package com.falc.installer.install.main;

import ch.qos.logback.core.net.ssl.SSL;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang.SystemUtils;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/falc/installer/install/main/KeystoreUtil.class */
public class KeystoreUtil {
    private final String host;
    private final Integer port;
    private final char[] passphrase;
    private static final Logger LOG = Logger.getLogger(KeystoreUtil.class);
    private static final Integer DEFAULT_TIMEOUT = 10000;
    private static final String KEYSTORE_NAME = "jssecacerts";
    private static final File KEYSTORE_FILE = new File("lib" + File.separator + KEYSTORE_NAME);
    private static final File CA_CERT_PATH = new File(SystemUtils.getJavaHome(), "lib" + File.separator + "security");

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/falc/installer/install/main/KeystoreUtil$SavingTrustManager.class */
    public static class SavingTrustManager implements X509TrustManager {
        private final X509TrustManager tm;
        private X509Certificate[] chain;

        SavingTrustManager(X509TrustManager x509TrustManager) {
            this.tm = x509TrustManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.chain = x509CertificateArr;
            this.tm.checkServerTrusted(x509CertificateArr, str);
        }
    }

    public KeystoreUtil(String str, Integer num) {
        this(str, num, SSL.DEFAULT_KEYSTORE_PASSWORD);
    }

    public KeystoreUtil(String str, Integer num, String str2) {
        this.host = str;
        this.port = num;
        this.passphrase = str2.toCharArray();
    }

    private void copyCACerts() throws IOException {
        LOG.info("Copying certificates from cacerts to " + KEYSTORE_FILE.getAbsolutePath());
        File file = new File(CA_CERT_PATH, "cacerts");
        if (!file.isFile()) {
            throw new IOException("CA certificates not found");
        }
        FileUtils.copyFile(file, KEYSTORE_FILE);
    }

    public void importServerCertificate() throws KeyStoreException, IOException, GeneralSecurityException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        if (!KEYSTORE_FILE.exists()) {
            copyCACerts();
        }
        FileInputStream fileInputStream = new FileInputStream(KEYSTORE_FILE);
        keyStore.load(fileInputStream, this.passphrase);
        fileInputStream.close();
        requestCertificate(keyStore);
    }

    private void requestCertificate(KeyStore keyStore) throws IOException, GeneralSecurityException {
        LOG.info("Requesting certificate from " + this.host);
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        SavingTrustManager savingTrustManager = new SavingTrustManager((X509TrustManager) trustManagerFactory.getTrustManagers()[0]);
        sSLContext.init(null, new TrustManager[]{savingTrustManager}, null);
        SSLSocket sSLSocket = (SSLSocket) sSLContext.getSocketFactory().createSocket(this.host, this.port.intValue());
        sSLSocket.setSoTimeout(DEFAULT_TIMEOUT.intValue());
        try {
            sSLSocket.startHandshake();
            sSLSocket.close();
        } catch (SSLException e) {
        }
        X509Certificate[] x509CertificateArr = savingTrustManager.chain;
        if (x509CertificateArr == null) {
            throw new RuntimeException("Unable to get certificate chain for " + this.host);
        }
        importObtainedCertificates(keyStore, x509CertificateArr);
        System.setProperty("javax.net.ssl.trustStore", KEYSTORE_FILE.getAbsolutePath());
    }

    private void importObtainedCertificates(KeyStore keyStore, X509Certificate[] x509CertificateArr) throws GeneralSecurityException, IOException {
        for (int i = 0; i < x509CertificateArr.length; i++) {
            keyStore.setCertificateEntry(this.host + "_" + i, x509CertificateArr[i]);
        }
        FileOutputStream fileOutputStream = new FileOutputStream(KEYSTORE_FILE);
        keyStore.store(fileOutputStream, this.passphrase);
        fileOutputStream.close();
    }
}
