package defpackage;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Iterator;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.DefaultParser;
import org.apache.commons.cli.HelpFormatter;
import org.apache.commons.cli.Option;
import org.apache.commons.cli.Options;
import org.apache.commons.cli.ParseException;
import org.openas2.cert.PKCS12CertificateFactory;
import org.openas2.cmd.CommandResult;
import org.openas2.processor.receiver.NetModule;
import org.openas2.util.HTTPUtil;
import org.openas2.util.ResponseWrapper;

/* loaded from: input_file:CheckCertificate.class */
public class CheckCertificate {
    public static final String HOST = "s";
    public static final String PORT = "p";
    public static final String URI = "u";
    public static final String CACERT = "c";
    public static final String PASSWORD = "P";
    public static final String DEBUG = "d";
    public static final String AUTH_USER = "a";
    public static final String AUTH_PWD = "A";
    public static final String HELP_OPT = "h";
    private String auth_user = null;
    private String auth_pwd = null;
    public String[][] opts = {new String[]{HOST, "server", "true", "true", "the target host name"}, new String[]{URI, "uri", "true", "false", "URI part of the connection"}, new String[]{PORT, NetModule.PARAM_PORT, "true", "false", "target server port"}, new String[]{CACERT, "cacert", "true", "false", "Java keystore file to create if cert chain not present in Java keystore"}, new String[]{PASSWORD, PKCS12CertificateFactory.PARAM_PASSWORD, "true", "false", "password for Keystore if not 'changeit'"}, new String[]{DEBUG, "debug", "true", "false", "Enabling debug logging"}, new String[]{AUTH_USER, "authuser", "true", "false", "Basic auth user"}, new String[]{AUTH_PWD, "authpwd", "true", "false", "Basic auth password"}, new String[]{HELP_OPT, "help", "false", "false", "print this help"}};

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:CheckCertificate$SavingTrustManager.class */
    public static class SavingTrustManager implements X509TrustManager {
        private final X509TrustManager tm;
        private X509Certificate[] chain;

        SavingTrustManager(X509TrustManager x509TrustManager) {
            this.tm = x509TrustManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.tm.getAcceptedIssuers();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.tm.checkClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.chain = x509CertificateArr;
            this.tm.checkServerTrusted(x509CertificateArr, str);
        }
    }

    private void usage(Options options) {
        new HelpFormatter().printHelp(getClass().getName(), "Checks SSL connectivity.\nTries to connect to the remote server and establish a connection.", options, "Good luck!", true);
    }

    private CommandLine parseCommandLine(String[] strArr) {
        DefaultParser defaultParser = new DefaultParser();
        Options options = new Options();
        for (String[] strArr2 : this.opts) {
            Option build = Option.builder(strArr2[0]).longOpt(strArr2[1]).hasArg("true".equalsIgnoreCase(strArr2[2])).desc(strArr2[4]).build();
            build.setRequired("true".equalsIgnoreCase(strArr2[3]));
            options.addOption(build);
        }
        CommandLine commandLine = null;
        try {
            commandLine = defaultParser.parse(options, strArr);
        } catch (ParseException e) {
            System.out.println("Unexpected exception:" + e.getMessage());
            usage(options);
        }
        return commandLine;
    }

    public int CheckCertStore(String str, int i, String str2, String str3, String str4) throws Exception {
        String message;
        if (str4 == null || str4.length() < 1) {
            str4 = "changeit";
        }
        char[] charArray = str4.toCharArray();
        File file = new File(str3);
        if (!file.isFile()) {
            char c = File.separatorChar;
            File file2 = new File(System.getProperty("java.home") + c + "lib" + c + "security");
            if (!file2.isDirectory()) {
                file2 = new File(System.getProperty("java.home") + c + "jre" + c + "lib" + c + "security");
            }
            if (!file2.isDirectory()) {
                throw new Exception("The JSSE folder could not be identified. Please check that JSSE is installed.");
            }
            file = new File(file2, "jssecacerts");
            if (!file.isFile()) {
                file = new File(file2, "cacerts");
            }
        }
        FileInputStream fileInputStream = new FileInputStream(file);
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(fileInputStream, charArray);
        fileInputStream.close();
        try {
            SSLSocket sSLSocket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(str, i);
            String[] protocols = sSLSocket.getSSLParameters().getProtocols();
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            X509TrustManager x509TrustManager = null;
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            int length = trustManagers.length;
            int i2 = 0;
            while (true) {
                if (i2 >= length) {
                    break;
                }
                TrustManager trustManager = trustManagers[i2];
                if (trustManager instanceof X509TrustManager) {
                    x509TrustManager = (X509TrustManager) trustManager;
                    break;
                }
                i2++;
            }
            SavingTrustManager savingTrustManager = new SavingTrustManager(x509TrustManager);
            String str5 = "";
            int i3 = 0;
            while (true) {
                if (i3 >= protocols.length) {
                    break;
                }
                try {
                    SSLContext sSLContext = SSLContext.getInstance(protocols[i3]);
                    System.out.println("Adding KeyManager for possible HTTP AUTH...");
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
                    keyManagerFactory.init(keyStore, charArray);
                    sSLContext.init(keyManagerFactory.getKeyManagers(), new TrustManager[]{savingTrustManager}, null);
                    try {
                        sSLSocket = (SSLSocket) sSLContext.getSocketFactory().createSocket(str, i);
                        System.out.println("Set SSLContext using protocol: " + protocols[i3]);
                        break;
                    } catch (IOException e) {
                        message = e.getMessage();
                    } catch (Exception e2) {
                        throw new Exception(e2);
                    }
                } catch (NoSuchAlgorithmException e3) {
                    message = e3.getMessage();
                }
                str5 = message;
                i3++;
            }
            if (sSLSocket == null) {
                throw new Exception("Failed to connect to remote system:  " + str5);
            }
            try {
                sSLSocket.setSoTimeout(10000);
                System.out.println("\n\t\t**** Starting SSL handshake...");
                sSLSocket.startHandshake();
                if (!sSLSocket.isClosed()) {
                    sSLSocket.close();
                }
                checkUsingApacheHttp(str, i, str2, str3, str4);
                System.out.println("No errors, certificate is already trusted");
                return 0;
            } catch (SSLHandshakeException e4) {
                e4.printStackTrace(System.out);
                System.out.println("\nException caught starting SSL handshake so trying to set up a local certificate store with trust chain....\n\n");
                checkUsingApacheHttp(str, i, str2, str3, str4);
                X509Certificate[] x509CertificateArr = savingTrustManager.chain;
                if (x509CertificateArr == null) {
                    throw new Exception("Could not obtain server certificate chain");
                }
                System.out.println("Number of certificates in chain: " + x509CertificateArr.length);
                if (!(x509CertificateArr.length != 1)) {
                    findClosestMatchTrustedCert(keyStore, x509CertificateArr[0]);
                    System.out.println("\n\nThe root certificate is not trusted so storing it locally... ");
                }
                for (int i4 = 0; i4 < x509CertificateArr.length; i4++) {
                    X509Certificate x509Certificate = x509CertificateArr[i4];
                    keyStore.setCertificateEntry(str + "-" + (i4 + 1), x509Certificate);
                    FileOutputStream fileOutputStream = new FileOutputStream(str3);
                    keyStore.store(fileOutputStream, charArray);
                    fileOutputStream.close();
                    System.out.println("Installed certificate as trusted: " + x509Certificate.getIssuerDN() + "::" + x509Certificate.getSigAlgName());
                }
                return 0;
            }
        } catch (Exception e5) {
            throw new Exception("\nSOCKET FAIL ::: Reason: " + e5 + "\n");
        }
    }

    private void checkUsingApacheHttp(String str, int i, String str2, String str3, String str4) throws Exception {
        System.out.println("Trying using Apache HTTP Client...");
        HashMap hashMap = new HashMap();
        if (this.auth_user != null) {
            hashMap.put(HTTPUtil.PARAM_HTTP_USER, this.auth_user);
            hashMap.put(HTTPUtil.PARAM_HTTP_PWD, this.auth_pwd);
        }
        ResponseWrapper execRequest = HTTPUtil.execRequest(HTTPUtil.Method.POST, "https://" + str + ":" + i + "/" + str2, null, null, new ByteArrayInputStream("Testing".getBytes()), hashMap, 1000000000L);
        System.out.println("Got a response using Apache HTTP Client: " + execRequest.getStatusCode());
        System.out.println("\t\tHEADERS: " + execRequest.getHeaders());
        System.out.println("\t\tBODY: " + execRequest.getBody());
    }

    private static void findClosestMatchTrustedCert(KeyStore keyStore, X509Certificate x509Certificate) {
        try {
            PKIXParameters pKIXParameters = new PKIXParameters(keyStore);
            String name = x509Certificate.getIssuerDN().getName();
            String lowerCase = getDNField("O", name).toLowerCase();
            String lowerCase2 = lowerCase.replaceAll("(\\S*)[^$]*", "$1").toLowerCase();
            System.out.println("Looking for matches to root certificate DN:\n\t" + name + "\n\t\tReference certificate signing algorthim: " + x509Certificate.getSigAlgName() + "\n\n\tTrusted certificate(s) most closely matching \"O\" field of root certificate DN:");
            Iterator<TrustAnchor> it = pKIXParameters.getTrustAnchors().iterator();
            boolean z = false;
            while (it.hasNext()) {
                X509Certificate trustedCert = it.next().getTrustedCert();
                String name2 = trustedCert.getIssuerDN().getName();
                String lowerCase3 = name2.toLowerCase();
                if (lowerCase3.contains(lowerCase) || lowerCase3.contains(lowerCase2)) {
                    z = true;
                    System.out.println("\t\tTrusted certificate DN:\n\t\t" + name2 + "\n\t\tTrusted certificate signing algorthim: " + trustedCert.getSigAlgName());
                }
            }
            if (z) {
                return;
            }
            System.out.println("\n\t\t\tNo matching certificates found");
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    private static String getDNField(String str, String str2) {
        return str2.contains(new StringBuilder().append(" ").append(str).append("=\"").toString()) ? str2.replaceAll(".* " + str + "=\"([^\"]*)\",[^$]*", "$1") : str2.replaceAll(".* " + str + "=([^,]*),[^$]*", "$1");
    }

    private void process(String[] strArr) {
        CommandLine parseCommandLine = parseCommandLine(strArr);
        String optionValue = parseCommandLine.getOptionValue(HOST);
        int parseInt = parseCommandLine.hasOption(PORT) ? Integer.parseInt(parseCommandLine.getOptionValue(PORT)) : 443;
        String optionValue2 = parseCommandLine.hasOption(URI) ? parseCommandLine.getOptionValue(URI) : "";
        String optionValue3 = parseCommandLine.hasOption(CACERT) ? parseCommandLine.getOptionValue(CACERT) : "";
        String optionValue4 = parseCommandLine.hasOption(PASSWORD) ? parseCommandLine.getOptionValue(PASSWORD) : "changeit";
        this.auth_user = parseCommandLine.hasOption(AUTH_USER) ? parseCommandLine.getOptionValue(AUTH_USER) : null;
        this.auth_pwd = parseCommandLine.hasOption(AUTH_PWD) ? parseCommandLine.getOptionValue(AUTH_PWD) : null;
        if (parseCommandLine.hasOption(DEBUG) && "true".equalsIgnoreCase(parseCommandLine.getOptionValue(DEBUG))) {
            System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
            System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true");
            System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.http", "DEBUG");
            System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.http.wire", CommandResult.TYPE_ERROR);
        }
        try {
            CheckCertStore(optionValue, parseInt, optionValue2, optionValue3, optionValue4);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public static void main(String[] strArr) {
        try {
            new CheckCertificate().process(strArr);
        } catch (Exception e) {
            System.out.println("Unexpected exception:" + e.getMessage());
        }
    }
}
