package com.norconex.commons.lang.security;

import com.norconex.commons.lang.url.HttpURL;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import javax.xml.bind.DatatypeConverter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/norconex/commons/lang/security/CertificateUtil.class */
public final class CertificateUtil {
    private static final Logger LOG = LoggerFactory.getLogger(CertificateUtil.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/norconex/commons/lang/security/CertificateUtil$CertificateInterceptor.class */
    public static class CertificateInterceptor implements X509TrustManager {
        private final X509TrustManager tm;
        private X509Certificate[] chain;

        private CertificateInterceptor(X509TrustManager x509TrustManager) {
            this.tm = x509TrustManager;
        }

        public X509Certificate[] getCerts() {
            return this.chain;
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.chain = x509CertificateArr;
            this.tm.checkServerTrusted(x509CertificateArr, str);
        }
    }

    private CertificateUtil() {
    }

    public static List<X509Certificate> fetchCertificates(String str) throws GeneralSecurityException, IOException {
        HttpURL httpURL = new HttpURL(str);
        return fetchCertificates(httpURL.getHost(), httpURL.getPort());
    }

    public static List<X509Certificate> fetchCertificates(String str, int i) throws GeneralSecurityException, IOException {
        ArrayList arrayList = new ArrayList();
        fetchCertificates(arrayList, str, i, null);
        return arrayList;
    }

    public static boolean isTrusted(String str, int i, KeyStore keyStore) throws GeneralSecurityException, IOException {
        return fetchCertificates(new ArrayList(), str, i, keyStore);
    }

    public static int trustHost(String str, KeyStore keyStore) throws GeneralSecurityException, IOException {
        HttpURL httpURL = new HttpURL(str);
        return trustHost(httpURL.getHost(), httpURL.getPort(), keyStore);
    }

    public static int trustHost(String str, int i, KeyStore keyStore) throws GeneralSecurityException, IOException {
        ArrayList arrayList = new ArrayList();
        boolean fetchCertificates = fetchCertificates(arrayList, str, i, keyStore);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Fetched {} certificates: \n{}", Integer.valueOf(arrayList.size()), toString(arrayList));
        }
        if (fetchCertificates) {
            return 0;
        }
        int i2 = 0;
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            i2++;
            keyStore.setCertificateEntry(str + "-" + i2, (X509Certificate) it.next());
        }
        return arrayList.size();
    }

    public static String toString(List<X509Certificate> list) throws GeneralSecurityException {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
        MessageDigest messageDigest2 = MessageDigest.getInstance("MD5");
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < list.size(); i++) {
            X509Certificate x509Certificate = list.get(i);
            sb.append(" " + (i + 1) + " Subject " + x509Certificate.getSubjectDN() + "\n");
            sb.append("   Issuer  " + x509Certificate.getIssuerDN() + "\n");
            messageDigest.update(x509Certificate.getEncoded());
            sb.append("   sha1    " + DatatypeConverter.printHexBinary(messageDigest.digest()) + "\n");
            messageDigest2.update(x509Certificate.getEncoded());
            sb.append("   md5     " + DatatypeConverter.printHexBinary(messageDigest2.digest()) + "\n");
        }
        return sb.toString();
    }

    private static boolean fetchCertificates(List<X509Certificate> list, String str, int i, KeyStore keyStore) throws GeneralSecurityException, IOException {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        CertificateInterceptor certificateInterceptor = new CertificateInterceptor((X509TrustManager) trustManagerFactory.getTrustManagers()[0]);
        sSLContext.init(null, new TrustManager[]{certificateInterceptor}, null);
        SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
        LOG.debug("Connecting to {}:{}...", str, Integer.valueOf(i));
        boolean z = false;
        try {
            SSLSocket sSLSocket = (SSLSocket) socketFactory.createSocket(str, i);
            Throwable th = null;
            try {
                try {
                    sSLSocket.setSoTimeout(10000);
                    LOG.debug("Starting SSL handshake...");
                    sSLSocket.startHandshake();
                    LOG.debug("No errors, certificate is already trusted.");
                    z = true;
                    if (sSLSocket != null) {
                        if (0 != 0) {
                            try {
                                sSLSocket.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            sSLSocket.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (SSLException e) {
            LOG.debug("Errors. Certificate not trusted.", e);
        }
        X509Certificate[] certs = certificateInterceptor.getCerts();
        if (certs != null) {
            list.addAll(Arrays.asList(certs));
        } else {
            LOG.error("Could not obtain host certificate chain for {}:{}.", str, Integer.valueOf(i));
        }
        return z;
    }
}
