package com.synopsys.integration.rest.certificate;

import ch.qos.logback.core.net.ssl.SSL;
import com.synopsys.integration.exception.EncryptionException;
import com.synopsys.integration.exception.IntegrationCertificateException;
import com.synopsys.integration.exception.IntegrationException;
import com.synopsys.integration.log.IntLogger;
import com.synopsys.integration.rest.proxy.ProxyInfo;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import javax.net.ssl.SSLSession;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.NTCredentials;
import org.apache.http.client.HttpClient;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.methods.RequestBuilder;
import org.apache.http.conn.ManagedHttpClientConnection;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.TrustAllStrategy;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.protocol.BasicHttpContext;
import org.apache.http.ssl.SSLContextBuilder;

/* loaded from: input_file:BOOT-INF/lib/integration-rest-0.1.4.jar:com/synopsys/integration/rest/certificate/CertificateHandler.class */
public class CertificateHandler {
    public static final String PEER_CERTIFICATES = "PEER_CERTIFICATES";
    private final IntLogger logger;
    private int timeout;
    private ProxyInfo proxyInfo;
    private File javaHomeOverride;

    public CertificateHandler(IntLogger intLogger) {
        this.timeout = 120;
        this.proxyInfo = ProxyInfo.NO_PROXY_INFO;
        this.logger = intLogger;
    }

    public CertificateHandler(IntLogger intLogger, File file) {
        this(intLogger);
        this.javaHomeOverride = file;
    }

    public void retrieveAndImportHttpsCertificate(URL url) throws IntegrationException {
        if (url == null || !url.getProtocol().startsWith("https")) {
            return;
        }
        try {
            Certificate retrieveHttpsCertificateFromURL = retrieveHttpsCertificateFromURL(url);
            if (retrieveHttpsCertificateFromURL == null) {
                throw new IntegrationCertificateException(String.format("Could not retrieve the Certificate from %s", url));
            }
            importHttpsCertificate(url, retrieveHttpsCertificateFromURL);
        } catch (IntegrationException e) {
            throw e;
        } catch (Exception e2) {
            throw new IntegrationException(e2.getMessage(), e2);
        }
    }

    public Certificate retrieveHttpsCertificateFromURL(URL url) throws IntegrationException {
        if (url == null || !url.getProtocol().startsWith("https")) {
            return null;
        }
        this.logger.info(String.format("Retrieving the certificate from %s", url));
        try {
            HttpClient httpClient = getHttpClient(url);
            RequestBuilder create = RequestBuilder.create(HttpGet.METHOD_NAME);
            create.setUri(url.toURI());
            HttpUriRequest build = create.build();
            BasicHttpContext basicHttpContext = new BasicHttpContext();
            httpClient.execute(build, basicHttpContext);
            return ((Certificate[]) basicHttpContext.getAttribute(PEER_CERTIFICATES))[0];
        } catch (Exception e) {
            throw new IntegrationException(e);
        }
    }

    protected HttpClient getHttpClient(URL url) throws IntegrationException {
        try {
            BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
            HttpClientBuilder create = HttpClientBuilder.create();
            RequestConfig.Builder custom = RequestConfig.custom();
            custom.setConnectTimeout(this.timeout);
            custom.setSocketTimeout(this.timeout);
            custom.setConnectionRequestTimeout(this.timeout);
            if (this.proxyInfo == null) {
                throw new IllegalStateException("The proxy information can not be null.");
            }
            if (this.proxyInfo.shouldUseProxyForUrl(url)) {
                custom.setProxy(new HttpHost(this.proxyInfo.getHost(), this.proxyInfo.getPort()));
                try {
                    basicCredentialsProvider.setCredentials(new AuthScope(this.proxyInfo.getHost(), this.proxyInfo.getPort()), new NTCredentials(this.proxyInfo.getUsername(), this.proxyInfo.getDecryptedPassword(), this.proxyInfo.getNtlmWorkstation(), this.proxyInfo.getNtlmDomain()));
                } catch (EncryptionException | IllegalArgumentException e) {
                    throw new IntegrationException(e);
                }
            }
            create.setDefaultCredentialsProvider(basicCredentialsProvider);
            create.setDefaultRequestConfig(custom.build());
            try {
                create.setSSLSocketFactory(new SSLConnectionSocketFactory(SSLContextBuilder.create().loadTrustMaterial(getKeyStore(getTrustStore()), new TrustAllStrategy()).build(), new NoopHostnameVerifier()));
                create.addInterceptorLast((httpResponse, httpContext) -> {
                    SSLSession sSLSession = ((ManagedHttpClientConnection) httpContext.getAttribute("http.connection")).getSSLSession();
                    if (sSLSession != null) {
                        httpContext.setAttribute(PEER_CERTIFICATES, sSLSession.getPeerCertificates());
                    }
                });
                return create.build();
            } catch (Exception e2) {
                throw new IntegrationException(e2);
            }
        } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException e3) {
            throw new IntegrationException(e3.getMessage(), e3);
        }
    }

    public Certificate retrieveHttpsCertificateFromTrustStore(URL url) throws IntegrationException {
        File trustStore = getTrustStore();
        this.logger.info(String.format("Removing the certificate from %s", trustStore.getAbsolutePath()));
        try {
            KeyStore keyStore = getKeyStore(trustStore);
            if (keyStore.containsAlias(url.getHost())) {
                return keyStore.getCertificate(url.getHost());
            }
            return null;
        } catch (Exception e) {
            throw new IntegrationException(e);
        }
    }

    public void importHttpsCertificate(URL url, Certificate certificate) throws IntegrationException {
        File trustStore = getTrustStore();
        this.logger.info(String.format("Importing the certificate from %s into keystore %s", url.getHost(), trustStore.getAbsolutePath()));
        try {
            KeyStore keyStore = getKeyStore(trustStore);
            keyStore.setCertificateEntry(url.getHost(), certificate);
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new FileOutputStream(trustStore));
            Throwable th = null;
            try {
                try {
                    keyStore.store(bufferedOutputStream, getKeyStorePassword());
                    if (bufferedOutputStream != null) {
                        if (0 != 0) {
                            try {
                                bufferedOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            bufferedOutputStream.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            throw new IntegrationException(e);
        }
    }

    public void removeHttpsCertificate(URL url) throws IntegrationException {
        File trustStore = getTrustStore();
        this.logger.info(String.format("Removing the certificate from %s", trustStore.getAbsolutePath()));
        try {
            KeyStore keyStore = getKeyStore(trustStore);
            if (keyStore.containsAlias(url.getHost())) {
                keyStore.deleteEntry(url.getHost());
                BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new FileOutputStream(trustStore));
                Throwable th = null;
                try {
                    try {
                        keyStore.store(bufferedOutputStream, getKeyStorePassword());
                        if (bufferedOutputStream != null) {
                            if (0 != 0) {
                                try {
                                    bufferedOutputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                bufferedOutputStream.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            }
        } catch (Exception e) {
            throw new IntegrationException(e);
        }
    }

    public boolean isCertificateInTrustStore(URL url) throws IntegrationException {
        File trustStore = getTrustStore();
        if (!trustStore.isFile()) {
            return false;
        }
        this.logger.info(String.format("Checking for alias %s in keystore %s", url.getHost(), trustStore.getAbsolutePath()));
        try {
            return getKeyStore(trustStore).containsAlias(url.getHost());
        } catch (Exception e) {
            throw new IntegrationException(e);
        }
    }

    public KeyStore getKeyStore(File file) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        if (file.isFile() && file.length() > 0) {
            return KeyStore.Builder.newInstance(getTrustStoreType(), null, file, new KeyStore.PasswordProtection(getKeyStorePassword())).getKeyStore();
        }
        KeyStore keyStore = KeyStore.getInstance(getTrustStoreType());
        keyStore.load(null, null);
        BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new FileOutputStream(file));
        Throwable th = null;
        try {
            keyStore.store(bufferedOutputStream, getKeyStorePassword());
            if (bufferedOutputStream != null) {
                if (0 != 0) {
                    try {
                        bufferedOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    bufferedOutputStream.close();
                }
            }
            return keyStore;
        } catch (Throwable th3) {
            if (bufferedOutputStream != null) {
                if (0 != 0) {
                    try {
                        bufferedOutputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    bufferedOutputStream.close();
                }
            }
            throw th3;
        }
    }

    public File getTrustStore() {
        File file;
        if (this.javaHomeOverride != null) {
            file = resolveTrustStoreFile(this.javaHomeOverride);
        } else {
            file = new File(System.getProperty("javax.net.ssl.trustStore", ""));
            if (!file.isFile()) {
                file = resolveTrustStoreFile(new File(System.getProperty("java.home")));
            }
        }
        return file;
    }

    private String getTrustStoreType() {
        return System.getProperty("javax.net.ssl.trustStoreType", KeyStore.getDefaultType());
    }

    private char[] getKeyStorePassword() {
        return System.getProperty("javax.net.ssl.trustStorePassword", SSL.DEFAULT_KEYSTORE_PASSWORD).toCharArray();
    }

    private File resolveTrustStoreFile(File file) {
        File file2 = new File(new File(new File(file, "lib"), "security"), "jssecacerts");
        if (!file2.isFile()) {
            file2 = new File(new File(new File(file, "lib"), "security"), "cacerts");
        }
        return file2;
    }

    public int getTimeout() {
        return this.timeout;
    }

    public void setTimeout(int i) {
        this.timeout = i;
    }

    public ProxyInfo getProxyInfo() {
        return this.proxyInfo;
    }

    public void setProxyInfo(ProxyInfo proxyInfo) {
        this.proxyInfo = proxyInfo;
    }
}
