package com.jaspersoft.studio.server.protocol.restv2;

import com.jaspersoft.studio.ConfigurationManager;
import com.jaspersoft.studio.server.messages.Messages;
import com.jaspersoft.studio.server.protocol.CRLVerifier;
import com.jaspersoft.studio.server.utils.Pass;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathValidator;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.UUID;
import net.sf.jasperreports.eclipse.ui.util.UIUtils;
import net.sf.jasperreports.eclipse.util.FileUtils;
import net.sf.jasperreports.eclipse.util.Misc;
import org.glassfish.jersey.SslConfigurator;

/* loaded from: input_file:com/jaspersoft/studio/server/protocol/restv2/CertChainValidator.class */
public class CertChainValidator {
    private static String fname = System.getProperty(SslConfigurator.TRUST_STORE_FILE);
    private static String fksname = System.getProperty(SslConfigurator.TRUST_STORE_FILE);
    private static final char[] spass = Misc.nvl(System.getProperty(SslConfigurator.TRUST_STORE_PASSWORD)).toCharArray();
    public static final char[] kpass = Pass.getPassKeyStore(Misc.nvl(System.getProperty(SslConfigurator.KEY_STORE_PASSWORD), "keystore")).toCharArray();
    private static String stype = System.getProperty(SslConfigurator.TRUST_STORE_TYPE);
    private static CertificateFactory cf;
    private static CertPathValidator validator;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/jaspersoft/studio/server/protocol/restv2/CertChainValidator$ShowDialog.class */
    public static class ShowDialog implements Runnable {
        public int result = 1;
        private CertificateException e;
        private X509Certificate client;
        private X509Certificate[] chain;

        public ShowDialog(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr, CertificateException certificateException) {
            this.client = x509Certificate;
            this.e = certificateException;
            this.chain = x509CertificateArr;
        }

        @Override // java.lang.Runnable
        public void run() {
            this.result = new CertificateDialog(UIUtils.getShell(), this.e.getMessage(), this.client, this.chain).open();
        }
    }

    private static void removeFaultySecurityProviders() {
        Security.removeProvider("DDPKIProvider");
    }

    public static KeyStore getDefaultTrustStore() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        File file;
        removeFaultySecurityProviders();
        stype = System.getProperty(SslConfigurator.TRUST_STORE_TYPE);
        KeyStore keyStore = KeyStore.getInstance(Misc.isNullOrEmpty(stype) ? KeyStore.getDefaultType() : stype);
        fname = System.getProperty(SslConfigurator.TRUST_STORE_FILE);
        if (Misc.isNullOrEmpty(fname)) {
            file = new File(ConfigurationManager.getStorage("certificates"), "cert.ks");
            fname = file.getAbsolutePath();
        } else {
            file = new File(fname);
        }
        if (file.exists()) {
            FileInputStream fileInputStream = null;
            try {
                fileInputStream = new FileInputStream(fname);
                keyStore.load(fileInputStream, spass);
                FileUtils.closeStream(fileInputStream);
            } catch (Throwable th) {
                FileUtils.closeStream(fileInputStream);
                throw th;
            }
        } else {
            keyStore.load(null, spass);
        }
        return keyStore;
    }

    public static KeyStore getDefaultKeyStore() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        File file;
        KeyStore keyStore = KeyStore.getInstance(Misc.isNullOrEmpty(stype) ? KeyStore.getDefaultType() : System.getProperty(SslConfigurator.KEY_STORE_TYPE));
        fksname = System.getProperty(SslConfigurator.KEY_STORE_FILE);
        if (Misc.isNullOrEmpty(fksname)) {
            file = new File(ConfigurationManager.getStorage("certificates"), "certkeystore.ks");
            fksname = file.getAbsolutePath();
        } else {
            file = new File(fksname);
        }
        if (file.exists()) {
            FileInputStream fileInputStream = null;
            try {
                fileInputStream = new FileInputStream(fksname);
                keyStore.load(fileInputStream, kpass);
                FileUtils.closeStream(fileInputStream);
            } catch (Throwable th) {
                FileUtils.closeStream(fileInputStream);
                throw th;
            }
        } else {
            keyStore.load(null, kpass);
        }
        return keyStore;
    }

    public static void writeKeyStore(KeyStore keyStore) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        writeKeyStore(fksname, keyStore);
    }

    protected static void writeKeyStore(String str, KeyStore keyStore) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        FileOutputStream fileOutputStream = null;
        try {
            fileOutputStream = new FileOutputStream(str);
            keyStore.store(fileOutputStream, kpass);
            FileUtils.closeStream(fileOutputStream);
        } catch (Throwable th) {
            FileUtils.closeStream(fileOutputStream);
            throw th;
        }
    }

    public static void writeTrustStore(KeyStore keyStore) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        writeTrustStore(fname, keyStore);
    }

    protected static void writeTrustStore(String str, KeyStore keyStore) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        FileOutputStream fileOutputStream = null;
        try {
            fileOutputStream = new FileOutputStream(str);
            keyStore.store(fileOutputStream, spass);
            FileUtils.closeStream(fileOutputStream);
        } catch (Throwable th) {
            FileUtils.closeStream(fileOutputStream);
            throw th;
        }
    }

    public static void validateKeyChain(X509Certificate[] x509CertificateArr, KeyStore keyStore) throws IOException, GeneralSecurityException {
        if (cf == null) {
            cf = CertificateFactory.getInstance("X.509");
        }
        if (validator == null) {
            validator = CertPathValidator.getInstance("PKIX");
        }
        HashSet hashSet = new HashSet();
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            Certificate certificate = keyStore.getCertificate(aliases.nextElement());
            if (x509CertificateArr[0].equals(certificate)) {
                return;
            }
            if (certificate instanceof X509Certificate) {
                hashSet.add((X509Certificate) certificate);
            }
        }
        try {
            x509CertificateArr[0].checkValidity();
            if (isSelfSigned(x509CertificateArr[0])) {
                confirmCertificate(x509CertificateArr[0], x509CertificateArr, keyStore, new CertificateException("This is a Self-Signed certificate"));
                return;
            }
            if (!hashSet.contains(x509CertificateArr[x509CertificateArr.length - 1])) {
                confirmCertificate(x509CertificateArr[x509CertificateArr.length - 1], new X509Certificate[]{x509CertificateArr[x509CertificateArr.length - 1]}, keyStore, new CertificateException(Messages.CertChainValidator_10));
                return;
            }
            ArrayList arrayList = new ArrayList();
            for (int length = x509CertificateArr.length - 1; length > 0; length--) {
                arrayList.add(x509CertificateArr[length]);
            }
            try {
                verifyCertificate(x509CertificateArr[0], hashSet, arrayList, false);
                CRLVerifier.verifyCertificateCRLs(x509CertificateArr[0]);
            } catch (CertificateException e) {
                confirmCertificate(x509CertificateArr[0], x509CertificateArr, keyStore, e);
            }
        } catch (CertificateExpiredException e2) {
            confirmCertificate(x509CertificateArr[0], x509CertificateArr, keyStore, e2);
        }
    }

    private static PKIXCertPathBuilderResult verifyCertificate(X509Certificate x509Certificate, Set<X509Certificate> set, List<X509Certificate> list, boolean z) throws GeneralSecurityException {
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setCertificate(x509Certificate);
        HashSet hashSet = new HashSet();
        Iterator<X509Certificate> it = set.iterator();
        while (it.hasNext()) {
            hashSet.add(new TrustAnchor(it.next(), null));
        }
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(hashSet, x509CertSelector);
        pKIXBuilderParameters.setRevocationEnabled(false);
        pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(list)));
        return (PKIXCertPathBuilderResult) CertPathBuilder.getInstance("PKIX").build(pKIXBuilderParameters);
    }

    private static void confirmCertificate(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr, KeyStore keyStore, CertificateException certificateException) throws CertificateException, KeyStoreException, NoSuchAlgorithmException, IOException {
        ShowDialog showDialog = new ShowDialog(x509Certificate, x509CertificateArr, certificateException);
        UIUtils.getDisplay().syncExec(showDialog);
        if (showDialog.result != 0) {
            throw certificateException;
        }
        keyStore.setCertificateEntry(UUID.randomUUID().toString().replaceAll("-", ""), x509Certificate);
        writeTrustStore(fname, keyStore);
        throw new RuntimeException(new InterruptedException());
    }

    public static boolean isSelfSigned(X509Certificate x509Certificate) throws CertificateException, NoSuchAlgorithmException, NoSuchProviderException {
        try {
            x509Certificate.verify(x509Certificate.getPublicKey());
            return true;
        } catch (InvalidKeyException | SignatureException unused) {
            return false;
        }
    }
}
