package com.forgerock.opendj.cli;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.LocalizableMessageBuilder;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.util.Reject;

/* loaded from: input_file:com/forgerock/opendj/cli/PromptingTrustManager.class */
public final class PromptingTrustManager implements X509TrustManager {
    private static final LocalizedLogger LOG = LocalizedLogger.getLoggerForThisClass();
    private static final String DEFAULT_PATH = System.getProperty("user.home") + File.separator + ArgumentParser.DEFAULT_OPENDJ_CONFIG_DIR + File.separator + "keystore";
    private static final char[] DEFAULT_PASSWORD = "OpenDJ".toCharArray();
    private final KeyStore inMemoryTrustStore;
    private final KeyStore onDiskTrustStore;
    private final X509TrustManager inMemoryTrustManager;
    private final X509TrustManager onDiskTrustManager;
    private final X509TrustManager nestedTrustManager;
    private final ConsoleApplication app;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.forgerock.opendj.cli.PromptingTrustManager$1, reason: invalid class name */
    /* loaded from: input_file:com/forgerock/opendj/cli/PromptingTrustManager$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$forgerock$opendj$cli$PromptingTrustManager$TrustOption = new int[TrustOption.values().length];

        static {
            try {
                $SwitchMap$com$forgerock$opendj$cli$PromptingTrustManager$TrustOption[TrustOption.UNTRUSTED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$forgerock$opendj$cli$PromptingTrustManager$TrustOption[TrustOption.CERTIFICATE_DETAILS.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/forgerock/opendj/cli/PromptingTrustManager$TrustOption.class */
    public enum TrustOption {
        UNTRUSTED(1, CliMessages.INFO_LDAP_CONN_PROMPT_SECURITY_TRUST_OPTION_NO.get()),
        SESSION(2, CliMessages.INFO_LDAP_CONN_PROMPT_SECURITY_TRUST_OPTION_SESSION.get()),
        PERMANENT(3, CliMessages.INFO_LDAP_CONN_PROMPT_SECURITY_TRUST_OPTION_ALWAYS.get()),
        CERTIFICATE_DETAILS(4, CliMessages.INFO_LDAP_CONN_PROMPT_SECURITY_CERTIFICATE_DETAILS.get());

        private Integer choice;
        private LocalizableMessage msg;

        TrustOption(int i, LocalizableMessage localizableMessage) {
            this.choice = Integer.valueOf(i);
            this.msg = localizableMessage;
        }

        Integer getChoice() {
            return this.choice;
        }

        LocalizableMessage getMenuMessage() {
            return this.msg;
        }
    }

    public PromptingTrustManager(ConsoleApplication consoleApplication, String str, X509TrustManager x509TrustManager) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        Reject.ifNull(consoleApplication, str);
        this.app = consoleApplication;
        this.nestedTrustManager = x509TrustManager;
        this.inMemoryTrustStore = KeyStore.getInstance(KeyStore.getDefaultType());
        this.onDiskTrustStore = KeyStore.getInstance(KeyStore.getDefaultType());
        File file = new File(str);
        this.inMemoryTrustStore.load(null, null);
        if (file.exists()) {
            FileInputStream fileInputStream = new FileInputStream(file);
            try {
                this.onDiskTrustStore.load(fileInputStream, DEFAULT_PASSWORD);
                fileInputStream.close();
            } catch (Throwable th) {
                fileInputStream.close();
                throw th;
            }
        } else {
            this.onDiskTrustStore.load(null, null);
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(this.inMemoryTrustStore);
        X509TrustManager x509TrustManager2 = null;
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        int length = trustManagers.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            TrustManager trustManager = trustManagers[i];
            if (trustManager instanceof X509TrustManager) {
                x509TrustManager2 = (X509TrustManager) trustManager;
                break;
            }
            i++;
        }
        if (x509TrustManager2 == null) {
            throw new NoSuchAlgorithmException();
        }
        this.inMemoryTrustManager = x509TrustManager2;
        trustManagerFactory.init(this.onDiskTrustStore);
        X509TrustManager x509TrustManager3 = null;
        TrustManager[] trustManagers2 = trustManagerFactory.getTrustManagers();
        int length2 = trustManagers2.length;
        int i2 = 0;
        while (true) {
            if (i2 >= length2) {
                break;
            }
            TrustManager trustManager2 = trustManagers2[i2];
            if (trustManager2 instanceof X509TrustManager) {
                x509TrustManager3 = (X509TrustManager) trustManager2;
                break;
            }
            i2++;
        }
        if (x509TrustManager3 == null) {
            throw new NoSuchAlgorithmException();
        }
        this.onDiskTrustManager = x509TrustManager3;
    }

    public PromptingTrustManager(ConsoleApplication consoleApplication, X509TrustManager x509TrustManager) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        this(consoleApplication, DEFAULT_PATH, x509TrustManager);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            this.inMemoryTrustManager.checkClientTrusted(x509CertificateArr, str);
        } catch (Exception e) {
            try {
                this.onDiskTrustManager.checkClientTrusted(x509CertificateArr, str);
            } catch (Exception e2) {
                if (this.nestedTrustManager == null) {
                    checkManuallyTrusted(x509CertificateArr, e);
                    return;
                }
                try {
                    this.nestedTrustManager.checkClientTrusted(x509CertificateArr, str);
                } catch (Exception e3) {
                    checkManuallyTrusted(x509CertificateArr, e3);
                }
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            this.inMemoryTrustManager.checkServerTrusted(x509CertificateArr, str);
        } catch (Exception e) {
            try {
                this.onDiskTrustManager.checkServerTrusted(x509CertificateArr, str);
            } catch (Exception e2) {
                if (this.nestedTrustManager == null) {
                    checkManuallyTrusted(x509CertificateArr, e);
                    return;
                }
                try {
                    this.nestedTrustManager.checkServerTrusted(x509CertificateArr, str);
                } catch (Exception e3) {
                    checkManuallyTrusted(x509CertificateArr, e3);
                }
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.nestedTrustManager != null ? this.nestedTrustManager.getAcceptedIssuers() : new X509Certificate[0];
    }

    private void acceptCertificate(X509Certificate[] x509CertificateArr, boolean z) {
        if (z) {
            LOG.debug(LocalizableMessage.raw("Permanently accepting certificate chain to truststore", new Object[0]));
        } else {
            LOG.debug(LocalizableMessage.raw("Accepting certificate chain for this session", new Object[0]));
        }
        for (X509Certificate x509Certificate : x509CertificateArr) {
            try {
                String name = x509Certificate.getSubjectDN().getName();
                this.inMemoryTrustStore.setCertificateEntry(name, x509Certificate);
                if (z) {
                    this.onDiskTrustStore.setCertificateEntry(name, x509Certificate);
                }
            } catch (Exception e) {
                LOG.warn(LocalizableMessage.raw("Error setting certificate to store: " + e + "\nCert: " + x509Certificate, new Object[0]));
            }
        }
        if (z) {
            try {
                File file = new File(DEFAULT_PATH);
                if (!file.exists()) {
                    createFile(file);
                }
                FileOutputStream fileOutputStream = new FileOutputStream(file);
                this.onDiskTrustStore.store(fileOutputStream, DEFAULT_PASSWORD);
                fileOutputStream.close();
            } catch (Exception e2) {
                LOG.warn(LocalizableMessage.raw("Error saving store to disk: " + e2, new Object[0]));
            }
        }
    }

    private void checkManuallyTrusted(X509Certificate[] x509CertificateArr, Exception exc) throws CertificateException {
        this.app.println();
        this.app.println(CliMessages.INFO_LDAP_CONN_PROMPT_SECURITY_SERVER_CERTIFICATE.get());
        this.app.println();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            this.app.println(CliMessages.INFO_LDAP_CONN_SECURITY_SERVER_CERTIFICATE_USER_DN.get(x509Certificate.getSubjectDN().toString()));
            this.app.println(CliMessages.INFO_LDAP_CONN_SECURITY_SERVER_CERTIFICATE_VALIDITY.get(x509Certificate.getNotBefore().toString(), x509Certificate.getNotAfter().toString()));
            this.app.println(CliMessages.INFO_LDAP_CONN_SECURITY_SERVER_CERTIFICATE_ISSUER.get(x509Certificate.getIssuerDN().toString()));
            this.app.println();
            this.app.println();
        }
        this.app.println();
        this.app.println(CliMessages.INFO_LDAP_CONN_PROMPT_SECURITY_TRUST_OPTION.get());
        this.app.println();
        HashMap hashMap = new HashMap();
        for (TrustOption trustOption : TrustOption.values()) {
            hashMap.put(trustOption.getChoice().toString(), trustOption);
            LocalizableMessageBuilder localizableMessageBuilder = new LocalizableMessageBuilder();
            localizableMessageBuilder.append(trustOption.getChoice());
            localizableMessageBuilder.append(") ");
            localizableMessageBuilder.append(trustOption.getMenuMessage());
            this.app.println(localizableMessageBuilder.toMessage(), 2);
        }
        TrustOption trustOption2 = TrustOption.SESSION;
        LocalizableMessage localizableMessage = CliMessages.INFO_MENU_PROMPT_SINGLE.get();
        while (true) {
            try {
                try {
                    String readInput = this.app.readInput(localizableMessage, trustOption2.getChoice().toString());
                    this.app.println();
                    TrustOption trustOption3 = (TrustOption) hashMap.get(readInput.trim());
                    if (trustOption3 == null) {
                        this.app.println(CliMessages.ERR_MENU_BAD_CHOICE_SINGLE.get());
                        this.app.println();
                    } else {
                        switch (AnonymousClass1.$SwitchMap$com$forgerock$opendj$cli$PromptingTrustManager$TrustOption[trustOption3.ordinal()]) {
                            case MultiColumnPrinter.CENTER /* 1 */:
                                if (!(exc instanceof CertificateException)) {
                                    throw new CertificateException(exc);
                                }
                                throw ((CertificateException) exc);
                            case MultiColumnPrinter.RIGHT /* 2 */:
                                for (X509Certificate x509Certificate2 : x509CertificateArr) {
                                    this.app.println();
                                    this.app.println(CliMessages.INFO_LDAP_CONN_SECURITY_SERVER_CERTIFICATE.get(x509Certificate2.toString()));
                                    this.app.println();
                                }
                                break;
                            default:
                                acceptCertificate(x509CertificateArr, trustOption3 == TrustOption.PERMANENT);
                                return;
                        }
                    }
                } catch (ClientException e) {
                    throw new CertificateException(exc);
                }
            } finally {
                this.app.println();
            }
        }
    }

    private boolean createFile(File file) throws IOException {
        boolean z = false;
        if (file != null) {
            File parentFile = file.getParentFile();
            if (!parentFile.exists()) {
                parentFile.mkdirs();
            }
            z = file.createNewFile();
        }
        return z;
    }
}
