package com.mapr.web.security;

import com.mapr.web.security.SslConfig;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.net.URL;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.eclipse.jetty.util.URIUtil;
import org.eclipse.jetty.util.security.Password;
import org.eclipse.jetty.util.ssl.SslContextFactory;

/* loaded from: input_file:WEB-INF/lib/mapr-security-web-6.1.0-mapr.jar:com/mapr/web/security/WebSecurityManager.class */
public final class WebSecurityManager {
    private static WebSecurityManager securityManager;
    private final SslContextFactory sslContextFactory = new SslContextFactory();
    private static String storePassword;

    /* loaded from: input_file:WEB-INF/lib/mapr-security-web-6.1.0-mapr.jar:com/mapr/web/security/WebSecurityManager$SavingTrustManager.class */
    private static class SavingTrustManager implements X509TrustManager {
        private final X509TrustManager tm;
        private X509Certificate[] chain;

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.chain = x509CertificateArr;
            this.tm.checkServerTrusted(this.chain, str);
        }

        public X509TrustManager getTm() {
            return this.tm;
        }

        public X509Certificate[] getChain() {
            return this.chain;
        }

        public SavingTrustManager(X509TrustManager x509TrustManager) {
            this.tm = x509TrustManager;
        }
    }

    public boolean importUrlCertificate(String str, String str2) {
        URL url = new URL(str);
        String host = url.getHost();
        if (!url.getProtocol().equals(URIUtil.HTTPS)) {
            System.out.println("URL is not an https url");
            return false;
        }
        int port = url.getPort();
        if (port < 0) {
            port = 443;
        }
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        String deobfuscate = Password.deobfuscate(storePassword);
        FileInputStream fileInputStream = new FileInputStream(str2);
        Throwable th = null;
        try {
            try {
                keyStore.load(fileInputStream, deobfuscate.toCharArray());
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                X509TrustManager x509TrustManager = null;
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                int length = trustManagers.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    TrustManager trustManager = trustManagers[i];
                    if (trustManager instanceof X509TrustManager) {
                        x509TrustManager = (X509TrustManager) trustManager;
                        break;
                    }
                    i++;
                }
                if (x509TrustManager == null) {
                    System.out.println("Could not obtain a X509TrustManager");
                    return false;
                }
                SavingTrustManager savingTrustManager = new SavingTrustManager(x509TrustManager);
                sSLContext.init(null, new TrustManager[]{savingTrustManager}, null);
                SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
                System.out.println("Opening connection to " + host + ':' + port + "...");
                try {
                    SSLSocket sSLSocket = (SSLSocket) socketFactory.createSocket(host, port);
                    Throwable th3 = null;
                    try {
                        try {
                            sSLSocket.setSoTimeout(10000);
                            System.out.println("Starting SSL handshake...");
                            sSLSocket.startHandshake();
                            sSLSocket.close();
                            System.out.println();
                            System.out.println("No errors, certificate is already trusted");
                            if (sSLSocket != null) {
                                if (0 != 0) {
                                    try {
                                        sSLSocket.close();
                                    } catch (Throwable th4) {
                                        th3.addSuppressed(th4);
                                    }
                                } else {
                                    sSLSocket.close();
                                }
                            }
                            return false;
                        } finally {
                        }
                    } catch (Throwable th5) {
                        if (sSLSocket != null) {
                            if (th3 != null) {
                                try {
                                    sSLSocket.close();
                                } catch (Throwable th6) {
                                    th3.addSuppressed(th6);
                                }
                            } else {
                                sSLSocket.close();
                            }
                        }
                        throw th5;
                    }
                } catch (SSLException e) {
                    System.out.println("Certificate is not currently trusted. Attempting to add...");
                    X509Certificate[] chain = savingTrustManager.getChain();
                    if (chain == null) {
                        System.out.println("Could not obtain server certificate chain");
                        return false;
                    }
                    X509Certificate x509Certificate = chain[0];
                    String str3 = host + ':' + port;
                    keyStore.setCertificateEntry(str3, x509Certificate);
                    FileOutputStream fileOutputStream = new FileOutputStream(str2);
                    Throwable th7 = null;
                    try {
                        keyStore.store(fileOutputStream, deobfuscate.toCharArray());
                        if (fileOutputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileOutputStream.close();
                                } catch (Throwable th8) {
                                    th7.addSuppressed(th8);
                                }
                            } else {
                                fileOutputStream.close();
                            }
                        }
                        System.out.println("Added certificate to truststore using alias: " + str3);
                        return true;
                    } finally {
                    }
                }
            } finally {
            }
        } finally {
        }
    }

    private void init(String str) {
        WebSecurityConfig.CONFIG.setProcessName(str);
        String property = System.getProperty(str + ".ssl.keystore", WebSecurityConfig.CONFIG.getMaprHome() + "/conf/ssl_keystore");
        String property2 = System.getProperty(str + ".ssl.truststore", WebSecurityConfig.CONFIG.getMaprHome() + "/conf/ssl_truststore");
        File file = new File(property);
        if (!file.canRead()) {
        }
        storePassword = System.getProperty(str + ".ssl.truststore.password", "OBF:1ku11i9a1l1a1y7z1kxs1i6o1kqt");
        this.sslContextFactory.setKeyStorePath(file.getAbsolutePath());
        this.sslContextFactory.setKeyStorePassword(storePassword);
        this.sslContextFactory.setKeyManagerPassword(storePassword);
        File file2 = new File(property2);
        if (file2.canRead()) {
            this.sslContextFactory.setTrustStorePath(file2.getAbsolutePath());
            this.sslContextFactory.setTrustStorePassword(storePassword);
        }
        this.sslContextFactory.setExcludeCipherSuites(System.getProperty(str + ".ssl.exclude-ciphers", "TLS_DHE.*,TLS_EDH.*").split(","));
        this.sslContextFactory.setExcludeProtocols(System.getProperty(str + ".ssl.exclude-protocols", "SSLv3,TLSv1.0").split(","));
        this.sslContextFactory.setRenegotiationAllowed(false);
    }

    public static synchronized WebSecurityManager getSecurityManager(String str) {
        if (securityManager == null) {
            securityManager = new WebSecurityManager();
            securityManager.init(str);
        }
        return securityManager;
    }

    public static SslConfig getSslConfig() throws SecurityException {
        return getSslConfig(SslConfig.SslConfigScope.SCOPE_ALL);
    }

    public static SslConfig getSslConfig(SslConfig.SslConfigScope sslConfigScope) throws SecurityException {
        return new XmlSslConfig(sslConfigScope);
    }

    public SslContextFactory getSslContextFactory() {
        return this.sslContextFactory;
    }
}
