package com.ca.commons.security;

import com.ca.commons.cbutil.CBIntText;
import com.ca.directory.jxplorer.JXplorer;
import java.awt.Frame;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:com/ca/commons/security/JXTrustManager.class */
public class JXTrustManager implements X509TrustManager {
    public static String CERTSTORE = "lbecacerts";
    public static String CERTSTORE_PASSWORD = "changeit";
    private X509TrustManager trustManager;
    private EvaluateCertGUI verifier;
    private Frame owner;
    private KeyStore caKeyStore;
    private String caKeyStorePath;
    private String caKeyStoreType;
    private char[] caPassphrase;

    public static X509TrustManager[] convert(TrustManager[] trustManagerArr, KeyStore keyStore, String str, char[] cArr, String str2, Frame frame) throws SSLException {
        int length = trustManagerArr.length;
        X509TrustManager[] x509TrustManagerArr = new X509TrustManager[length];
        for (int i = 0; i < length; i++) {
            TrustManager trustManager = trustManagerArr[i];
            if (trustManager == null) {
                throw new SSLException(new StringBuffer().append("unexpected SSL error - null trust manager found in trust array: element ").append(i).append(" of ").append(length).toString());
            }
            try {
                x509TrustManagerArr[i] = new JXTrustManager((X509TrustManager) trustManager, keyStore, str, cArr, str2, frame);
            } catch (ClassCastException e) {
                throw new SSLException(new StringBuffer().append("unexpected SSL error - non X509 trust manager found in trust array: element ").append(i).append(" of ").append(length).append(" is of type ").append(trustManager.getClass()).toString());
            }
        }
        return x509TrustManagerArr;
    }

    private JXTrustManager(X509TrustManager x509TrustManager, KeyStore keyStore, String str, char[] cArr, String str2, Frame frame) {
        this.trustManager = x509TrustManager;
        this.caKeyStore = keyStore;
        this.caKeyStorePath = str;
        this.caKeyStoreType = str2;
        this.caPassphrase = cArr;
        this.owner = frame;
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.trustManager.getAcceptedIssuers();
    }

    private X509Certificate getCACert(X509Certificate[] x509CertificateArr) {
        X509Certificate x509Certificate = x509CertificateArr[x509CertificateArr.length - 1];
        if (x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN())) {
            return x509Certificate;
        }
        return null;
    }

    private boolean rootCertIsKnown(X509Certificate x509Certificate) {
        X509Certificate[] acceptedIssuers = getAcceptedIssuers();
        if (acceptedIssuers == null) {
            return false;
        }
        for (X509Certificate x509Certificate2 : acceptedIssuers) {
            if (x509Certificate.equals(x509Certificate2)) {
                return true;
            }
        }
        return false;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.trustManager.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            this.trustManager.checkServerTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            if ("false".equals(System.getProperty(JXplorer.ALLOW_CONNECTION_CERT_IMPORT))) {
                throw e;
            }
            X509Certificate cACert = getCACert(x509CertificateArr);
            if (cACert == null) {
                throw new CertificateException(new StringBuffer().append("Invalid Server Certificate: server certificate could not be verified, and the CA certificate is missing from the certificate chain. raw error: ").append(e).toString());
            }
            if (rootCertIsKnown(cACert)) {
                throw new CertificateException(new StringBuffer().append("Invalid Server Certificate: The server certificate could not be verified, as it has a bad chain back to a known CA.  raw error: ").append(e).toString());
            }
            if (this.verifier == null) {
                this.verifier = new EvaluateCertGUI(this.owner);
            }
            switch (this.verifier.isTrusted(cACert)) {
                case 0:
                    throw new CertificateException("user chose not to trust unknown certificate");
                case 1:
                    return;
                case 2:
                    try {
                        saveStore(cACert);
                        return;
                    } catch (KeyStoreException e2) {
                        throw new CertificateException(new StringBuffer().append("unable to save certificate in keystore! ").append(e2).toString());
                    }
                default:
                    return;
            }
        }
    }

    private void saveStore(X509Certificate x509Certificate) throws KeyStoreException {
        try {
            if (this.caPassphrase == null) {
                this.caPassphrase = "changeit".toCharArray();
            }
            try {
                this.caKeyStore.load(new FileInputStream(this.caKeyStorePath), this.caPassphrase);
            } catch (IOException e) {
                setupKeyStoreAndPassword();
            }
            if (this.caKeyStore == null) {
                throw new KeyStoreException("unable to open keystore - no valid password or no valid file.");
            }
            this.caKeyStore.setCertificateEntry(new StringBuffer().append(x509Certificate.getSubjectDN()).append(" (").append(x509Certificate.getSerialNumber().toString()).append(")").toString(), x509Certificate);
            FileOutputStream fileOutputStream = new FileOutputStream(this.caKeyStorePath);
            this.caKeyStore.store(fileOutputStream, this.caPassphrase);
            fileOutputStream.close();
        } catch (IOException e2) {
            KeyStoreException keyStoreException = new KeyStoreException("unable to access keystore file");
            keyStoreException.initCause(e2);
            throw keyStoreException;
        } catch (GeneralSecurityException e3) {
            if (!(e3 instanceof KeyStoreException)) {
                throw new KeyStoreException(new StringBuffer().append("unable to save keystore ").append(this.caKeyStorePath).append(" error was: ").append(e3).toString());
            }
            throw ((KeyStoreException) e3);
        }
    }

    private boolean setupKeyStoreAndPassword() {
        String str = CBIntText.get("Enter Key Store Password");
        while (true) {
            char[] password = KeystoreGUI.getPassword(this.owner, str);
            this.caPassphrase = password;
            if (password == null) {
                return false;
            }
            this.caKeyStore = KeystoreGUI.readKeyStore(this.caPassphrase, this.caKeyStoreType, this.caKeyStorePath);
            if (this.caKeyStore != null) {
                return true;
            }
            str = CBIntText.get("Password incorrect. Please try again.");
        }
    }
}
