package be.iminds.ilabt.jfed.util;

import be.iminds.ilabt.jfed.lowlevel.authority.AuthorityListModel;
import be.iminds.ilabt.jfed.lowlevel.authority.SfaAuthority;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.xmlrpc.secure.SecurityConstants;

/* loaded from: input_file:be/iminds/ilabt/jfed/util/JFedTrustStore.class */
public class JFedTrustStore {
    private static Logger LOG;
    private final Set<String> allowedServerCertificateHostnameAliases;
    private final KeyStore trustStore;
    public List<String> addedPems;
    private List<Certificate> extraTrustedCertificates;
    private static KeyStore systemTrustStore;
    static final /* synthetic */ boolean $assertionsDisabled;

    public JFedTrustStore() {
        this.addedPems = new ArrayList();
        this.extraTrustedCertificates = new ArrayList();
        this.trustStore = getSystemTrustStore();
        this.allowedServerCertificateHostnameAliases = new HashSet();
    }

    public JFedTrustStore(KeyStore keyStore) {
        this.addedPems = new ArrayList();
        this.extraTrustedCertificates = new ArrayList();
        try {
            this.trustStore = copyTrustStore(keyStore, null, null, "somepass".toCharArray());
            this.allowedServerCertificateHostnameAliases = new HashSet();
        } catch (Exception e) {
            throw new RuntimeException("Could not copy trust store: " + e.getMessage(), e);
        }
    }

    public JFedTrustStore(JFedTrustStore jFedTrustStore) {
        this.addedPems = new ArrayList();
        this.extraTrustedCertificates = new ArrayList();
        try {
            this.trustStore = copyTrustStore(jFedTrustStore.trustStore, null, null, "somepass".toCharArray());
            this.allowedServerCertificateHostnameAliases = new HashSet(jFedTrustStore.getAllowedServerCertificateHostnameAliases());
        } catch (Exception e) {
            throw new RuntimeException("Could not copy trust store: " + e.getMessage(), e);
        }
    }

    public JFedTrustStore(SfaAuthority sfaAuthority) {
        this.addedPems = new ArrayList();
        this.extraTrustedCertificates = new ArrayList();
        this.trustStore = getSystemTrustStore();
        if (sfaAuthority.getPemSslTrustCerts() != null) {
            addTrustedPemCertificateIfNotAdded(sfaAuthority.getPemSslTrustCerts());
        }
        this.allowedServerCertificateHostnameAliases = new HashSet(sfaAuthority.getAllowedCertificateHostnameAliases());
    }

    public JFedTrustStore(AuthorityListModel authorityListModel) {
        this.addedPems = new ArrayList();
        this.extraTrustedCertificates = new ArrayList();
        this.trustStore = getSystemTrustStore();
        for (SfaAuthority sfaAuthority : authorityListModel.getAuthorities()) {
            if (sfaAuthority.getPemSslTrustCerts() != null) {
                addTrustedPemCertificateIfNotAdded(sfaAuthority.getPemSslTrustCerts());
            }
        }
        this.allowedServerCertificateHostnameAliases = new HashSet();
    }

    public Collection<String> getAllowedServerCertificateHostnameAliases() {
        return Collections.unmodifiableCollection(this.allowedServerCertificateHostnameAliases);
    }

    public KeyStore getTrustStore() {
        return this.trustStore;
    }

    public void addAllowedServerCertificateHostnameAlias(String str) {
        if (str != null) {
            this.allowedServerCertificateHostnameAliases.add(str);
        }
    }

    public void addAllowedServerCertificateHostnameAliases(Collection<String> collection) {
        if (collection != null) {
            this.allowedServerCertificateHostnameAliases.addAll(collection);
        }
    }

    public void addTrustedCertificate(Certificate certificate) {
        if (!$assertionsDisabled && certificate == null) {
            throw new AssertionError();
        }
        this.extraTrustedCertificates.add(certificate);
        try {
            this.trustStore.setCertificateEntry("extraCert" + this.extraTrustedCertificates.size(), certificate);
        } catch (KeyStoreException e) {
            LOG.error("Error while creating adding certificate to trust store", (Throwable) e);
            throw new RuntimeException("Could not add certificate to trust store: " + e.getMessage(), e);
        }
    }

    public void addTrustedPemCertificate(String str) {
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError();
        }
        addTrustedCertificate(KeyUtil.pemToX509Certificate(str));
    }

    public void addTrustedPemCertificateIfNotAdded(List<String> list) {
        if (list != null) {
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                addTrustedPemCertificateIfNotAdded(it.next());
            }
        }
    }

    public void addTrustedPemCertificateIfNotAdded(String str) {
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError();
        }
        if (this.addedPems.contains(str)) {
            return;
        }
        this.addedPems.add(str);
        addTrustedPemCertificate(str);
    }

    public static KeyStore getSystemTrustStore() {
        String property = System.getProperty(SecurityConstants.TRUST_STORE_PASSWORD);
        if (property == null) {
            property = "changeit";
        }
        if (systemTrustStore != null) {
            try {
                return copyTrustStore(systemTrustStore, property.toCharArray(), null, property.toCharArray());
            } catch (Exception e) {
                LOG.error("Failed to copy system trust store", (Throwable) e);
                throw new RuntimeException("Failed to copy system trust store", e);
            }
        }
        String str = System.getProperty("java.home") + File.separator + "lib" + File.separator + "security" + File.separator + "jssecacerts";
        String str2 = System.getProperty("java.home") + File.separator + "lib" + File.separator + "security" + File.separator + "cacerts";
        String property2 = System.getProperty(SecurityConstants.TRUST_STORE);
        if (property2 == null) {
            property2 = str;
            if (!new File(property2).exists()) {
                property2 = str2;
            }
            if (!new File(property2).exists()) {
                throw new RuntimeException("Could not find any system trust store!");
            }
        }
        try {
            systemTrustStore = KeyStore.getInstance(KeyStore.getDefaultType());
            FileInputStream fileInputStream = new FileInputStream(property2);
            systemTrustStore.load(fileInputStream, property.toCharArray());
            fileInputStream.close();
            return systemTrustStore;
        } catch (Exception e2) {
            LOG.error("ERROR loading system trust store: " + e2.getMessage(), (Throwable) e2);
            LOG.error("  Normally, the trust store is at one of these locations:\n   - <JAVA_HOME>/lib/security/jssecacerts => \"" + str + "\"\n   - <JAVA_HOME>/lib/security/cacerts => \"" + str2 + "\"\n");
            LOG.error("  You can use another by setting the system property \"javax.net.ssl.trustStore\"");
            LOG.error("  You can specify a non default password with \"javax.net.ssl.trustStorePassword\" (default pass is \"changeit\")");
            systemTrustStore = null;
            throw new RuntimeException("Cannot locate and load system trust store: " + e2.getMessage(), e2);
        }
    }

    public static KeyStore copyTrustStore(KeyStore keyStore, char[] cArr, char[] cArr2, char[] cArr3) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, IOException, CertificateException {
        return copyKeyStore(keyStore, cArr, cArr2, cArr3);
    }

    public static KeyStore copyKeyStore(KeyStore keyStore, char[] cArr, char[] cArr2, char[] cArr3) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, IOException, CertificateException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        keyStore.store(byteArrayOutputStream, cArr3);
        KeyStore keyStore2 = KeyStore.getInstance("jks");
        keyStore2.load(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()), cArr3);
        return keyStore2;
    }

    static {
        $assertionsDisabled = !JFedTrustStore.class.desiredAssertionStatus();
        LOG = LogManager.getLogger();
        systemTrustStore = null;
    }
}
