package kr.weitao.wingmix.network.tls;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.LinkedList;
import org.bouncycastle.crypto.tls.Certificate;
import org.bouncycastle.crypto.tls.CertificateRequest;
import org.bouncycastle.crypto.tls.TlsAuthentication;
import org.bouncycastle.crypto.tls.TlsCredentials;

/* loaded from: input_file:BOOT-INF/classes/kr/weitao/wingmix/network/tls/TLSAuthentication.class */
public class TLSAuthentication implements TlsAuthentication {
    protected TLSClient tlsClient;
    protected static KeyStore keyStore = null;

    public TLSAuthentication(TLSClient tLSClient) {
        this.tlsClient = tLSClient;
    }

    public void notifyServerCertificate(Certificate certificate) throws IOException {
        try {
            if (keyStore == null) {
                try {
                    keyStore = loadKeyStore();
                } catch (Exception e) {
                    throw new CertificateException("KeyStore loading failed.");
                }
            }
            KeyStore keyStore2 = keyStore;
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            LinkedList linkedList = new LinkedList();
            boolean z = false;
            for (org.bouncycastle.asn1.x509.Certificate certificate2 : certificate.getCertificateList()) {
                java.security.cert.Certificate generateCertificate = certificateFactory.generateCertificate(new ByteArrayInputStream(certificate2.getEncoded()));
                linkedList.add(generateCertificate);
                if (generateCertificate instanceof X509Certificate) {
                    X509Certificate x509Certificate = (X509Certificate) generateCertificate;
                    String name = x509Certificate.getSubjectDN().getName();
                    String name2 = x509Certificate.getIssuerDN().getName();
                    try {
                        x509Certificate.checkValidity();
                        if (name.equals(name2)) {
                            try {
                                x509Certificate.verify(x509Certificate.getPublicKey());
                                if (this.tlsClient.getTlsSocket().isSelfSignPass()) {
                                    z = true;
                                } else {
                                    System.out.println("Self signed certificate cannot pass.:" + x509Certificate.getSubjectDN());
                                }
                            } catch (Exception e2) {
                                System.out.println("Self signed certificate verification failed.:" + x509Certificate.getSubjectDN());
                                throw e2;
                            }
                        } else {
                            Enumeration<String> aliases = keyStore2.aliases();
                            X509Certificate x509Certificate2 = null;
                            while (aliases.hasMoreElements()) {
                                String nextElement = aliases.nextElement();
                                if (keyStore2.isCertificateEntry(nextElement)) {
                                    X509Certificate x509Certificate3 = (X509Certificate) keyStore2.getCertificate(nextElement);
                                    if (x509Certificate3.getIssuerDN().getName().equals(name2)) {
                                        try {
                                            x509Certificate.verify(x509Certificate3.getPublicKey());
                                            x509Certificate2 = x509Certificate3;
                                            break;
                                        } catch (Exception e3) {
                                            System.out.println("X509 keystore certificate verification failed.:" + x509Certificate3.getSubjectDN());
                                        }
                                    } else {
                                        continue;
                                    }
                                }
                            }
                            if (x509Certificate2 != null) {
                                z = true;
                            }
                        }
                    } catch (Exception e4) {
                        throw e4;
                    }
                }
            }
            if (!z) {
                System.out.println("Not trusted certificate detected.");
                throw new CertificateException("Not trusted certificate detected.:" + this.tlsClient.getHost());
            }
            ((TLSSession) this.tlsClient.getTlsSocket().getSession()).setPeerCertArray((java.security.cert.Certificate[]) linkedList.toArray(new java.security.cert.Certificate[0]));
        } catch (Exception e5) {
            e5.printStackTrace();
            throw new IOException(e5);
        }
    }

    public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {
        return null;
    }

    private KeyStore loadKeyStore() throws Exception {
        FileInputStream fileInputStream = null;
        try {
            fileInputStream = new FileInputStream(System.getProperty("java.home") + "/lib/security/cacerts".replace('/', File.separatorChar));
            KeyStore keyStore2 = null;
            String property = System.getProperty("javax.net.ssl.trustStoreType") != null ? System.getProperty("javax.net.ssl.trustStoreType") : KeyStore.getDefaultType();
            String property2 = System.getProperty("javax.net.ssl.trustStoreProvider") != null ? System.getProperty("javax.net.ssl.trustStoreProvider") : "";
            if (property.length() != 0) {
                keyStore2 = property2.length() == 0 ? KeyStore.getInstance(property) : KeyStore.getInstance(property, property2);
                String property3 = System.getProperty("javax.net.ssl.trustStorePassword") != null ? System.getProperty("javax.net.ssl.trustStorePassword") : "";
                if (property3.length() <= 0) {
                    property3 = "changeit";
                }
                char[] charArray = property3.length() != 0 ? property3.toCharArray() : null;
                keyStore2.load(fileInputStream, charArray);
                if (charArray != null) {
                    for (int i = 0; i < charArray.length; i++) {
                        charArray[i] = 0;
                    }
                }
            }
            KeyStore keyStore3 = keyStore2;
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            return keyStore3;
        } catch (Throwable th) {
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            throw th;
        }
    }
}
