package org.eclipse.scout.jaxws.security;

import java.io.BufferedInputStream;
import java.io.BufferedWriter;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FilenameFilter;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringWriter;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.LinkedList;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.eclipse.scout.commons.exception.ProcessingException;
import org.eclipse.scout.commons.logger.IScoutLogger;
import org.eclipse.scout.commons.logger.ScoutLogManager;
import org.eclipse.scout.rt.shared.services.common.file.IRemoteFileService;
import org.eclipse.scout.rt.shared.services.common.file.RemoteFile;
import org.eclipse.scout.service.AbstractService;
import org.eclipse.scout.service.SERVICES;

/* loaded from: input_file:org/eclipse/scout/jaxws/security/GlobalTrustManagerService.class */
public class GlobalTrustManagerService extends AbstractService {
    private static final IScoutLogger LOG = ScoutLogManager.getLogger(GlobalTrustManagerService.class);
    private static final String PATH_CERTS = "/certificates";

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/eclipse/scout/jaxws/security/GlobalTrustManagerService$P_GlobalTrustManager.class */
    public class P_GlobalTrustManager implements X509TrustManager {
        private TrustManager[] m_installedTrustManagers;
        private X509Certificate[] m_trustedCerts;

        public P_GlobalTrustManager(X509Certificate[] x509CertificateArr, String str) throws Exception {
            if (x509CertificateArr != null) {
                this.m_trustedCerts = x509CertificateArr;
            } else {
                this.m_trustedCerts = new X509Certificate[0];
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str);
            trustManagerFactory.init((KeyStore) null);
            this.m_installedTrustManagers = trustManagerFactory.getTrustManagers();
            if (this.m_installedTrustManagers == null) {
                this.m_installedTrustManagers = new TrustManager[0];
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            for (TrustManager trustManager : this.m_installedTrustManagers) {
                if (trustManager instanceof X509TrustManager) {
                    try {
                        ((X509TrustManager) trustManager).checkClientTrusted(x509CertificateArr, str);
                    } catch (CertificateException e) {
                        GlobalTrustManagerService.LOG.error("certificate not trusted.", e);
                        throw e;
                    }
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                if (x509Certificate != null) {
                    for (X509Certificate x509Certificate2 : this.m_trustedCerts) {
                        if (x509Certificate2 != null) {
                            try {
                                x509Certificate.verify(x509Certificate2.getPublicKey());
                                x509Certificate.checkValidity();
                                return;
                            } catch (GeneralSecurityException e) {
                            }
                        }
                    }
                }
            }
            for (TrustManager trustManager : this.m_installedTrustManagers) {
                if (trustManager instanceof X509TrustManager) {
                    try {
                        ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, str);
                    } catch (CertificateException e2) {
                        GlobalTrustManagerService.LOG.error("certificate not trusted.", e2);
                        throw e2;
                    }
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            X509Certificate[] acceptedIssuers;
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(Arrays.asList(this.m_trustedCerts));
            for (TrustManager trustManager : this.m_installedTrustManagers) {
                if ((trustManager instanceof X509TrustManager) && (acceptedIssuers = ((X509TrustManager) trustManager).getAcceptedIssuers()) != null && acceptedIssuers.length > 0) {
                    arrayList.addAll(Arrays.asList(acceptedIssuers));
                }
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        }

        private String printCertificates(X509Certificate[] x509CertificateArr) {
            StringWriter stringWriter = new StringWriter();
            BufferedWriter bufferedWriter = new BufferedWriter(stringWriter);
            for (X509Certificate x509Certificate : x509CertificateArr) {
                try {
                    bufferedWriter.write(x509Certificate.toString());
                    bufferedWriter.newLine();
                } catch (IOException e) {
                    GlobalTrustManagerService.LOG.warn("Error while printing certificates.", e);
                }
            }
            return stringWriter.getBuffer().toString();
        }
    }

    public void installGlobalTrustManager() throws ProcessingException {
        installGlobalTrustManager("TLS", TrustManagerFactory.getDefaultAlgorithm());
    }

    public void installGlobalTrustManager(String str, String str2) throws ProcessingException {
        try {
            X509TrustManager createGlobalTrustManager = createGlobalTrustManager(str2, getTrustedCertificates());
            SSLContext sSLContext = SSLContext.getInstance(str);
            sSLContext.init(null, new TrustManager[]{createGlobalTrustManager}, new SecureRandom());
            SSLContext.setDefault(sSLContext);
        } catch (Exception e) {
            throw new ProcessingException("could not install global trust manager.", e);
        }
    }

    protected X509Certificate[] getTrustedCertificates() throws IOException, CertificateException {
        LinkedList linkedList = new LinkedList();
        try {
            RemoteFile[] remoteFiles = ((IRemoteFileService) SERVICES.getService(IRemoteFileService.class)).getRemoteFiles(PATH_CERTS, new FilenameFilter() { // from class: org.eclipse.scout.jaxws.security.GlobalTrustManagerService.1
                @Override // java.io.FilenameFilter
                public boolean accept(File file, String str) {
                    return str.toLowerCase().endsWith(".der");
                }
            }, (RemoteFile[]) null);
            if (remoteFiles.length == 0) {
                LOG.warn("No certificates to trust in folder '/certificates' could be found.");
            }
            for (RemoteFile remoteFile : remoteFiles) {
                try {
                    LOG.info("Trusted certificate '" + remoteFile.getName() + "' found.");
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    remoteFile.writeData(byteArrayOutputStream);
                    linkedList.add(readX509Cert(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())));
                    LOG.info("Trusted certificate '" + remoteFile.getName() + "' successfully installed.");
                } catch (Exception e) {
                    LOG.info("Failed to install trusted certificate '" + remoteFile.getName() + "'.");
                }
            }
        } catch (ProcessingException e2) {
            LOG.error("Could not access folder '/certificates' to import trusted certificates.", e2);
        }
        return (X509Certificate[]) linkedList.toArray(new X509Certificate[linkedList.size()]);
    }

    protected X509TrustManager createGlobalTrustManager(String str, X509Certificate[] x509CertificateArr) throws Exception {
        return new P_GlobalTrustManager(x509CertificateArr, str);
    }

    private X509Certificate readX509Cert(InputStream inputStream) throws CertificateException, IOException {
        X509Certificate x509Certificate;
        BufferedInputStream bufferedInputStream = new BufferedInputStream(inputStream);
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        X509Certificate x509Certificate2 = null;
        while (true) {
            x509Certificate = x509Certificate2;
            if (bufferedInputStream.available() <= 0) {
                try {
                    break;
                } catch (IOException e) {
                    LOG.warn("could not close input stream for certificate");
                }
            } else {
                x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(bufferedInputStream);
            }
        }
        bufferedInputStream.close();
        return x509Certificate;
    }
}
