package com.centurylink.mdw.auth;

import com.centurylink.mdw.auth.CertificateChainInfo;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:com/centurylink/mdw/auth/CertificateHandler.class */
public class CertificateHandler {
    private char[] keystorePassphrase;

    /* loaded from: input_file:com/centurylink/mdw/auth/CertificateHandler$SavingTrustManager.class */
    private class SavingTrustManager implements X509TrustManager {
        private final X509TrustManager tm;
        private X509Certificate[] chain;

        SavingTrustManager(X509TrustManager x509TrustManager) {
            this.tm = x509TrustManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.chain = x509CertificateArr;
            this.tm.checkServerTrusted(x509CertificateArr, str);
        }
    }

    public CertificateHandler() {
        this.keystorePassphrase = "changeit".toCharArray();
    }

    public CertificateHandler(String str) {
        this.keystorePassphrase = str.toCharArray();
    }

    public CertificateChainInfo getCertificateInfo(String str, int i) throws IOException, MdwSecurityException {
        CertificateChainInfo certificateChainInfo = new CertificateChainInfo();
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(getKeyStore());
            SavingTrustManager savingTrustManager = new SavingTrustManager((X509TrustManager) trustManagerFactory.getTrustManagers()[0]);
            sSLContext.init(null, new TrustManager[]{savingTrustManager}, null);
            SSLSocket sSLSocket = null;
            try {
                try {
                    sSLSocket = (SSLSocket) sSLContext.getSocketFactory().createSocket(str, i);
                    sSLSocket.setSoTimeout(10000);
                    sSLSocket.startHandshake();
                    certificateChainInfo.setStatus(CertificateChainInfo.Status.TRUSTED);
                    if (sSLSocket != null) {
                        sSLSocket.close();
                    }
                } catch (Throwable th) {
                    if (sSLSocket != null) {
                        sSLSocket.close();
                    }
                    throw th;
                }
            } catch (SSLException e) {
                certificateChainInfo.setStatus(CertificateChainInfo.Status.UNTRUSTED);
                certificateChainInfo.setException(e);
                if (sSLSocket != null) {
                    sSLSocket.close();
                }
            }
            certificateChainInfo.setCertificateChain(savingTrustManager.chain);
            if (certificateChainInfo.getCertificateChain() == null) {
                certificateChainInfo.setStatus(CertificateChainInfo.Status.ERROR);
                certificateChainInfo.setMessage("Could not obtain server certificate chain");
            }
            return certificateChainInfo;
        } catch (GeneralSecurityException e2) {
            throw new MdwSecurityException(e2.getMessage(), e2);
        }
    }

    public void importCertificateChain(X509Certificate x509Certificate, String str) throws IOException, MdwSecurityException {
        KeyStore keyStore = getKeyStore();
        FileOutputStream fileOutputStream = null;
        try {
            try {
                keyStore.setCertificateEntry(str, x509Certificate);
                fileOutputStream = new FileOutputStream(findKeyStoreFile());
                keyStore.store(fileOutputStream, this.keystorePassphrase);
                if (fileOutputStream != null) {
                    fileOutputStream.close();
                }
            } catch (GeneralSecurityException e) {
                throw new MdwSecurityException(e.getMessage(), e);
            }
        } catch (Throwable th) {
            if (fileOutputStream != null) {
                fileOutputStream.close();
            }
            throw th;
        }
    }

    private KeyStore getKeyStore() throws IOException, MdwSecurityException {
        FileInputStream fileInputStream = null;
        try {
            try {
                fileInputStream = new FileInputStream(findKeyStoreFile());
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(fileInputStream, this.keystorePassphrase);
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                return keyStore;
            } catch (GeneralSecurityException e) {
                throw new MdwSecurityException(e.getMessage(), e);
            }
        } catch (Throwable th) {
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            throw th;
        }
    }

    private File findKeyStoreFile() {
        File file = new File("jssecacerts");
        if (!file.isFile()) {
            File file2 = new File(System.getProperty("java.home") + "/lib/security");
            file = new File(file2, "jssecacerts");
            if (!file.isFile()) {
                file = new File(file2, "cacerts");
            }
        }
        return file;
    }
}
