package be.re.net;

import be.re.gui.form.SimpleFormDialog;
import be.re.gui.util.AuthenticateDialog;
import be.re.io.StreamConnector;
import be.re.util.Base64;
import com.fasterxml.jackson.core.util.MinimalPrettyPrinter;
import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.Socket;
import java.net.URL;
import java.security.AlgorithmParameters;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.StringTokenizer;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
import javax.crypto.spec.DESedeKeySpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.X509KeyManager;
import javax.security.auth.x500.X500Principal;
import javax.swing.SwingUtilities;
import javax.xml.XMLConstants;
import org.w3c.dom.Document;

/* loaded from: input_file:be/re/net/ClientKeyManager.class */
public class ClientKeyManager implements X509KeyManager {
    private boolean interactive;
    private static KeyStore keyStore;
    private static char[] password;
    private static Map aliases = new HashMap();
    private static Map keyPasswords = new HashMap();

    public ClientKeyManager(boolean z) {
        this.interactive = z;
    }

    private static char[] askPassword(String str) {
        BasicUser basicUser = new BasicUser();
        final AuthenticateDialog authenticateDialog = new AuthenticateDialog(str, (User) basicUser, true);
        SwingUtilities.invokeLater(new Runnable() { // from class: be.re.net.ClientKeyManager.1
            @Override // java.lang.Runnable
            public void run() {
                AuthenticateDialog.this.setVisible(true);
            }
        });
        synchronized (authenticateDialog) {
            try {
                authenticateDialog.wait();
            } catch (InterruptedException e) {
                throw new RuntimeException(e);
            }
        }
        if (basicUser.getPassword() == null) {
            throw new AbortException(Util.getResource("msg_aborted"));
        }
        return basicUser.getPassword().toCharArray();
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        String str = (String) aliases.get(socket.getRemoteSocketAddress());
        if (str != null) {
            return str;
        }
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        getClientAliases(arrayList, arrayList2, principalArr);
        String chooseCertificate = arrayList.size() == 1 ? (String) arrayList.get(0) : arrayList.size() > 1 ? chooseCertificate(arrayList, arrayList2) : null;
        if (chooseCertificate == null) {
            throw new AbortException(Util.getResource("msg_aborted"));
        }
        aliases.put(socket.getRemoteSocketAddress(), chooseCertificate);
        return chooseCertificate;
    }

    private static String chooseCertificate(List list, List list2) {
        String[] strArr = new String[list2.size()];
        for (int i = 0; i < strArr.length; i++) {
            strArr[i] = ((String) list.get(i)) + ": " + ((X509Certificate) list2.get(i)).getSubjectDN().getName();
        }
        ResourceBundle bundle = ResourceBundle.getBundle("be.re.net.res.Res");
        try {
            Document parse = be.re.xml.Util.getDocumentBuilder((URL) null, false).parse(ClientKeyManager.class.getResource("res/choose_certificate.xml").toString());
            be.re.gui.form.Util.populateSelection(parse, "certificate", be.re.gui.form.Util.createOptions(strArr));
            Map fields = new SimpleFormDialog(bundle.getString("title_choose_certificate"), parse, bundle).getFields();
            if (fields == null || fields.get("certificate") == null || ((Object[]) fields.get("certificate")).length != 1) {
                return null;
            }
            String str = (String) ((Object[]) fields.get("certificate"))[0];
            for (int i2 = 0; i2 < strArr.length; i2++) {
                if (strArr[i2].equals(str)) {
                    return (String) list.get(i2);
                }
            }
            return null;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return null;
    }

    private static byte[] decode(String[] strArr, int i) throws Exception {
        int i2 = 0;
        for (int i3 = i; i3 < strArr.length - 1; i3++) {
            i2 += strArr[i3].length();
        }
        int i4 = 0;
        byte[] bArr = new byte[i2];
        for (int i5 = i; i5 < strArr.length - 1; i5++) {
            byte[] bytes = strArr[i5].getBytes("ASCII");
            System.arraycopy(bytes, 0, bArr, i4, bytes.length);
            i4 += bytes.length;
        }
        return Base64.decode(bArr);
    }

    private static byte[] decrypt(byte[] bArr, String[] strArr, String str) throws Exception {
        String substring = strArr[0].substring(0, strArr[0].lastIndexOf(45));
        String substring2 = strArr[0].substring(strArr[0].lastIndexOf(45) + 1);
        String str2 = "DES".equals(substring) ? "DES" : ("DES-EDE".equals(substring) || "DES-EDE3".equals(substring)) ? "DESede" : substring;
        Cipher cipher = Cipher.getInstance(str2 + "/" + substring2 + "/NoPadding");
        SecretKey generateSecret = SecretKeyFactory.getInstance(str2).generateSecret("DES".equals(str2) ? new DESKeySpec(padKey(str.getBytes("ASCII"), 8)) : "DESede".equals(str2) ? new DESedeKeySpec(padKey(str.getBytes("ASCII"), 24)) : new PBEKeySpec(str.toCharArray()));
        if (strArr.length == 2) {
            cipher.init(2, generateSecret, getIV(str2, strArr[1]));
        } else {
            cipher.init(2, generateSecret);
        }
        return cipher.doFinal(bArr);
    }

    public boolean failed(Socket socket) {
        if (!(socket instanceof SSLSocket)) {
            return false;
        }
        ((SSLSocket) socket).getSession().invalidate();
        return aliases.remove(socket.getRemoteSocketAddress()) != null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        try {
            Certificate[] certificateChain = getKeyStore().getCertificateChain(str);
            if (certificateChain != null && certificateChain.length != 0 && (certificateChain[0] instanceof X509Certificate)) {
                X509Certificate[] x509CertificateArr = new X509Certificate[certificateChain.length];
                System.arraycopy(certificateChain, 0, x509CertificateArr, 0, certificateChain.length);
                return x509CertificateArr;
            }
            Certificate certificate = getKeyStore().getCertificate(str);
            if (certificate instanceof X509Certificate) {
                return new X509Certificate[]{(X509Certificate) certificate};
            }
            return null;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        ArrayList arrayList = new ArrayList();
        getClientAliases(arrayList, new ArrayList(), principalArr);
        return (String[]) arrayList.toArray(new String[0]);
    }

    private void getClientAliases(List list, List list2, Principal[] principalArr) {
        try {
            Enumeration<String> aliases2 = getKeyStore().aliases();
            while (aliases2.hasMoreElements()) {
                String nextElement = aliases2.nextElement();
                Certificate certificate = getKeyStore().getCertificate(nextElement);
                if ((certificate instanceof X509Certificate) && getKeyStore().isKeyEntry(nextElement)) {
                    for (Principal principal : principalArr) {
                        try {
                            if (new X500Principal(principal.getName()).equals(new X500Principal(((X509Certificate) certificate).getIssuerDN().getName()))) {
                                list.add(nextElement);
                                list2.add(certificate);
                            }
                        } catch (IllegalArgumentException e) {
                        }
                    }
                }
            }
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }

    private static AlgorithmParameters getIV(String str, String str2) throws Exception {
        byte[] bArr = new byte[str2.length() / 2];
        for (int i = 0; i < str2.length(); i += 2) {
            bArr[i / 2] = (byte) Integer.parseInt(str2.substring(i, i + 2), 16);
        }
        AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(str);
        algorithmParameters.init(new IvParameterSpec(bArr));
        return algorithmParameters;
    }

    private KeyStore getKeyStore() {
        if (keyStore != null) {
            return keyStore;
        }
        try {
            File file = new File(new File(System.getProperty("user.home")), ".keystore");
            KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore2.load(file.exists() ? new FileInputStream(file) : null, getPassword());
            keyStore = keyStore2;
            return keyStore2;
        } catch (Exception e) {
            password = null;
            throw new RuntimeException(e);
        }
    }

    private char[] getPassword() {
        if (password == null && this.interactive) {
            password = askPassword(Util.getResource("title_keystore"));
        }
        return password;
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        char[] cArr = (char[]) keyPasswords.get(str);
        if (cArr != null) {
            try {
                return (PrivateKey) getKeyStore().getKey(str, cArr);
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        try {
            return tryPrivateKey(str, getPassword());
        } catch (UnrecoverableKeyException e2) {
            if (this.interactive) {
                return null;
            }
            while (true) {
                char[] askPassword = askPassword(Util.getResource("title_key_password") + MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR + str);
                if (askPassword == null) {
                    return null;
                }
                try {
                    return tryPrivateKey(str, askPassword);
                } catch (UnrecoverableKeyException e3) {
                }
            }
        }
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        return null;
    }

    private static File getStorage() {
        return new File(new File(System.getProperty("user.home")), ".keystore");
    }

    private static String[] getValues(String str) {
        StringTokenizer stringTokenizer = new StringTokenizer(str, ", ");
        String[] strArr = new String[stringTokenizer.countTokens()];
        for (int i = 0; i < strArr.length; i++) {
            strArr[i] = stringTokenizer.nextToken();
        }
        return strArr;
    }

    private String importCertificate() {
        try {
            ResourceBundle bundle = ResourceBundle.getBundle("be.re.net.res.Res");
            final String[] strArr = new String[1];
            new SimpleFormDialog(bundle.getString("title_import_certificate"), be.re.xml.Util.getDocumentBuilder((URL) null, false).parse(ClientKeyManager.class.getResource("res/import_certificate_form.xml").toString()), bundle).open(new SimpleFormDialog.ProcessFields() { // from class: be.re.net.ClientKeyManager.2
                @Override // be.re.gui.form.SimpleFormDialog.ProcessFields
                public boolean process(Map map) {
                    if (map == null || map.get("alias") == null || map.get("certificate") == null || map.get("key") == null) {
                        return true;
                    }
                    if (!ClientKeyManager.this.importCertificate((String) ((Object[]) map.get("alias"))[0], new File((String) ((Object[]) map.get("certificate"))[0]), new File((String) ((Object[]) map.get("key"))[0]), (map.get("password") == null || XMLConstants.DEFAULT_NS_PREFIX.equals((String) ((Object[]) map.get("password"))[0])) ? null : (String) ((Object[]) map.get("password"))[0])) {
                        return false;
                    }
                    strArr[0] = (String) ((Object[]) map.get("alias"))[0];
                    return true;
                }
            });
            return strArr[0];
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean importCertificate(String str, File file, File file2, String str2) {
        FileInputStream fileInputStream = null;
        try {
            try {
                try {
                    try {
                        fileInputStream = new FileInputStream(file);
                        getKeyStore().setKeyEntry(str, KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(readKey(file2, str2))), getPassword(), (Certificate[]) CertificateFactory.getInstance("X.509").generateCertificates(fileInputStream).toArray(new Certificate[0]));
                        saveKeyStore();
                        if (fileInputStream != null) {
                            try {
                                fileInputStream.close();
                            } catch (Exception e) {
                                throw new RuntimeException(e);
                            }
                        }
                        return true;
                    } catch (Throwable th) {
                        if (fileInputStream != null) {
                            try {
                                fileInputStream.close();
                            } catch (Exception e2) {
                                throw new RuntimeException(e2);
                            }
                        }
                        throw th;
                    }
                } catch (KeyStoreException e3) {
                    be.re.util.Util.printStackTrace(e3);
                    be.re.gui.util.Util.report(Util.getResource("msg_keystore_add"));
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (Exception e4) {
                            throw new RuntimeException(e4);
                        }
                    }
                    return false;
                }
            } catch (CertificateException e5) {
                be.re.util.Util.printStackTrace(e5);
                be.re.gui.util.Util.report(Util.getResource("msg_invalid_certificate"));
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (Exception e6) {
                        throw new RuntimeException(e6);
                    }
                }
                return false;
            }
        } catch (Exception e7) {
            throw new RuntimeException(e7);
        }
    }

    private static byte[] padBytes(byte[] bArr, int i) {
        if (bArr.length % i == 0) {
            return bArr;
        }
        byte[] bArr2 = new byte[bArr.length + (i - (bArr.length % i))];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        Arrays.fill(bArr2, bArr.length, bArr2.length, (byte) 0);
        return bArr2;
    }

    private static byte[] padKey(byte[] bArr, int i) {
        if (bArr.length == i) {
            return bArr;
        }
        byte[] bArr2 = new byte[i];
        System.arraycopy(bArr, 0, bArr2, 0, Math.min(i, bArr.length));
        Arrays.fill(bArr2, Math.min(i, bArr.length), i, (byte) 0);
        return bArr2;
    }

    private static byte[] readKey(File file, String str) throws Exception {
        String[] readLines = readLines(file);
        if ((!"-----BEGIN RSA PRIVATE KEY-----".equals(readLines[0]) && !"-----BEGIN DSA PRIVATE KEY-----".equals(readLines[0])) || (!"-----END RSA PRIVATE KEY-----".equals(readLines[readLines.length - 1]) && !"-----END DSA PRIVATE KEY-----".equals(readLines[readLines.length - 1]))) {
            return new byte[0];
        }
        String[] strArr = null;
        boolean z = false;
        int i = 1;
        while (i < readLines.length - 1 && !XMLConstants.DEFAULT_NS_PREFIX.equals(readLines[i]) && readLines[i].indexOf(58) != -1) {
            String trim = readLines[i].substring(0, readLines[i].indexOf(58)).trim();
            String[] values = getValues(readLines[i].substring(readLines[i].indexOf(58) + 1).trim());
            if ("Proc-Type".equals(trim)) {
                if (values.length != 2 || !"4".equals(values[0]) || !"ENCRYPTED".equals(values[1])) {
                    return new byte[0];
                }
                z = true;
            } else if ("DEK-Info".equals(trim)) {
                strArr = values;
            }
            i++;
        }
        return (!z || (strArr != null && ((strArr.length == 2 || strArr.length == 1) && (strArr.length != 2 || strArr[1].length() % 2 == 0)))) ? z ? decrypt(decode(readLines, i), strArr, str) : decode(readLines, i) : new byte[0];
    }

    private static byte[] readKey(File file) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        StreamConnector.copy(new FileInputStream(file), byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    private static String[] readLines(File file) throws IOException {
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(new FileInputStream(file), "ASCII"));
        ArrayList arrayList = new ArrayList();
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                return (String[]) arrayList.toArray(new String[0]);
            }
            arrayList.add(readLine);
        }
    }

    private void saveKeyStore() {
        File file = new File(getStorage().getAbsolutePath() + ".tmp");
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            getKeyStore().store(fileOutputStream, getPassword());
            fileOutputStream.close();
            file.renameTo(getStorage());
        } catch (Exception e) {
            file.delete();
            be.re.gui.util.Util.report(Util.getResource("msg_keystore_save"));
        }
    }

    private PrivateKey tryPrivateKey(String str, char[] cArr) throws UnrecoverableKeyException {
        try {
            Key key = getKeyStore().getKey(str, cArr);
            if (key == null || !(key instanceof PrivateKey)) {
                return null;
            }
            keyPasswords.put(str, cArr);
            return (PrivateKey) key;
        } catch (UnrecoverableKeyException e) {
            throw e;
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }
}
