package sk.eset.era.g2webconsole.server.modules.connection;

import com.google.gwt.user.server.Base64Utils;
import com.google.gwt.user.server.rpc.impl.SerializedInstanceReference;
import com.google.gwt.user.server.rpc.impl.TypeNameObfuscator;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.stream.Collectors;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.slf4j.Marker;
import sk.eset.phoenix.common.logger.Logger;

/* loaded from: input_file:WEB-INF/lib/commons-0.0.1-SNAPSHOT.jar:sk/eset/era/g2webconsole/server/modules/connection/SslTools.class */
public class SslTools {
    public static final String DEFAULT_TRUST_MANAGER_ALGORITHM = "SunX509";
    public static final String KEYSTORE_TYPE_ACCEPT_ALL = "all";
    public static final String KEYSTORE_TYPE_JKS = "JKS";
    public static final String DEFAULT_KEYSTORE_PASSWORD = "password";

    /* loaded from: input_file:WEB-INF/lib/commons-0.0.1-SNAPSHOT.jar:sk/eset/era/g2webconsole/server/modules/connection/SslTools$Keystore.class */
    public static class Keystore {
        private final String keystoreType;
        private final String password;
        private final byte[] keystoreBytes;

        public Keystore(String str, String str2, byte[] bArr) {
            this.keystoreType = str;
            this.password = str2;
            this.keystoreBytes = bArr;
        }

        public String getKeystoreType() {
            return this.keystoreType;
        }

        public String getPassword() {
            return this.password;
        }

        public byte[] getKeystoreBytes() {
            return this.keystoreBytes;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/commons-0.0.1-SNAPSHOT.jar:sk/eset/era/g2webconsole/server/modules/connection/SslTools$TrustManagerWrapper.class */
    public static class TrustManagerWrapper implements X509TrustManager {
        private final LinkedList<X509TrustManager> wrappedTrustManagers = new LinkedList<>();
        private final Logger logger;

        public TrustManagerWrapper(Logger logger) {
            this.logger = logger;
        }

        public void AddTrustManager(X509TrustManager x509TrustManager) {
            this.wrappedTrustManagers.add(x509TrustManager);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            Iterator<X509TrustManager> it = this.wrappedTrustManagers.iterator();
            while (it.hasNext()) {
                try {
                    it.next().checkClientTrusted(x509CertificateArr, str);
                    return;
                } catch (CertificateException e) {
                }
            }
            throw new CertificateException("No trusted certificate found");
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            Iterator<X509TrustManager> it = this.wrappedTrustManagers.iterator();
            while (it.hasNext()) {
                try {
                    it.next().checkServerTrusted(x509CertificateArr, str);
                    return;
                } catch (CertificateException e) {
                }
            }
            CertificateException certificateException = new CertificateException("No trusted certificate found");
            onCheckServerTrustedException(certificateException, x509CertificateArr);
            throw certificateException;
        }

        private void onCheckServerTrustedException(CertificateException certificateException, X509Certificate[] x509CertificateArr) {
            this.logger.error("server_certificate_problem", certificateException);
            for (int i = 0; i < x509CertificateArr.length; i++) {
                try {
                    KeyStore keyStore = KeyStore.getInstance(SslTools.KEYSTORE_TYPE_JKS);
                    keyStore.load(null, SslTools.DEFAULT_KEYSTORE_PASSWORD.toCharArray());
                    keyStore.setCertificateEntry("", x509CertificateArr[i]);
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    keyStore.store(byteArrayOutputStream, SslTools.DEFAULT_KEYSTORE_PASSWORD.toCharArray());
                    this.logger.error("server_certificate_problem_dump", Integer.valueOf(i), x509CertificateArr[i].toString(), SslTools.KEYSTORE_TYPE_JKS, SslTools.DEFAULT_KEYSTORE_PASSWORD, Base64Utils.toBase64(byteArrayOutputStream.toByteArray()));
                } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                    Logger logger = this.logger;
                    Object[] objArr = new Object[2];
                    objArr[0] = Integer.valueOf(i);
                    objArr[1] = e.getMessage() != null ? e.getMessage() : "";
                    logger.error("server_certificate_problem_dump_error", objArr);
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            ArrayList arrayList = new ArrayList();
            Iterator<X509TrustManager> it = this.wrappedTrustManagers.iterator();
            while (it.hasNext()) {
                Collections.addAll(arrayList, it.next().getAcceptedIssuers());
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        }
    }

    public static TrustManager[] getTrustManagers(List<Keystore> list, Logger logger) {
        if (list == null) {
            return null;
        }
        if (list.size() == 1 && list.get(0).getKeystoreType().equals(KEYSTORE_TYPE_ACCEPT_ALL)) {
            return new TrustManager[]{new X509TrustManager() { // from class: sk.eset.era.g2webconsole.server.modules.connection.SslTools.1
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
            }};
        }
        TrustManagerWrapper trustManagerWrapper = new TrustManagerWrapper(logger);
        for (Keystore keystore : list) {
            try {
                KeyStore keyStore = KeyStore.getInstance(keystore.getKeystoreType());
                keyStore.load(new ByteArrayInputStream(keystore.getKeystoreBytes()), keystore.getPassword().toCharArray());
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(DEFAULT_TRUST_MANAGER_ALGORITHM);
                trustManagerFactory.init(keyStore);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                for (int i = 0; i < trustManagers.length; i++) {
                    if (trustManagers[i] instanceof X509TrustManager) {
                        trustManagerWrapper.AddTrustManager((X509TrustManager) trustManagers[i]);
                    }
                }
            } catch (IOException e) {
                logger.error("server_certificate_loading_problem", 4, e.getMessage());
            } catch (KeyStoreException e2) {
                logger.error("server_certificate_loading_problem", 1, e2.getMessage());
            } catch (NoSuchAlgorithmException e3) {
                logger.error("server_certificate_loading_problem", 2, e3.getMessage());
            } catch (CertificateException e4) {
                logger.error("server_certificate_loading_problem", 3, e4.getMessage());
            }
        }
        return new TrustManager[]{trustManagerWrapper};
    }

    public static List<Keystore> parseCertificatesFromConfig(Logger logger, String str) {
        LinkedList linkedList = new LinkedList();
        String[] split = str.split(",");
        if (split.length == 1 && split[0].equals(KEYSTORE_TYPE_ACCEPT_ALL)) {
            linkedList.add(new Keystore(KEYSTORE_TYPE_ACCEPT_ALL, null, null));
            return linkedList;
        }
        String str2 = null;
        String str3 = null;
        for (int i = 0; i < split.length; i++) {
            if (i % 3 == 0) {
                str2 = split[i];
            } else if (i % 3 == 1) {
                str3 = split[i];
            } else {
                try {
                    linkedList.add(new Keystore(str2, str3, Base64Utils.fromBase64(split[i].replace(Marker.ANY_NON_NULL_MARKER, "$").replace(SerializedInstanceReference.SERIALIZED_REFERENCE_SEPARATOR, TypeNameObfuscator.SERVICE_INTERFACE_ID))));
                } catch (ArrayIndexOutOfBoundsException e) {
                    logger.error("server_certificate_config_problem", 1, e.getMessage());
                }
            }
        }
        if (split.length % 3 != 0) {
            logger.error("server_certificate_config_problem", 2, "Incorrect parameters count");
        }
        return linkedList;
    }

    public static String readTextFileContents(String str, String str2, TrustManager[] trustManagerArr, String str3) throws IOException {
        return readTextFileContents(str, str2, trustManagerArr, str3, null, null);
    }

    public static String readTextFileContents(String str, String str2, TrustManager[] trustManagerArr, String str3, String str4, String str5) throws IOException {
        return readTextFileContents(str, str2, trustManagerArr, str3, str4, str5, null);
    }

    public static String readTextFileContents(String str, String str2, TrustManager[] trustManagerArr, String str3, String str4, String str5, Integer num) throws IOException {
        HttpsURLConnection httpsURLConnection = null;
        try {
            try {
                HttpsURLConnection httpsURLConnection2 = (HttpsURLConnection) new URL(str).openConnection();
                if (str2 != null && !str2.isEmpty()) {
                    httpsURLConnection2.setRequestMethod(str2);
                }
                if (trustManagerArr != null) {
                    SSLContext sSLContext = SSLContext.getInstance("TLS");
                    sSLContext.init(null, trustManagerArr, null);
                    httpsURLConnection2.setSSLSocketFactory(sSLContext.getSocketFactory());
                }
                if (str5 != null) {
                    httpsURLConnection2.setRequestProperty("Content-Type", str5);
                }
                if (num != null) {
                    httpsURLConnection2.setConnectTimeout(num.intValue() / 5);
                    httpsURLConnection2.setReadTimeout((4 * num.intValue()) / 5);
                }
                if (str4 != null) {
                    httpsURLConnection2.setDoOutput(true);
                    BufferedWriter bufferedWriter = new BufferedWriter(new OutputStreamWriter(httpsURLConnection2.getOutputStream(), StandardCharsets.UTF_8));
                    Throwable th = null;
                    try {
                        try {
                            bufferedWriter.write(str4);
                            bufferedWriter.flush();
                            if (bufferedWriter != null) {
                                if (0 != 0) {
                                    try {
                                        bufferedWriter.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    bufferedWriter.close();
                                }
                            }
                        } finally {
                        }
                    } catch (Throwable th3) {
                        if (bufferedWriter != null) {
                            if (th != null) {
                                try {
                                    bufferedWriter.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                bufferedWriter.close();
                            }
                        }
                        throw th3;
                    }
                }
                httpsURLConnection2.connect();
                int responseCode = httpsURLConnection2.getResponseCode();
                if (responseCode != 200) {
                    Throwable th5 = null;
                    try {
                        try {
                            throw new IOException("Incorrect response code: " + responseCode + ", Error message: " + ((String) new BufferedReader(new InputStreamReader(httpsURLConnection2.getErrorStream())).lines().collect(Collectors.joining())));
                        } finally {
                        }
                    } finally {
                    }
                }
                String headerField = httpsURLConnection2.getHeaderField("Content-Type");
                if (str3 != null && (headerField == null || !headerField.toLowerCase().startsWith(str3.toLowerCase()))) {
                    throw new IOException("Incorrect response Content-Type");
                }
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpsURLConnection2.getInputStream()));
                Throwable th6 = null;
                try {
                    try {
                        String str6 = (String) bufferedReader.lines().collect(Collectors.joining());
                        if (bufferedReader != null) {
                            if (0 != 0) {
                                try {
                                    bufferedReader.close();
                                } catch (Throwable th7) {
                                    th6.addSuppressed(th7);
                                }
                            } else {
                                bufferedReader.close();
                            }
                        }
                        if (httpsURLConnection2 != null) {
                            httpsURLConnection2.disconnect();
                        }
                        return str6;
                    } finally {
                    }
                } finally {
                }
            } catch (GeneralSecurityException e) {
                throw new IOException(e.getMessage(), e);
            }
        } catch (Throwable th8) {
            if (0 != 0) {
                httpsURLConnection.disconnect();
            }
            throw th8;
        }
    }
}
