package ifs.fnd.connect.security;

import ifs.fnd.base.IfsException;
import ifs.fnd.base.SystemException;
import ifs.fnd.log.LogMgr;
import ifs.fnd.log.Logger;
import ifs.fnd.util.Str;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.URL;
import java.net.URLConnection;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.util.Enumeration;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:ifs/fnd/connect/security/SslAuthenticator.class */
public final class SslAuthenticator {
    private final String keyStoreFile;
    private final char[] keyStorePwd;
    private final String keyStoreId;
    private final String keyStoreType;
    private String trustStoreFile;
    private char[] trustStorePwd;
    private String trustStoreType;
    private final Logger log;

    public SslAuthenticator() {
        this.trustStoreFile = null;
        this.trustStorePwd = null;
        this.trustStoreType = null;
        this.log = LogMgr.getSecurityLogger();
        this.keyStoreFile = null;
        this.keyStorePwd = null;
        this.keyStoreId = null;
        this.keyStoreType = null;
    }

    public SslAuthenticator(String str, String str2, String str3) throws IfsException {
        this.trustStoreFile = null;
        this.trustStorePwd = null;
        this.trustStoreType = null;
        this.log = LogMgr.getSecurityLogger();
        if (Str.isEmpty(str)) {
            throw new SystemException("File name must not be empty", new String[0]);
        }
        this.keyStoreFile = str;
        this.keyStorePwd = str2 == null ? null : str2.toCharArray();
        this.keyStoreId = null;
        this.keyStoreType = Str.isEmpty(str3) ? "PKCS12" : str3;
    }

    public SslAuthenticator(String str) throws IfsException {
        this.trustStoreFile = null;
        this.trustStorePwd = null;
        this.trustStoreType = null;
        this.log = LogMgr.getSecurityLogger();
        if (Str.isEmpty(str)) {
            throw new SystemException("Key store ID must not be empty", new String[0]);
        }
        this.keyStoreFile = null;
        this.keyStorePwd = ConnectSecurityManager.newInstance().getInstallationPassword().toCharArray();
        this.keyStoreId = str;
        this.keyStoreType = "PKCS12";
    }

    public void defineTrustStore(String str, String str2, String str3) throws SystemException {
        if (Str.isEmpty(str)) {
            throw new SystemException("File name must not be empty", new String[0]);
        }
        this.trustStoreFile = str;
        this.trustStorePwd = str2 == null ? null : str2.toCharArray();
        this.trustStoreType = Str.isEmpty(str3) ? "JKS" : str3;
    }

    public HttpsURLConnection getHttpsURLConnection(String str) throws IOException, IfsException {
        URL url = new URL(str);
        URLConnection openConnection = url.openConnection();
        if (this.log.debug) {
            this.log.debug("Connection class for protocol &1: &2", new Object[]{url.getProtocol(), openConnection.getClass().getName()});
        }
        if (!(openConnection instanceof HttpsURLConnection)) {
            throw new SystemException("Unsupported protocol [&1]", new String[]{url.getProtocol()});
        }
        if (this.log.debug) {
            this.log.debug("Creating HTTPS connection...", new Object[0]);
        }
        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) openConnection;
        if (this.keyStoreId != null || this.keyStoreFile != null || this.trustStoreFile != null) {
            if (this.log.debug) {
                this.log.debug("Defining mutual authentication and/or trust store... ", new Object[0]);
            }
            httpsURLConnection.setSSLSocketFactory(getSslSocketFactory());
        }
        if (!"true".equals(System.getProperty("ssl.verify_hostname", "true"))) {
            httpsURLConnection.setHostnameVerifier(new HostnameVerifier() { // from class: ifs.fnd.connect.security.SslAuthenticator.1
                @Override // javax.net.ssl.HostnameVerifier
                public boolean verify(String str2, SSLSession sSLSession) {
                    return true;
                }
            });
        }
        return httpsURLConnection;
    }

    private SSLSocketFactory getSslSocketFactory() throws IfsException {
        try {
            KeyManager[] createKeyManagers = createKeyManagers();
            TrustManager[] createTrustManagers = createTrustManagers();
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(createKeyManagers, createTrustManagers, null);
            return sSLContext.getSocketFactory();
        } catch (IOException | GeneralSecurityException e) {
            throw new SystemException(e, "Exception while obtaining SSL socket factory", new String[0]);
        }
    }

    private KeyStore getKeyStore(String str, String str2, char[] cArr, String str3) throws IOException, GeneralSecurityException, IfsException {
        if (str == null && str2 == null) {
            return null;
        }
        KeyStore keyStore = KeyStore.getInstance(str3);
        keyStore.load(str != null ? new ByteArrayInputStream(KeystoreManager.newInstance().getUserKeystore(str, "*")) : new FileInputStream(str2), cArr);
        if (this.log.debug) {
            Logger logger = this.log;
            Object[] objArr = new Object[4];
            objArr[0] = str3;
            objArr[1] = str != null ? "repository" : "file";
            objArr[2] = str != null ? str : str2;
            objArr[3] = debugKeystoreInfo(keyStore);
            logger.debug("KeyStore of type [&1] read from &2 [&3]:\n&4", objArr);
        }
        return keyStore;
    }

    private KeyManager[] createKeyManagers() throws IOException, GeneralSecurityException, IfsException {
        KeyStore keyStore = getKeyStore(this.keyStoreId, this.keyStoreFile, this.keyStorePwd, this.keyStoreType);
        if (keyStore == null) {
            return null;
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, this.keyStorePwd);
        for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
            if (keyManager instanceof X509KeyManager) {
                return new KeyManager[]{keyManager};
            }
        }
        throw new SystemException("x509KeyManager not found", new String[0]);
    }

    private TrustManager[] createTrustManagers() throws GeneralSecurityException, IfsException, IOException {
        KeyStore keyStore = getKeyStore(null, this.trustStoreFile, this.trustStorePwd, this.trustStoreType);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if (trustManager instanceof X509TrustManager) {
                return new TrustManager[]{trustManager};
            }
        }
        throw new SystemException("x509TrustManager not found", new String[0]);
    }

    private String debugKeystoreInfo(KeyStore keyStore) throws KeyStoreException {
        StringBuilder sb = new StringBuilder();
        sb.append("Provider : ").append(keyStore.getProvider().getName()).append('\n');
        sb.append("Type : ").append(keyStore.getType()).append('\n');
        sb.append("Size : ").append(keyStore.size()).append('\n');
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            sb.append("Alias: ").append((Object) aliases.nextElement()).append('\n');
        }
        return sb.toString();
    }
}
