package edu.emory.mathcs.util.security;

import edu.emory.mathcs.util.security.action.GetPropertyAction;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.AccessController;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedAction;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:edu/emory/mathcs/util/security/CertUtils.class */
public class CertUtils {
    private static CertificateFactory x509certFact;

    private CertUtils() {
    }

    public static synchronized CertificateFactory getX509CertFactory() {
        if (x509certFact == null) {
            try {
                x509certFact = CertificateFactory.getInstance("X.509");
            } catch (CertificateException e) {
                throw new RuntimeException("FATAL: X.509 factory not supported");
            }
        }
        return x509certFact;
    }

    public static KeyStore createKeystore() {
        try {
            return createKeystore(KeyStore.getDefaultType());
        } catch (KeyStoreException e) {
            throw new RuntimeException(new StringBuffer().append("FATAL: keystore type \"").append(KeyStore.getDefaultType()).append("\" not supported").toString());
        }
    }

    public static KeyStore createKeystore(String str) throws KeyStoreException {
        KeyStore keyStore = KeyStore.getInstance(str);
        try {
            keyStore.load(null, null);
            return keyStore;
        } catch (IOException e) {
            throw new RuntimeException("FATAL: can't initialize empty keystore");
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException("FATAL: can't initialize empty keystore");
        } catch (CertificateException e3) {
            throw new RuntimeException("FATAL: can't initialize empty keystore");
        }
    }

    public static KeyStore loadKeystore(File file, char[] cArr) throws IOException, CertificateException, NoSuchAlgorithmException {
        try {
            return loadKeystore(file, cArr, KeyStore.getDefaultType());
        } catch (KeyStoreException e) {
            throw new RuntimeException(new StringBuffer().append("FATAL: keystore type \"").append(KeyStore.getDefaultType()).append("\" not supported").toString());
        }
    }

    public static KeyStore loadKeystore(File file, char[] cArr, String str) throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException {
        FileInputStream fileInputStream = new FileInputStream(file);
        KeyStore keyStore = KeyStore.getInstance(str);
        keyStore.load(fileInputStream, cArr);
        fileInputStream.close();
        return keyStore;
    }

    public static List getKeystoreCerts(KeyStore keyStore) {
        ArrayList arrayList = new ArrayList();
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isCertificateEntry(nextElement)) {
                    arrayList.add(keyStore.getCertificate(nextElement));
                }
            }
            return arrayList;
        } catch (KeyStoreException e) {
            throw new RuntimeException("Keystore not loaded", e);
        }
    }

    public static Collection createTrustAnchors(Collection collection) {
        return createTrustAnchors(collection, null);
    }

    public static Collection createTrustAnchors(Collection collection, byte[] bArr) {
        HashSet hashSet = new HashSet(collection.size());
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            Certificate certificate = (Certificate) it.next();
            if (certificate instanceof X509Certificate) {
                hashSet.add(new TrustAnchor((X509Certificate) certificate, bArr));
            }
        }
        return hashSet;
    }

    public static Collection getJSSETrustAnchors() {
        String str = (String) AccessController.doPrivileged(new GetPropertyAction("javax.net.ssl.trustStore"));
        if (str == null) {
            return (Collection) AccessController.doPrivileged(new PrivilegedAction() { // from class: edu.emory.mathcs.util.security.CertUtils.1
                @Override // java.security.PrivilegedAction
                public Object run() {
                    return CertUtils.access$000();
                }
            });
        }
        char[] charArray = ((String) AccessController.doPrivileged(new GetPropertyAction("javax.net.ssl.trustStorePassword", ""))).toCharArray();
        File file = new File(str);
        try {
            if (file.exists()) {
                return createTrustAnchors(getKeystoreCerts(loadKeystore(file, charArray)));
            }
        } catch (IOException e) {
        } catch (NoSuchAlgorithmException e2) {
        } catch (CertificateException e3) {
        }
        return Collections.EMPTY_SET;
    }

    private static Collection getDefaultJavaTrustAnchorsPrivileged() {
        String property = System.getProperty("java.home");
        File file = new File(property, "lib/security/jssecacerts".replace('/', File.separatorChar));
        File file2 = new File(property, "lib/security/cacerts".replace('/', File.separatorChar));
        new HashSet();
        try {
            return createTrustAnchors(getKeystoreCerts(file.exists() ? loadKeystore(file, null) : loadKeystore(file2, null)));
        } catch (IOException e) {
            throw new RuntimeException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException(e2);
        } catch (CertificateException e3) {
            throw new RuntimeException(e3);
        }
    }

    public static X509Certificate[] getX509Certs(Collection collection) {
        ArrayList arrayList = new ArrayList(collection.size());
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            arrayList.add(((TrustAnchor) it.next()).getTrustedCert());
        }
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
    }

    public static CertPathValidator createPKIXValidator() {
        try {
            return CertPathValidator.getInstance("PKIX");
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("FATAL: PKIX validation not supported");
        }
    }

    public static CertPath convertToCertPath(X509Certificate[] x509CertificateArr) {
        try {
            return getX509CertFactory().generateCertPath(Arrays.asList(x509CertificateArr));
        } catch (CertificateException e) {
            throw new RuntimeException("FATAL: X509 cert path construction failed");
        }
    }

    public static X509Certificate decodeX509Cert(byte[] bArr) throws CertificateException {
        return (X509Certificate) getX509CertFactory().generateCertificate(new ByteArrayInputStream(bArr));
    }

    public static byte[] encodeX509Cert(X509Certificate x509Certificate) {
        try {
            return x509Certificate.getEncoded();
        } catch (CertificateEncodingException e) {
            throw new RuntimeException("FATAL: X509 cert can't be encoded");
        }
    }

    public static void verifySSLServerHostname(X509Certificate x509Certificate, String str) throws CertificateException {
        String cn = getCN(x509Certificate);
        if (!serverHostnameMatches(cn, str)) {
            throw new CertificateException(new StringBuffer().append("The certificate subject \"").append(cn).append("\" does not match the host name \"").append(str).append("\"").toString());
        }
    }

    public static String getCN(X509Certificate x509Certificate) {
        String name = x509Certificate.getSubjectX500Principal().getName("RFC1779");
        String lowerCase = name.toLowerCase();
        int indexOf = lowerCase.indexOf("cn=");
        if (indexOf < 0) {
            return null;
        }
        int indexOf2 = lowerCase.indexOf(44, indexOf);
        String trim = (indexOf2 >= indexOf ? name.substring(indexOf + "cn=".length(), indexOf2) : name.substring(indexOf + "cn=".length())).trim();
        if (trim.startsWith("\"")) {
            trim = trim.substring(1);
        }
        if (trim.endsWith("\"")) {
            trim = trim.substring(0, trim.length() - 1);
        }
        return trim;
    }

    private static boolean serverHostnameMatches(String str, String str2) {
        if (str2.equals(str)) {
            return true;
        }
        return ((Boolean) AccessController.doPrivileged(new PrivilegedAction(str2, str) { // from class: edu.emory.mathcs.util.security.CertUtils.2
            private final String val$hostname;
            private final String val$subject;

            {
                this.val$hostname = str2;
                this.val$subject = str;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                try {
                    return InetAddress.getByName(this.val$hostname).getCanonicalHostName().equals(InetAddress.getByName(this.val$subject).getCanonicalHostName()) ? Boolean.TRUE : Boolean.FALSE;
                } catch (UnknownHostException e) {
                    return Boolean.FALSE;
                }
            }
        })).booleanValue();
    }

    static Collection access$000() {
        return getDefaultJavaTrustAnchorsPrivileged();
    }
}
