang.Thread, java.lang.Runnable
            public void run() {
                SSLContextContainer.this.loadTrustedCerts(split2);
            }
        }.start();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void loadTrustedCerts(String[] strArr) {
        int i = 0;
        long currentTimeMillis = System.currentTimeMillis();
        try {
            this.trustKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            this.trustKeyStore.load(null, this.emptyPass);
            File file = new File(System.getProperty("java.home") + "/lib/security/cacerts".replace('/', File.separatorChar));
            File file2 = new File("~/.keystore");
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, "Looking for trusted certs in: {0}", file);
            }
            if (file.exists()) {
                log.log(Level.CONFIG, "Loading trustKeyStore from location: {0}", file);
                FileInputStream fileInputStream = new FileInputStream(file);
                this.trustKeyStore.load(fileInputStream, null);
                fileInputStream.close();
            }
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, "Looking for trusted certs in: {0}", file2);
            }
            if (file2.exists()) {
                log.log(Level.CONFIG, "Loading trustKeyStore from location: {0}", file2);
                FileInputStream fileInputStream2 = new FileInputStream(file2);
                this.trustKeyStore.load(fileInputStream2, null);
                fileInputStream2.close();
            }
            log.log(Level.CONFIG, "Loading trustKeyStore from locations: {0}", Arrays.toString(strArr));
            for (String str : strArr) {
                File[] listFiles = new File(str).listFiles(new PEMFileFilter());
                if (listFiles != null) {
                    for (File file3 : listFiles) {
                        try {
                            Certificate[] certChain = CertificateUtil.loadCertificate(file3).getCertChain();
                            if (certChain != null) {
                                for (Certificate certificate : certChain) {
                                    if (certificate instanceof X509Certificate) {
                                        X509Certificate x509Certificate = (X509Certificate) certificate;
                                        String name = x509Certificate.getSubjectX500Principal().getName();
                                        this.trustKeyStore.setCertificateEntry(name, x509Certificate);
                                        this.acceptedIssuers.add(x509Certificate);
                                        log.log(Level.FINEST, "Imported certificate: {0}", name);
                                        i++;
                                    }
                                }
                            }
                        } catch (Exception e) {
                            log.log(Level.WARNING, "Problem loading certificate from file: {0}", file3);
                        }
                    }
                }
            }
        } catch (Exception e2) {
            log.log(Level.WARNING, "An error loading trusted certificates", (Throwable) e2);
        }
        try {
            if (!this.trustKeyStore.aliases().hasMoreElements()) {
                log.log(Level.CONFIG, "No Trusted Anchors!!! Creating temporary trusted CA cert!");
                this.trustKeyStore.setCertificateEntry("generated fake CA", CertificateUtil.createSelfSignedCertificate("fake_local@tigase", "fake one", TigaseCustomAuth.NO_QUERY, TigaseCustomAuth.NO_QUERY, TigaseCustomAuth.NO_QUERY, TigaseCustomAuth.NO_QUERY, "US", CertificateUtil.createKeyPair(1024, "secret")));
            }
        } catch (Exception e3) {
            log.log(Level.WARNING, "Can't generate fake trusted CA certificate", (Throwable) e3);
        }
        this.tms = new X509TrustManager[]{new FakeTrustManager((X509Certificate[]) this.acceptedIssuers.toArray(new X509Certificate[this.acceptedIssuers.size()]))};
        log.log(Level.CONFIG, "Loaded {0} trust certificates, it took {1} seconds.", new Object[]{Integer.valueOf(i), Long.valueOf((System.currentTimeMillis() - currentTimeMillis) / 1000)});
    }
}
