package com.ibm.wbit.wdp.web.service.certificate;

import com.ibm.wbit.trace.Trace;
import com.ibm.wbit.wdp.web.service.DataPowerWebService;
import com.ibm.wbit.wdp.web.service.Messages;
import com.ibm.wbit.wdp.web.service.xml.DataPowerApplianceProperties;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.eclipse.core.runtime.IStatus;
import org.eclipse.core.runtime.Status;
import org.eclipse.osgi.util.NLS;
import org.eclipse.swt.widgets.Display;
import org.eclipse.ui.PlatformUI;

/* loaded from: input_file:com/ibm/wbit/wdp/web/service/certificate/CertificateManagement.class */
public class CertificateManagement {
    static final String COPYRIGHT = "IBM Confidential \r\n OCO Source Materials \r\n 5724-I66 \r\n (C) Copyright IBM Corporation 2007, 2011.";
    private static final Logger traceLogger = Trace.getLogger(CertificateManagement.class.getPackage().getName());
    private static final String CERTIFICATE_ALIAS_PERFIX = "com.ibm.wbit.wdp_";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.ibm.wbit.wdp.web.service.certificate.CertificateManagement$1RunnableTrustCertificateDialog, reason: invalid class name */
    /* loaded from: input_file:com/ibm/wbit/wdp/web/service/certificate/CertificateManagement$1RunnableTrustCertificateDialog.class */
    public class C1RunnableTrustCertificateDialog implements Runnable {
        public int buttonPressed = 1;
        private final /* synthetic */ X509Certificate val$x509Certificate;
        private final /* synthetic */ String val$hostname;
        private final /* synthetic */ int val$port;
        private final /* synthetic */ boolean val$validDateCertificate;
        private final /* synthetic */ boolean val$validNameCertificate;

        C1RunnableTrustCertificateDialog(X509Certificate x509Certificate, String str, int i, boolean z, boolean z2) {
            this.val$x509Certificate = x509Certificate;
            this.val$hostname = str;
            this.val$port = i;
            this.val$validDateCertificate = z;
            this.val$validNameCertificate = z2;
        }

        @Override // java.lang.Runnable
        public void run() {
            this.buttonPressed = new TrustCertificateDialog(PlatformUI.getWorkbench().getDisplay().getActiveShell(), this.val$x509Certificate, this.val$hostname, String.valueOf(this.val$port), false, this.val$validDateCertificate, this.val$validNameCertificate).open();
        }
    }

    public IStatus run(DataPowerApplianceProperties dataPowerApplianceProperties) {
        IStatus status = new Status(0, DataPowerWebService.getDefault().getBundle().getSymbolicName(), (String) null, (Throwable) null);
        if (Trace.isTracing(traceLogger, Level.INFO)) {
            Trace.entry(traceLogger, Level.INFO, new Object[]{"run"});
        }
        try {
            SSLSocket sSLSocket = (SSLSocket) DataPowerWebService.getDefault().getCustomSSLContext().getSocketFactory().createSocket(dataPowerApplianceProperties.getHostName(), Integer.parseInt(dataPowerApplianceProperties.getPort()));
            sSLSocket.setUseClientMode(true);
            sSLSocket.startHandshake();
        } catch (SSLHandshakeException unused) {
            status = handleUntrustedCertificate(dataPowerApplianceProperties);
        } catch (Exception e) {
            CertificateMgmtException certificateMgmtException = new CertificateMgmtException(e, DataPowerWebService.getDefault().getTrustStoreLocation(), null);
            DataPowerWebService.logError(certificateMgmtException, certificateMgmtException.getMessage());
            String str = DataPowerWebService.EMPTY_STRING;
            if (dataPowerApplianceProperties != null) {
                str = dataPowerApplianceProperties.getHostName();
            }
            status = new Status(4, DataPowerWebService.getDefault().getBundle().getSymbolicName(), NLS.bind(Messages.DataPower_Error_SSLHandshake, str), certificateMgmtException);
        }
        if (Trace.isTracing(traceLogger, Level.INFO)) {
            Trace.exit(traceLogger, Level.INFO, new Object[]{"run"});
        }
        return status;
    }

    private IStatus handleUntrustedCertificate(DataPowerApplianceProperties dataPowerApplianceProperties) {
        Status status = new Status(0, DataPowerWebService.getDefault().getBundle().getSymbolicName(), (String) null, (Throwable) null);
        String hostName = dataPowerApplianceProperties.getHostName();
        int parseInt = Integer.parseInt(dataPowerApplianceProperties.getPort());
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: com.ibm.wbit.wdp.web.service.certificate.CertificateManagement.1
            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }
        }};
        try {
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(null, trustManagerArr, null);
            Certificate[] peerCertificates = ((SSLSocket) sSLContext.getSocketFactory().createSocket(hostName, parseInt)).getSession().getPeerCertificates();
            if (peerCertificates.length > 0 && (peerCertificates[0] instanceof X509Certificate)) {
                X509Certificate x509Certificate = (X509Certificate) peerCertificates[0];
                C1RunnableTrustCertificateDialog c1RunnableTrustCertificateDialog = new C1RunnableTrustCertificateDialog(x509Certificate, hostName, parseInt, isCertificateDateValid(x509Certificate), isHostnameValid(x509Certificate, hostName));
                Display.getDefault().syncExec(c1RunnableTrustCertificateDialog);
                if (c1RunnableTrustCertificateDialog.buttonPressed == 0) {
                    addCertificateToTrustStore(peerCertificates[0]);
                    DataPowerWebService.getDefault().trustStoreReloadRequired();
                } else {
                    status = new Status(8, DataPowerWebService.getDefault().getBundle().getSymbolicName(), DataPowerWebService.EMPTY_STRING, new CertificateMgmtException(new SSLHandshakeException(Messages.DataPower_Error_CertificateIsNotTrustedByUser), DataPowerWebService.getDefault().getTrustStoreLocation(), null));
                }
            }
        } catch (Exception e) {
            CertificateMgmtException certificateMgmtException = new CertificateMgmtException(e, DataPowerWebService.getDefault().getTrustStoreLocation(), null);
            DataPowerWebService.logError(certificateMgmtException, certificateMgmtException.getMessage());
            String str = DataPowerWebService.EMPTY_STRING;
            if (dataPowerApplianceProperties != null) {
                str = dataPowerApplianceProperties.getHostName();
            }
            status = new Status(4, DataPowerWebService.getDefault().getBundle().getSymbolicName(), NLS.bind(Messages.DataPower_Error_SSLHandshake, str), certificateMgmtException);
        }
        return status;
    }

    private boolean isCertificateDateValid(X509Certificate x509Certificate) {
        boolean z = false;
        if (x509Certificate != null) {
            z = true;
            try {
                x509Certificate.checkValidity();
            } catch (CertificateExpiredException unused) {
                z = false;
            } catch (CertificateNotYetValidException unused2) {
                z = false;
            }
        }
        return z;
    }

    private boolean isHostnameValid(X509Certificate x509Certificate, String str) {
        String name;
        boolean z = false;
        if (x509Certificate != null && str != null && (name = x509Certificate.getSubjectDN().getName()) != null && name.contains(str)) {
            z = true;
        }
        return z;
    }

    private String addCertificateToTrustStore(Certificate certificate) throws Exception {
        if (Trace.isTracing(traceLogger, Level.INFO)) {
            Trace.entry(traceLogger, Level.INFO, new Object[]{"Adding a certificate to the JVM trust store."});
        }
        FileInputStream fileInputStream = null;
        FileOutputStream fileOutputStream = null;
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            fileInputStream = new FileInputStream(DataPowerWebService.getDefault().getTrustStoreLocation());
            keyStore.load(fileInputStream, DataPowerWebService.getDefault().getTrustStorePwd().toCharArray());
            if (Trace.isTracing(traceLogger, Level.INFO)) {
                Trace.debug(traceLogger, "addCertificateToTrustStore() - TrustStore loaded...", new Object[0]);
            }
            String str = CERTIFICATE_ALIAS_PERFIX + System.currentTimeMillis();
            keyStore.setCertificateEntry(str, certificate);
            fileInputStream.close();
            fileOutputStream = new FileOutputStream(DataPowerWebService.getDefault().getTrustStoreLocation());
            keyStore.store(fileOutputStream, DataPowerWebService.getDefault().getTrustStorePwd().toCharArray());
            if (Trace.isTracing(traceLogger, Level.INFO)) {
                Trace.debug(traceLogger, "addCertificateToTrustStore() - Certificate added to truststore under the alias " + str, new Object[]{certificate.toString()});
            }
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e) {
                    DataPowerWebService.logError(e, e.getClass().getName());
                }
            }
            if (fileOutputStream != null) {
                fileOutputStream.close();
            }
            if (Trace.isTracing(traceLogger, Level.INFO)) {
                Trace.exit(traceLogger, Level.INFO, new Object[]{"Add a certificate to the JVM trust store."});
            }
            return str;
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e2) {
                    DataPowerWebService.logError(e2, e2.getClass().getName());
                    throw th;
                }
            }
            if (fileOutputStream != null) {
                fileOutputStream.close();
            }
            throw th;
        }
    }
}
