package be.re.net;

import be.re.gui.form.SimpleFormDialog;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.net.URL;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.text.DateFormat;
import java.util.Map;
import java.util.ResourceBundle;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.w3c.dom.Document;
import org.w3c.dom.Node;

/* loaded from: input_file:be/re/net/ClientTrustManager.class */
public class ClientTrustManager implements X509TrustManager {
    private static final char[] PASSWORD = {'e', '5', 'j', 'w', '3', 'q', 'r', '5'};
    private static X509TrustManager defaultManager;
    private boolean interactive;

    public ClientTrustManager(boolean z) {
        this.interactive = z;
    }

    private void addCertificateText(Node node, X509Certificate x509Certificate, ResourceBundle resourceBundle) {
        addLine(node, resourceBundle.getString("label_cert_serial") + ": " + x509Certificate.getSerialNumber().toString());
        addLine(node, resourceBundle.getString("label_cert_issuer") + ": " + x509Certificate.getIssuerX500Principal().getName());
        addLine(node, resourceBundle.getString("label_cert_subject") + ": " + x509Certificate.getSubjectX500Principal().getName());
        DateFormat dateInstance = DateFormat.getDateInstance(3);
        addLine(node, resourceBundle.getString("label_cert_validity") + ": " + dateInstance.format(x509Certificate.getNotBefore()) + ", " + dateInstance.format(x509Certificate.getNotAfter()));
    }

    private void addLine(Node node, String str) {
        Node selectFirstChild = be.re.xml.Util.selectFirstChild(node, "http://www.w3.org/1999/xhtml", "div");
        selectFirstChild.insertBefore(node.getOwnerDocument().createElementNS("http://www.w3.org/1999/xhtml", "p"), be.re.xml.Util.selectFirstChild(selectFirstChild, "http://www.w3.org/1999/xhtml", "table")).appendChild(node.getOwnerDocument().createTextNode(str));
    }

    private boolean askUser(X509Certificate[] x509CertificateArr, boolean z) {
        try {
            if (verifyCertificate(x509CertificateArr[0])) {
                return true;
            }
            if (!z) {
                return false;
            }
            ResourceBundle bundle = ResourceBundle.getBundle("be.re.net.res.Res");
            Document parse = be.re.xml.Util.getDocumentBuilder((URL) null, false).parse(ClientTrustManager.class.getResource("res/accept_certificate_form.xml").toString());
            addCertificateText(parse.getDocumentElement(), x509CertificateArr[0], bundle);
            Map fields = new SimpleFormDialog(bundle.getString("title_accept_certificate"), parse, bundle).getFields();
            if (fields == null) {
                return false;
            }
            if (fields.get("permanent") == null || !((Boolean) ((Object[]) fields.get("permanent"))[0]).booleanValue()) {
                return true;
            }
            saveCertificate(x509CertificateArr[0]);
            return true;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        getDefaultManager().checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            getDefaultManager().checkServerTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            if (!askUser(x509CertificateArr, this.interactive)) {
                throw e;
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return defaultManager != null ? defaultManager.getAcceptedIssuers() : new X509Certificate[0];
    }

    private static X509TrustManager getDefaultManager() throws CertificateException {
        if (defaultManager != null) {
            return defaultManager;
        }
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            for (int i = 0; i < trustManagers.length && defaultManager == null; i++) {
                if (trustManagers[i] instanceof X509TrustManager) {
                    defaultManager = (X509TrustManager) trustManagers[i];
                }
            }
            if (defaultManager == null) {
                throw new CertificateException("No trust manager");
            }
            return defaultManager;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private static File getStorage(String str) {
        File file = new File(new File(new File(System.getProperty("user.home"), ".be"), "re"), "net");
        if (!file.exists()) {
            file.mkdirs();
        }
        return new File(file, str);
    }

    private static synchronized void saveCertificate(X509Certificate x509Certificate) throws Exception {
        File storage = getStorage("TrustStore");
        File storage2 = getStorage("TrustStore.tmp");
        try {
            FileInputStream fileInputStream = storage.exists() ? new FileInputStream(storage) : null;
            FileOutputStream fileOutputStream = new FileOutputStream(storage2);
            try {
                KeyStore keyStore = KeyStore.getInstance("JKS");
                keyStore.load(fileInputStream != null ? fileInputStream : null, PASSWORD);
                keyStore.setCertificateEntry(x509Certificate.getSerialNumber().toString(), x509Certificate);
                keyStore.store(fileOutputStream, PASSWORD);
                fileOutputStream.close();
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                storage.delete();
                storage2.renameTo(storage);
            } catch (Throwable th) {
                fileOutputStream.close();
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                throw th;
            }
        } catch (Exception e) {
            storage2.delete();
            throw e;
        }
    }

    private static boolean verifyCertificate(X509Certificate x509Certificate) throws Exception {
        File storage = getStorage("TrustStore");
        if (!storage.exists()) {
            return false;
        }
        FileInputStream fileInputStream = new FileInputStream(storage);
        try {
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(fileInputStream, PASSWORD);
            boolean equals = x509Certificate.equals(keyStore.getCertificate(x509Certificate.getSerialNumber().toString()));
            fileInputStream.close();
            return equals;
        } catch (Throwable th) {
            fileInputStream.close();
            throw th;
        }
    }
}
