package talend.ssl;

import com.sun.net.ssl.TrustManagerFactory;
import com.sun.net.ssl.X509TrustManager;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;

/* loaded from: input_file:talend/ssl/Truster.class */
public class Truster implements X509TrustManager {
    private String certStore;
    private char[] certStorePwd;
    private X509TrustManager trustManager;
    private boolean isSaveCA;
    private KeyStore ks;

    public Truster(String str) {
        this.isSaveCA = true;
        this.certStore = null;
        this.certStorePwd = null;
        this.trustManager = null;
        this.ks = null;
        if (str == null) {
            this.isSaveCA = false;
            this.certStore = "talendcecerts";
        } else {
            this.certStore = str;
        }
        this.certStorePwd = "changeit".toCharArray();
        init();
    }

    public Truster(String str, String str2) {
        this.isSaveCA = true;
        this.certStore = null;
        this.certStorePwd = null;
        this.trustManager = null;
        this.ks = null;
        if (str == null) {
            this.isSaveCA = false;
            this.certStore = "talendcecerts";
        } else {
            this.certStore = str;
        }
        if (str2 != null && str2.length() > 0) {
            str2.toCharArray();
        }
        init();
    }

    private boolean deleteCert(String str) {
        try {
            this.ks.deleteEntry(str);
            return true;
        } catch (KeyStoreException e) {
            return false;
        }
    }

    public X509Certificate[] getAcceptedIssuers() {
        if (this.trustManager == null) {
            return null;
        }
        return this.trustManager.getAcceptedIssuers();
    }

    private X509Certificate getCACert(X509Certificate[] x509CertificateArr) {
        X509Certificate x509Certificate = x509CertificateArr[x509CertificateArr.length - 1];
        if (x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN())) {
            return x509Certificate;
        }
        return null;
    }

    private void init() {
        try {
            if (this.certStore.endsWith(".p12")) {
                this.ks = KeyStore.getInstance("PKCS12");
            } else {
                this.ks = KeyStore.getInstance("JKS");
            }
            InputStream inputStream = null;
            if (this.certStore.indexOf("://") == -1) {
                try {
                    inputStream = new FileInputStream(this.certStore);
                } catch (FileNotFoundException e) {
                }
            } else {
                try {
                    inputStream = new URL(this.certStore).openConnection().getInputStream();
                } catch (MalformedURLException e2) {
                    System.err.println("ASF Truster: The location of the cert store file is invalid: " + e2.getMessage());
                } catch (IOException e3) {
                }
            }
            try {
                try {
                    this.ks.load(inputStream, this.certStorePwd);
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (Exception e4) {
                        }
                    }
                    try {
                        this.trustManager = initTrustManager(this.ks);
                    } catch (Exception e5) {
                        System.err.println("ASF Truster: Failed to create initial trust manager : " + e5.getMessage());
                    }
                } catch (Exception e6) {
                    System.err.println("ASF Truster: Failed to load the cert store : " + e6.getMessage());
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (Exception e7) {
                        }
                    }
                }
            } catch (Throwable th) {
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (Exception e8) {
                    }
                }
                throw th;
            }
        } catch (KeyStoreException e9) {
            System.err.println("ASF Truster: Failed to create cert store : " + e9.getMessage());
        }
    }

    private X509TrustManager initTrustManager(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
        trustManagerFactory.init(keyStore);
        return trustManagerFactory.getTrustManagers()[0];
    }

    private boolean isAccepted(X509Certificate x509Certificate) {
        X509Certificate[] acceptedIssuers = getAcceptedIssuers();
        if (acceptedIssuers == null) {
            return false;
        }
        for (X509Certificate x509Certificate2 : acceptedIssuers) {
            if (x509Certificate.equals(x509Certificate2)) {
                return true;
            }
        }
        return false;
    }

    public boolean isClientTrusted(X509Certificate[] x509CertificateArr) {
        if (this.trustManager == null) {
            return false;
        }
        return this.trustManager.isClientTrusted(x509CertificateArr);
    }

    public boolean isServerTrusted(X509Certificate[] x509CertificateArr) {
        boolean isServerTrusted;
        if (this.trustManager != null && (isServerTrusted = this.trustManager.isServerTrusted(x509CertificateArr))) {
            return isServerTrusted;
        }
        X509Certificate cACert = getCACert(x509CertificateArr);
        if (cACert == null) {
            System.err.println("SSL Error:CA certificate is not in the server certificate chain.\nPlease use the keytool command to import the server certificate.");
            return false;
        }
        if (isAccepted(cACert)) {
            System.err.println("SSL Error:Server certificate chain verification failed.");
            return false;
        }
        try {
            this.ks.setCertificateEntry(String.valueOf(System.currentTimeMillis()), cACert);
            X509TrustManager initTrustManager = initTrustManager(this.ks);
            if (!initTrustManager.isServerTrusted(x509CertificateArr)) {
                System.err.println("SSL Error:Server certificate chain verification failed and \\nthe CA is missing.");
                return false;
            }
            if (!this.isSaveCA) {
                return true;
            }
            saveStore();
            this.trustManager = initTrustManager;
            return true;
        } catch (Exception e) {
            System.err.println("ASF Truster: Failed to create tmp trust store : " + e.getMessage());
            return false;
        }
    }

    private boolean saveStore() {
        OutputStream outputStream = null;
        try {
            try {
                if (this.certStore.indexOf("://") == -1) {
                    outputStream = new FileOutputStream(this.certStore);
                } else {
                    URLConnection openConnection = new URL(this.certStore).openConnection();
                    openConnection.setDoOutput(true);
                    outputStream = openConnection.getOutputStream();
                }
                this.ks.store(outputStream, this.certStorePwd);
                if (outputStream != null) {
                    try {
                        outputStream.close();
                    } catch (Exception e) {
                    }
                }
                return true;
            } catch (Exception e2) {
                System.err.println("ASF Truster: Failed to save trust store : " + e2.getMessage());
                if (outputStream != null) {
                    try {
                        outputStream.close();
                    } catch (Exception e3) {
                    }
                }
                return false;
            }
        } catch (Throwable th) {
            if (outputStream != null) {
                try {
                    outputStream.close();
                } catch (Exception e4) {
                }
            }
            throw th;
        }
    }
}
