package com.ibm.rational.clearcase.remote_core.rpc;

import com.ibm.icu.impl.locale.BaseLocale;
import com.ibm.rational.clearcase.remote_core.util.CCLog;
import com.ibm.rational.stp.cs.internal.util.HttpUrl;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.httpclient.protocol.Protocol;
import org.apache.commons.httpclient.protocol.ProtocolSocketFactory;

/* loaded from: input_file:remote_core.jar:com/ibm/rational/clearcase/remote_core/rpc/CCX509TrustManager.class */
public class CCX509TrustManager implements X509TrustManager {
    private static final String homeKeyStoreName = ".keystore";
    private static final String ccrcKeyStoreName = ".keystore_clearcase";
    private KeyStore m_sessionTrustStore;
    private SSLContext m_sslContext;
    private SSLSocketFactory m_sslSocketFactory;
    X509TrustManager m_defaultX509TrustManager;
    private CertListener m_certListener;
    private KeyStore m_trustStore;
    private static CCX509TrustManager tmSingleton = null;
    private static final char[] ccrcTrustStorePasswd = {'r', 'a', 't', 'i', 'o', 'n', 'a', 'l'};
    private int aliasNum = 0;
    private boolean loadedTrustStore = false;

    /* loaded from: input_file:remote_core.jar:com/ibm/rational/clearcase/remote_core/rpc/CCX509TrustManager$CertListener.class */
    public interface CertListener {
        public static final int CertNotTrusted = 1;
        public static final int CertDateOutOfRange = 2;
        public static final int CertNameMismatch = 4;
        public static final int CertRejected = 0;
        public static final int CertOK = 1;
        public static final int CertOKInstall = 2;

        int certProblem(X509Certificate x509Certificate, int i, CertificateException certificateException);
    }

    private CCX509TrustManager() throws NoSuchAlgorithmException, NoSuchProviderException, KeyManagementException, KeyStoreException {
        TrustManagerFactory trustManagerFactory;
        this.m_trustStore = null;
        try {
            trustManagerFactory = TrustManagerFactory.getInstance("IbmX509");
        } catch (NoSuchAlgorithmException e) {
            trustManagerFactory = null;
        }
        trustManagerFactory = trustManagerFactory == null ? TrustManagerFactory.getInstance("SunX509") : trustManagerFactory;
        this.m_trustStore = KeyStore.getInstance("JKS");
        this.m_sessionTrustStore = KeyStore.getInstance("JKS");
        try {
            this.m_trustStore.load(null, null);
            this.m_sessionTrustStore.load(null, null);
        } catch (Exception e2) {
        }
        loadTrustStore();
        trustManagerFactory.init(this.m_trustStore);
        this.m_defaultX509TrustManager = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
        this.m_sslContext = SSLContext.getInstance("TLSv1.2");
        this.m_sslContext.init(null, new TrustManager[]{this}, null);
        this.m_sslSocketFactory = this.m_sslContext.getSocketFactory();
        Protocol.registerProtocol(HttpUrl.SCHEME_HTTPS, new Protocol(HttpUrl.SCHEME_HTTPS, (ProtocolSocketFactory) CCSSLProtocolSocketFactory.getProtocolSocketFactory(this.m_sslSocketFactory), 443));
    }

    public static synchronized void initTrustManager(CertListener certListener) throws NoSuchAlgorithmException, NoSuchProviderException, KeyManagementException, KeyStoreException {
        if (tmSingleton == null) {
            tmSingleton = new CCX509TrustManager();
        }
        tmSingleton.m_certListener = certListener;
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.m_defaultX509TrustManager.getAcceptedIssuers();
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.m_defaultX509TrustManager.checkClientTrusted(x509CertificateArr, str);
    }

    /* JADX WARN: Removed duplicated region for block: B:15:0x0047  */
    /* JADX WARN: Removed duplicated region for block: B:29:0x0090 A[RETURN] */
    @Override // javax.net.ssl.X509TrustManager
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void checkServerTrusted(java.security.cert.X509Certificate[] r6, java.lang.String r7) throws java.security.cert.CertificateException {
        /*
            r5 = this;
            r0 = 0
            r8 = r0
            r0 = 0
            r9 = r0
            r0 = r5
            java.security.KeyStore r0 = r0.m_sessionTrustStore     // Catch: java.security.KeyStoreException -> L1a
            r1 = r6
            r2 = 0
            r1 = r1[r2]     // Catch: java.security.KeyStoreException -> L1a
            java.lang.String r0 = r0.getCertificateAlias(r1)     // Catch: java.security.KeyStoreException -> L1a
            r10 = r0
            r0 = r10
            if (r0 == 0) goto L17
            return
        L17:
            goto L1c
        L1a:
            r10 = move-exception
        L1c:
            r0 = r5
            javax.net.ssl.X509TrustManager r0 = r0.m_defaultX509TrustManager     // Catch: java.security.cert.CertificateExpiredException -> L28 java.security.cert.CertificateNotYetValidException -> L31 java.security.cert.CertificateException -> L3a
            r1 = r6
            r2 = r7
            r0.checkServerTrusted(r1, r2)     // Catch: java.security.cert.CertificateExpiredException -> L28 java.security.cert.CertificateNotYetValidException -> L31 java.security.cert.CertificateException -> L3a
            return
        L28:
            r10 = move-exception
            r0 = r8
            r1 = 2
            r0 = r0 | r1
            r8 = r0
            goto L40
        L31:
            r10 = move-exception
            r0 = r8
            r1 = 2
            r0 = r0 | r1
            r8 = r0
            goto L40
        L3a:
            r10 = move-exception
            r0 = r10
            r9 = r0
        L40:
            r0 = r5
            com.ibm.rational.clearcase.remote_core.rpc.CCX509TrustManager$CertListener r0 = r0.m_certListener
            if (r0 == 0) goto L90
            r0 = r5
            com.ibm.rational.clearcase.remote_core.rpc.CCX509TrustManager$CertListener r0 = r0.m_certListener
            r1 = r6
            r2 = 0
            r1 = r1[r2]
            r2 = r8
            r3 = r9
            int r0 = r0.certProblem(r1, r2, r3)
            r10 = r0
            r0 = r10
            if (r0 == 0) goto L86
            r0 = r5
            r1 = r6
            r2 = 0
            r1 = r1[r2]     // Catch: java.security.cert.CertificateException -> L6b
            r2 = r5
            java.security.KeyStore r2 = r2.m_sessionTrustStore     // Catch: java.security.cert.CertificateException -> L6b
            r0.addToTrustStore(r1, r2)     // Catch: java.security.cert.CertificateException -> L6b
            goto L78
        L6b:
            r11 = move-exception
            r0 = r5
            java.lang.Class r0 = r0.getClass()
            java.lang.String r1 = "Unable to install certificate into temporary keystore."
            r2 = r11
            com.ibm.rational.clearcase.remote_core.util.CCLog.logWarning(r0, r1, r2)
        L78:
            r0 = r10
            r1 = 2
            if (r0 != r1) goto L85
            r0 = r5
            r1 = r6
            r2 = 0
            r1 = r1[r2]
            r0.installCertificate(r1)
        L85:
            return
        L86:
            java.security.cert.CertificateException r0 = new java.security.cert.CertificateException
            r1 = r0
            java.lang.String r2 = "User rejected certificate."
            r1.<init>(r2)
            throw r0
        L90:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.rational.clearcase.remote_core.rpc.CCX509TrustManager.checkServerTrusted(java.security.cert.X509Certificate[], java.lang.String):void");
    }

    private String generateAliasString(String str) {
        if (str == null) {
            return "nocn";
        }
        int indexOf = str.indexOf("CN=");
        if (indexOf < 0) {
            return "nocn";
        }
        int i = indexOf + 3;
        int i2 = i;
        while (i2 < str.length() && (Character.isLetterOrDigit(str.charAt(i2)) || str.charAt(i2) == '.')) {
            i2++;
        }
        return i2 == i ? "emptycn" : str.substring(i, i2);
    }

    /* JADX WARN: Code restructure failed: missing block: B:11:0x004c, code lost:
    
        r7.setCertificateEntry(r9, r6);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void addToTrustStore(java.security.cert.X509Certificate r6, java.security.KeyStore r7) throws java.security.cert.CertificateException {
        /*
            r5 = this;
            r0 = r5
            r1 = r6
            java.security.Principal r1 = r1.getSubjectDN()
            java.lang.String r1 = r1.getName()
            java.lang.String r0 = r0.generateAliasString(r1)
            r8 = r0
            r0 = r8
            r9 = r0
            java.util.Random r0 = new java.util.Random
            r1 = r0
            r1.<init>()
            r10 = r0
            r0 = 10
            r11 = r0
            r0 = 0
            r12 = r0
        L21:
            r0 = r12
            r1 = 10
            if (r0 >= r1) goto L5c
            r0 = r7
            r1 = r9
            boolean r0 = r0.containsAlias(r1)     // Catch: java.security.KeyStoreException -> L5f
            if (r0 == 0) goto L4c
            java.lang.StringBuilder r0 = new java.lang.StringBuilder     // Catch: java.security.KeyStoreException -> L5f
            r1 = r0
            r1.<init>()     // Catch: java.security.KeyStoreException -> L5f
            r1 = r8
            java.lang.StringBuilder r0 = r0.append(r1)     // Catch: java.security.KeyStoreException -> L5f
            r1 = r10
            int r1 = r1.nextInt()     // Catch: java.security.KeyStoreException -> L5f
            java.lang.StringBuilder r0 = r0.append(r1)     // Catch: java.security.KeyStoreException -> L5f
            java.lang.String r0 = r0.toString()     // Catch: java.security.KeyStoreException -> L5f
            r9 = r0
            goto L56
        L4c:
            r0 = r7
            r1 = r9
            r2 = r6
            r0.setCertificateEntry(r1, r2)     // Catch: java.security.KeyStoreException -> L5f
            goto L5c
        L56:
            int r12 = r12 + 1
            goto L21
        L5c:
            goto L80
        L5f:
            r13 = move-exception
            java.security.cert.CertificateException r0 = new java.security.cert.CertificateException
            r1 = r0
            java.lang.StringBuilder r2 = new java.lang.StringBuilder
            r3 = r2
            r3.<init>()
            java.lang.String r3 = "Unable to install certificate: "
            java.lang.StringBuilder r2 = r2.append(r3)
            r3 = r13
            java.lang.String r3 = r3.toString()
            java.lang.StringBuilder r2 = r2.append(r3)
            java.lang.String r2 = r2.toString()
            r1.<init>(r2)
            throw r0
        L80:
            r0 = r12
            r1 = 10
            if (r0 < r1) goto L91
            java.security.cert.CertificateException r0 = new java.security.cert.CertificateException
            r1 = r0
            java.lang.String r2 = "Cannot install certificate because failed to create unique alias for certificate."
            r1.<init>(r2)
            throw r0
        L91:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.rational.clearcase.remote_core.rpc.CCX509TrustManager.addToTrustStore(java.security.cert.X509Certificate, java.security.KeyStore):void");
    }

    private void installCertificate(X509Certificate x509Certificate) throws CertificateException {
        String cCRCTrustStorePath = getCCRCTrustStorePath();
        File file = new File(cCRCTrustStorePath);
        try {
            KeyStore readKeyStore = readKeyStore(file);
            if (readKeyStore == null) {
                readKeyStore = KeyStore.getInstance("JKS");
                readKeyStore.load(null, null);
            }
            addToTrustStore(x509Certificate, readKeyStore);
            try {
                readKeyStore.store(new BufferedOutputStream(new FileOutputStream(file)), ccrcTrustStorePasswd);
            } catch (Exception e) {
                throw new CertificateException("Unable to write certificate to keystore file " + cCRCTrustStorePath + ProtocolConstant.LF + e.toString());
            }
        } catch (Exception e2) {
            throw new CertificateException("Unable to read certificate keystore file " + cCRCTrustStorePath + ": " + e2.toString());
        }
    }

    private String getCCRCTrustStorePath() {
        return System.getProperty("user.home") + System.getProperty("file.separator") + ccrcKeyStoreName;
    }

    private synchronized void loadTrustStore() {
        String str;
        if (this.loadedTrustStore) {
            return;
        }
        this.loadedTrustStore = true;
        String property = System.getProperty("javax.net.ssl.trustStore");
        String property2 = System.getProperty("user.home");
        String property3 = System.getProperty("java.home");
        String property4 = System.getProperty("file.separator");
        try {
            String cCRCTrustStorePath = getCCRCTrustStorePath();
            readTrustStore(cCRCTrustStorePath);
            String str2 = property2 + property4 + homeKeyStoreName;
            readTrustStore(str2);
            String str3 = cCRCTrustStorePath + ':' + str2;
            if (property != null) {
                readTrustStore(property);
                str = str3 + ':' + property;
            } else {
                String str4 = property3 + property4 + "lib" + property4 + "security";
                String str5 = str4 + property4 + "jssecacerts";
                readTrustStore(str5);
                String str6 = str3 + ':' + str5;
                String str7 = str4 + property4 + "cacerts";
                readTrustStore(str7);
                str = str6 + ':' + str7;
            }
            if (this.m_trustStore == null) {
                CCLog.logWarning(getClass(), "Unable to locate any trusted certificate keystores in the following path: " + str, null);
            }
        } catch (CertificateException e) {
            CCLog.logWarning(getClass(), "Unable to find local security certificates.", e);
        }
    }

    private void readTrustStore(String str) throws CertificateException {
        File file = new File(str);
        try {
            KeyStore readKeyStore = readKeyStore(file);
            if (readKeyStore == null) {
                return;
            }
            String str2 = file.getName() + BaseLocale.SEP;
            try {
                Enumeration<String> aliases = readKeyStore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    if (readKeyStore.isCertificateEntry(nextElement)) {
                        Certificate certificate = readKeyStore.getCertificate(nextElement);
                        KeyStore keyStore = this.m_trustStore;
                        StringBuilder append = new StringBuilder().append(str2);
                        int i = this.aliasNum;
                        this.aliasNum = i + 1;
                        keyStore.setCertificateEntry(append.append(i).append('_').append(nextElement).toString(), certificate);
                    }
                }
            } catch (KeyStoreException e) {
                CCLog.logWarning(getClass(), "Unable to merge trusted certificate keystores: " + e.toString(), null);
            }
        } catch (Exception e2) {
            throw new CertificateException("Unable to read any trusted certificate keystores: " + e2.toString());
        }
    }

    private KeyStore readKeyStore(File file) throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException {
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            KeyStore keyStore = KeyStore.getInstance("JKS");
            try {
                keyStore.load(fileInputStream, null);
                fileInputStream.close();
            } catch (IOException e) {
                CCLog.logWarning(getClass(), "I/O problem while reading keystore file \"" + file.getPath() + '\"', e);
            } catch (CertificateException e2) {
                CCLog.logWarning(getClass(), "Unable to read some certificates from keystore file \"" + file.getPath() + '\"', e2);
            }
            return keyStore;
        } catch (FileNotFoundException e3) {
            return null;
        }
    }
}
