package com.aris.modeling.client.loader.ssl;

import com.aris.modeling.client.loader.ALoaderHelper;
import com.aris.modeling.client.loader.ssl.AImportSSLCertificates;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;
import javax.swing.JOptionPane;
import sun.security.x509.X509CertImpl;

/* loaded from: input_file:com/aris/modeling/client/loader/ssl/AImportSSLCertificateTrustManager.class */
public class AImportSSLCertificateTrustManager implements X509TrustManager {
    private final AImportSSLCertificates.LoggerForImport m_loggerForImport;
    private final URL m_url;
    private final String m_sslCacertsPwd;
    private Exception m_exceptionFromImport;

    public AImportSSLCertificateTrustManager(AImportSSLCertificates.LoggerForImport loggerForImport, URL url, String str) {
        this.m_loggerForImport = loggerForImport;
        this.m_url = url;
        this.m_sslCacertsPwd = str;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            importCertificatesIntoCacertsFile(x509CertificateArr, this.m_sslCacertsPwd.toCharArray(), ALoaderHelper.getDefaultKeytoreFileForJRE(), this.m_url, this.m_loggerForImport);
        } catch (Exception e) {
            this.m_loggerForImport.logThrowable(e);
            this.m_exceptionFromImport = e;
        }
    }

    public static void importCertificatesIntoCacertsFile(X509Certificate[] x509CertificateArr, char[] cArr, File file, URL url, AImportSSLCertificates.LoggerForImport loggerForImport) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        loggerForImport.log("Importing certificates to file: " + file.getCanonicalPath());
        boolean exists = file.exists();
        keyStore.load(exists ? new FileInputStream(file) : null, cArr);
        boolean z = (exists && !file.canWrite()) || !(file.getParentFile() == null || file.getParentFile().canWrite());
        if (!exists) {
            loggerForImport.log("Certificate store file does not exist, will be created");
        }
        if (z) {
            JOptionPane.showMessageDialog(loggerForImport.getParent(), loggerForImport.getMessageCertificateFileReadOnly(file.getCanonicalPath()), loggerForImport.getMessageTitle(), 2);
            return;
        }
        int i = 0;
        for (X509Certificate x509Certificate : x509CertificateArr) {
            int i2 = i;
            i++;
            String str = "ARIS_" + url.getHost() + "_" + i2;
            loggerForImport.log("--------------- storing certificate with alias '" + str + "': ");
            loggerForImport.log("valid from:  " + x509Certificate.getNotBefore());
            loggerForImport.log("valid until: " + x509Certificate.getNotAfter());
            loggerForImport.log("issuer: " + x509Certificate.getIssuerDN());
            loggerForImport.log("subjectAlternativeNames: " + x509Certificate.getSubjectAlternativeNames());
            loggerForImport.log("algorithm name: " + x509Certificate.getSigAlgName());
            logCertificateFingerprint(loggerForImport, x509Certificate, "SHA-256");
            logCertificateFingerprint(loggerForImport, x509Certificate, "SHA-1");
            logCertificateFingerprint(loggerForImport, x509Certificate, "MD5");
            keyStore.setCertificateEntry(str, x509Certificate);
        }
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        keyStore.store(fileOutputStream, cArr);
        fileOutputStream.flush();
        fileOutputStream.close();
        loggerForImport.log("---- Certificates successfully stored.");
    }

    private static void logCertificateFingerprint(AImportSSLCertificates.LoggerForImport loggerForImport, X509Certificate x509Certificate, String str) {
        try {
            if (x509Certificate instanceof X509CertImpl) {
                loggerForImport.log("fingerprint for " + str + ": " + ((X509CertImpl) x509Certificate).getFingerprint(str));
            }
        } catch (Throwable th) {
            loggerForImport.log("-> Unable to log fingerprint for algorithm " + str);
            loggerForImport.logThrowable(th);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }

    public Exception getExceptionFromImport() {
        return this.m_exceptionFromImport;
    }
}
