package ch.systemsx.cisd.common.ssl;

import ch.systemsx.cisd.base.exceptions.CheckedExceptionTunnel;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.net.URL;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:lib/dss_client.jar:ch/systemsx/cisd/common/ssl/SslCertificateHelper.class */
public class SslCertificateHelper {
    private final String serviceURL;
    private final File keystoreFile;
    private final String certificateEntryName;

    public SslCertificateHelper(String str, File file, String str2) {
        this.serviceURL = str;
        this.keystoreFile = file;
        this.certificateEntryName = str2;
    }

    public void setUpKeyStore() {
        if (this.serviceURL.startsWith("https")) {
            Certificate[] serverCertificate = getServerCertificate();
            try {
                KeyStore keyStore = KeyStore.getInstance("JKS");
                keyStore.load(null, null);
                for (int i = 0; i < serverCertificate.length; i++) {
                    keyStore.setCertificateEntry(String.valueOf(this.certificateEntryName) + i, serverCertificate[i]);
                }
                FileOutputStream fileOutputStream = null;
                try {
                    try {
                        fileOutputStream = new FileOutputStream(this.keystoreFile);
                        keyStore.store(fileOutputStream, "changeit".toCharArray());
                        fileOutputStream.close();
                        System.setProperty("javax.net.ssl.trustStore", this.keystoreFile.getAbsolutePath());
                        closeQuietly(fileOutputStream);
                    } catch (Exception e) {
                        throw CheckedExceptionTunnel.wrapIfNecessary(e);
                    }
                } catch (Throwable th) {
                    closeQuietly(fileOutputStream);
                    throw th;
                }
            } catch (Exception e2) {
                throw CheckedExceptionTunnel.wrapIfNecessary(e2);
            }
        }
    }

    private static void closeQuietly(OutputStream outputStream) {
        if (outputStream != null) {
            try {
                outputStream.close();
            } catch (IOException unused) {
            }
        }
    }

    private Certificate[] getServerCertificate() {
        workAroundABugInJava6();
        setUpAllAcceptingTrustManager();
        setUpAllAcceptingHostNameVerifier();
        SSLSocket sSLSocket = null;
        try {
            try {
                URL url = new URL(this.serviceURL);
                int port = url.getPort();
                if (port == -1) {
                    port = 443;
                }
                sSLSocket = (SSLSocket) HttpsURLConnection.getDefaultSSLSocketFactory().createSocket(url.getHost(), port);
                sSLSocket.startHandshake();
                Certificate[] peerCertificates = sSLSocket.getSession().getPeerCertificates();
                if (sSLSocket != null) {
                    try {
                        sSLSocket.close();
                    } catch (IOException unused) {
                    }
                }
                return peerCertificates;
            } catch (Exception e) {
                throw CheckedExceptionTunnel.wrapIfNecessary(e);
            }
        } catch (Throwable th) {
            if (sSLSocket != null) {
                try {
                    sSLSocket.close();
                } catch (IOException unused2) {
                }
            }
            throw th;
        }
    }

    private void setUpAllAcceptingTrustManager() {
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: ch.systemsx.cisd.common.ssl.SslCertificateHelper.1
            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }
        }};
        try {
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
        } catch (Exception unused) {
        }
    }

    private void setUpAllAcceptingHostNameVerifier() {
        HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { // from class: ch.systemsx.cisd.common.ssl.SslCertificateHelper.2
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                return true;
            }
        });
    }

    private void workAroundABugInJava6() {
        try {
            SSLContext.getInstance("SSL").createSSLEngine();
        } catch (Exception unused) {
        }
    }

    public static void trustAnyCertificate(String str) {
        if (str.startsWith("https://")) {
            try {
                File createTempFile = File.createTempFile("cert", "keystore");
                createTempFile.deleteOnExit();
                new SslCertificateHelper(str, createTempFile, "cert").setUpKeyStore();
            } catch (IOException e) {
                throw CheckedExceptionTunnel.wrapIfNecessary((Exception) e);
            }
        }
    }
}
