package org.talend.utils.ssl;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.regex.Pattern;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.talend.commandline.client.filter.IItemFilterConstants;
import org.talend.utils.wsdl.WSDLLoader;

/* loaded from: input_file:org/talend/utils/ssl/SSLUtils.class */
public class SSLUtils {
    public static final String TAC_SSL_KEYSTORE = "clientKeystore.jks";
    public static final String TAC_SSL_TRUSTSTORE = "clientTruststore.jks";
    public static final String TAC_SSL_CLIENT_KEY = "tac.net.ssl.ClientKeyStore";
    public static final String TAC_SSL_CLIENT_TRUST_KEY = "tac.net.ssl.ClientTrustStore";
    public static final String TAC_SSL_KEYSTORE_PASS = "tac.net.ssl.KeyStorePass";
    public static final String TAC_SSL_TRUSTSTORE_PASS = "tac.net.ssl.TrustStorePass";
    public static final String TAC_SSL_ENABLE_HOST_NAME_VERIFICATION = "tac.net.ssl.EnableHostNameVerification";
    public static final String TAC_SSL_ACCEPT_ALL_CERTS_IF_NO_TRUSTSTORE = "tac.net.ssl.AcceptAllCertsIfNoTruststore";
    private HostnameVerifier hostnameVerifier;
    private KeyManager[] keystoreManagers;
    private TrustManager[] truststoreManagers;
    private static Map<String, SSLUtils> userDirToInstanceMap = new HashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/talend/utils/ssl/SSLUtils$AllowAllHostnameVerifier.class */
    public class AllowAllHostnameVerifier implements HostnameVerifier {
        private AllowAllHostnameVerifier() {
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            return true;
        }

        /* synthetic */ AllowAllHostnameVerifier(SSLUtils sSLUtils, AllowAllHostnameVerifier allowAllHostnameVerifier) {
            this();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/talend/utils/ssl/SSLUtils$BrowserCompatibleHostnameVerifier.class */
    public static class BrowserCompatibleHostnameVerifier implements HostnameVerifier {
        private static final String[] BAD_COUNTRY_2LDS = {"ac", "co", "com", "ed", "edu", "go", "gouv", "gov", "info", "lg", "ne", "net", IItemFilterConstants.OR, "org"};
        private static final Pattern IPV4_PATTERN = Pattern.compile("^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$");
        private static final Pattern IPV6_STD_PATTERN = Pattern.compile("^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$");
        private static final Pattern IPV6_HEX_COMPRESSED_PATTERN = Pattern.compile("^((?:[0-9A-Fa-f]{1,4}(?::[0-9A-Fa-f]{1,4})*)?)::((?:[0-9A-Fa-f]{1,4}(?::[0-9A-Fa-f]{1,4})*)?)$");
        private static final char COLON_CHAR = ':';
        private static final int MAX_COLON_COUNT = 7;

        private BrowserCompatibleHostnameVerifier() {
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            try {
                verify(str, (X509Certificate) sSLSession.getPeerCertificates()[0]);
                return true;
            } catch (SSLException unused) {
                return false;
            }
        }

        private void verify(String str, X509Certificate x509Certificate) throws SSLException {
            verify(str, getCNs(x509Certificate), getSubjectAlts(x509Certificate, str));
        }

        private void verify(String str, String[] strArr, String[] strArr2) throws SSLException {
            verify(str, strArr, strArr2, false);
        }

        private void verify(String str, String[] strArr, String[] strArr2, boolean z) throws SSLException {
            LinkedList linkedList = new LinkedList();
            if (strArr != null && strArr.length > 0 && strArr[0] != null) {
                linkedList.add(strArr[0]);
            }
            if (strArr2 != null) {
                for (String str2 : strArr2) {
                    if (str2 != null) {
                        linkedList.add(str2);
                    }
                }
            }
            if (linkedList.isEmpty()) {
                throw new SSLException("Certificate for <" + str + "> doesn't contain CN or DNS subjectAlt");
            }
            StringBuilder sb = new StringBuilder();
            String lowerCase = str.trim().toLowerCase(Locale.US);
            boolean z2 = false;
            Iterator it = linkedList.iterator();
            while (it.hasNext()) {
                String lowerCase2 = ((String) it.next()).toLowerCase(Locale.US);
                sb.append(" <");
                sb.append(lowerCase2);
                sb.append('>');
                if (it.hasNext()) {
                    sb.append(" OR");
                }
                String[] split = lowerCase2.split("\\.");
                if (split.length >= 3 && split[0].endsWith("*") && acceptableCountryWildcard(lowerCase2) && !isIPAddress(str)) {
                    String str3 = split[0];
                    if (str3.length() > 1) {
                        String substring = str3.substring(0, str3.length() - 1);
                        z2 = lowerCase.startsWith(substring) && lowerCase.substring(substring.length()).endsWith(lowerCase2.substring(str3.length()));
                    } else {
                        z2 = lowerCase.endsWith(lowerCase2.substring(1));
                    }
                    if (z2 && z) {
                        z2 = countDots(lowerCase) == countDots(lowerCase2);
                    }
                } else {
                    z2 = lowerCase.equals(lowerCase2);
                }
                if (z2) {
                    break;
                }
            }
            if (!z2) {
                throw new SSLException("hostname in certificate didn't match: <" + str + "> !=" + ((Object) sb));
            }
        }

        private String[] getCNs(X509Certificate x509Certificate) {
            LinkedList linkedList = new LinkedList();
            StringTokenizer stringTokenizer = new StringTokenizer(x509Certificate.getSubjectX500Principal().toString(), ",+");
            while (stringTokenizer.hasMoreTokens()) {
                String trim = stringTokenizer.nextToken().trim();
                if (trim.length() > 3 && trim.substring(0, 3).equalsIgnoreCase("CN=")) {
                    linkedList.add(trim.substring(3));
                }
            }
            if (linkedList.isEmpty()) {
                return null;
            }
            String[] strArr = new String[linkedList.size()];
            linkedList.toArray(strArr);
            return strArr;
        }

        private boolean acceptableCountryWildcard(String str) {
            String[] split = str.split("\\.");
            return (split.length == 3 && split[2].length() == 2 && Arrays.binarySearch(BAD_COUNTRY_2LDS, split[1]) >= 0) ? false : true;
        }

        private boolean isIPAddress(String str) {
            if (str != null) {
                return isIPv4Address(str) || isIPv6Address(str);
            }
            return false;
        }

        private boolean isIPv4Address(String str) {
            return IPV4_PATTERN.matcher(str).matches();
        }

        private boolean isIPv6Address(String str) {
            return isIPv6StdAddress(str) || isIPv6HexCompressedAddress(str);
        }

        private boolean isIPv6StdAddress(String str) {
            return IPV6_STD_PATTERN.matcher(str).matches();
        }

        private boolean isIPv6HexCompressedAddress(String str) {
            int i = 0;
            for (int i2 = 0; i2 < str.length(); i2++) {
                if (str.charAt(i2) == COLON_CHAR) {
                    i++;
                }
            }
            return i <= 7 && IPV6_HEX_COMPRESSED_PATTERN.matcher(str).matches();
        }

        private int countDots(String str) {
            int i = 0;
            for (int i2 = 0; i2 < str.length(); i2++) {
                if (str.charAt(i2) == '.') {
                    i++;
                }
            }
            return i;
        }

        private String[] getSubjectAlts(X509Certificate x509Certificate, String str) {
            int i = isIPAddress(str) ? 7 : 2;
            LinkedList linkedList = new LinkedList();
            Collection<List<?>> collection = null;
            try {
                collection = x509Certificate.getSubjectAlternativeNames();
            } catch (CertificateParsingException unused) {
            }
            if (collection != null) {
                for (List<?> list : collection) {
                    if (((Integer) list.get(0)).intValue() == i) {
                        linkedList.add((String) list.get(1));
                    }
                }
            }
            if (linkedList.isEmpty()) {
                return null;
            }
            String[] strArr = new String[linkedList.size()];
            linkedList.toArray(strArr);
            return strArr;
        }

        /* synthetic */ BrowserCompatibleHostnameVerifier(BrowserCompatibleHostnameVerifier browserCompatibleHostnameVerifier) {
            this();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/talend/utils/ssl/SSLUtils$TrustAnyTrustManager.class */
    public class TrustAnyTrustManager implements X509TrustManager {
        private TrustAnyTrustManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }

        /* synthetic */ TrustAnyTrustManager(SSLUtils sSLUtils, TrustAnyTrustManager trustAnyTrustManager) {
            this();
        }
    }

    public static synchronized SSLUtils getInstance(String str) throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, CertificateException, FileNotFoundException, IOException {
        if (str == null) {
            str = WSDLLoader.DEFAULT_FILENAME;
        }
        if (userDirToInstanceMap.containsKey(str)) {
            return userDirToInstanceMap.get(str);
        }
        SSLUtils sSLUtils = new SSLUtils(str);
        userDirToInstanceMap.put(str, sSLUtils);
        return sSLUtils;
    }

    private SSLUtils(String str) throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, CertificateException, FileNotFoundException, IOException {
        Init(str);
    }

    private void Init(String str) throws NoSuchAlgorithmException, KeyStoreException, CertificateException, FileNotFoundException, IOException, UnrecoverableKeyException {
        String property = System.getProperty(TAC_SSL_CLIENT_KEY);
        String property2 = System.getProperty(TAC_SSL_CLIENT_TRUST_KEY);
        String property3 = System.getProperty(TAC_SSL_KEYSTORE_PASS);
        String property4 = System.getProperty(TAC_SSL_TRUSTSTORE_PASS);
        boolean parseBoolean = Boolean.parseBoolean(System.getProperty(TAC_SSL_ACCEPT_ALL_CERTS_IF_NO_TRUSTSTORE));
        if (property == null) {
            File file = new File(String.valueOf(str) + TAC_SSL_KEYSTORE);
            if (file.exists()) {
                property = file.getAbsolutePath();
            }
        }
        if (property2 == null) {
            File file2 = new File(String.valueOf(str) + TAC_SSL_TRUSTSTORE);
            if (file2.exists()) {
                property2 = file2.getAbsolutePath();
            }
        }
        if (property3 == null) {
            property3 = WSDLLoader.DEFAULT_FILENAME;
        }
        if (property4 == null) {
            property4 = WSDLLoader.DEFAULT_FILENAME;
        }
        if (property != null) {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(new FileInputStream(property), property3 == null ? null : property3.toCharArray());
            keyManagerFactory.init(keyStore, property3 == null ? null : property3.toCharArray());
            this.keystoreManagers = keyManagerFactory.getKeyManagers();
        }
        if (property2 != null) {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore2.load(new FileInputStream(property2), property4.toCharArray());
            trustManagerFactory.init(keyStore2);
            this.truststoreManagers = trustManagerFactory.getTrustManagers();
        }
        if (this.truststoreManagers == null) {
            if (parseBoolean) {
                this.truststoreManagers = new TrustManager[]{new TrustAnyTrustManager(this, null)};
            } else {
                TrustManagerFactory trustManagerFactory2 = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory2.init((KeyStore) null);
                this.truststoreManagers = trustManagerFactory2.getTrustManagers();
            }
        }
        if (Boolean.parseBoolean(System.getProperty(TAC_SSL_ENABLE_HOST_NAME_VERIFICATION, Boolean.TRUE.toString()))) {
            this.hostnameVerifier = new BrowserCompatibleHostnameVerifier(null);
        } else {
            this.hostnameVerifier = new AllowAllHostnameVerifier(this, null);
        }
    }

    public SSLContext getSSLContext() throws Exception {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(this.keystoreManagers, this.truststoreManagers, null);
        return sSLContext;
    }

    public static SSLContext getSSLContext(String str) throws Exception {
        return getInstance(str).getSSLContext();
    }

    public static String getContent(StringBuffer stringBuffer, URL url, String str) throws Exception {
        return getInstance(str).getContent(stringBuffer, url);
    }

    public HostnameVerifier getHostnameVerifier() {
        return this.hostnameVerifier;
    }

    public String getContent(StringBuffer stringBuffer, URL url) throws Exception {
        BufferedReader bufferedReader;
        if ("https".equals(url.getProtocol())) {
            SSLSocketFactory socketFactory = getSSLContext().getSocketFactory();
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) url.openConnection();
            httpsURLConnection.setSSLSocketFactory(socketFactory);
            httpsURLConnection.setHostnameVerifier(this.hostnameVerifier);
            httpsURLConnection.connect();
            bufferedReader = new BufferedReader(new InputStreamReader(httpsURLConnection.getInputStream()));
        } else {
            bufferedReader = new BufferedReader(new InputStreamReader(url.openStream()));
        }
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                bufferedReader.close();
                return stringBuffer.toString();
            }
            stringBuffer.append(readLine);
        }
    }
}
