package org.gudy.azureus2.core3.security.impl;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.net.Authenticator;
import java.net.MalformedURLException;
import java.net.PasswordAuthentication;
import java.net.URL;
import java.security.Key;
import java.security.KeyStore;
import java.security.Permission;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.gudy.azureus2.core3.logging.LGLogger;
import org.gudy.azureus2.core3.security.SECertificateListener;
import org.gudy.azureus2.core3.security.SEKeyDetails;
import org.gudy.azureus2.core3.security.SEPasswordListener;
import org.gudy.azureus2.core3.security.SESecurityManager;
import org.gudy.azureus2.core3.util.AEMonitor;
import org.gudy.azureus2.core3.util.Debug;
import org.gudy.azureus2.core3.util.FileUtil;
import org.gudy.azureus2.core3.util.Ignore;

/* loaded from: input_file:org/gudy/azureus2/core3/security/impl/SESecurityManagerImpl.class */
public class SESecurityManagerImpl {
    protected static SESecurityManagerImpl singleton = new SESecurityManagerImpl();
    protected String keystore_name;
    protected String truststore_name;
    protected List certificate_listeners = new ArrayList();
    protected List password_listeners = new ArrayList();
    protected Map password_handlers = new HashMap();
    protected boolean exit_vm_permitted = false;
    protected AEMonitor this_mon = new AEMonitor("SESecurityManager");

    public static SESecurityManagerImpl getSingleton() {
        return singleton;
    }

    public void initialise() {
        this.keystore_name = FileUtil.getUserFile(SESecurityManager.SSL_KEYS).getAbsolutePath();
        this.truststore_name = FileUtil.getUserFile(SESecurityManager.SSL_CERTS).getAbsolutePath();
        System.setProperty("javax.net.ssl.trustStore", this.truststore_name);
        System.setProperty("javax.net.ssl.trustStorePassword", SESecurityManager.SSL_PASSWORD);
        installAuthenticator();
        try {
            Security.addProvider((Provider) Class.forName("com.sun.net.ssl.internal.ssl.Provider").newInstance());
        } catch (Throwable th) {
            Debug.printStackTrace(th);
        }
        try {
            SESecurityManagerBC.initialise();
        } catch (Throwable th2) {
            LGLogger.log(3, "Bouncy Castle not available");
        }
        installSecurityManager();
        ensureStoreExists(this.keystore_name);
        ensureStoreExists(this.truststore_name);
    }

    public String getKeystoreName() {
        return this.keystore_name;
    }

    public String getKeystorePassword() {
        return SESecurityManager.SSL_PASSWORD;
    }

    protected void installSecurityManager() {
        try {
            System.setSecurityManager(new SecurityManager(this, System.getSecurityManager()) { // from class: org.gudy.azureus2.core3.security.impl.SESecurityManagerImpl.1
                final SESecurityManagerImpl this$0;
                private final SecurityManager val$old_sec_man;

                {
                    this.this$0 = this;
                    this.val$old_sec_man = r5;
                }

                @Override // java.lang.SecurityManager
                public void checkExit(int i) {
                    if (this.val$old_sec_man != null) {
                        this.val$old_sec_man.checkExit(i);
                    }
                    if (!this.this$0.exit_vm_permitted) {
                        throw new SecurityException("VM exit operation prohibited");
                    }
                }

                @Override // java.lang.SecurityManager
                public void checkPermission(Permission permission) {
                    if ((permission instanceof RuntimePermission) && permission.getName().equals("stopThread")) {
                        throw new SecurityException("Thread.stop operation prohibited");
                    }
                    if (this.val$old_sec_man != null) {
                        this.val$old_sec_man.checkPermission(permission);
                    }
                }

                @Override // java.lang.SecurityManager
                public void checkPermission(Permission permission, Object obj) {
                    if ((permission instanceof RuntimePermission) && permission.getName().equals("stopThread")) {
                        throw new SecurityException("Thread.stop operation prohibited");
                    }
                    if (this.val$old_sec_man != null) {
                        this.val$old_sec_man.checkPermission(permission, obj);
                    }
                }
            });
        } catch (Throwable th) {
            Debug.printStackTrace(th);
        }
    }

    public void exitVM(int i) {
        try {
            this.exit_vm_permitted = true;
            System.exit(i);
        } finally {
            this.exit_vm_permitted = false;
        }
    }

    public void installAuthenticator() {
        Authenticator.setDefault(new Authenticator(this) { // from class: org.gudy.azureus2.core3.security.impl.SESecurityManagerImpl.2
            protected AEMonitor auth_mon = new AEMonitor("SESecurityManager:auth");
            final SESecurityManagerImpl this$0;

            {
                this.this$0 = this;
            }

            @Override // java.net.Authenticator
            protected PasswordAuthentication getPasswordAuthentication() {
                try {
                    this.auth_mon.enter();
                    return this.this$0.getAuthentication(getRequestingPrompt(), getRequestingProtocol(), getRequestingHost(), getRequestingPort());
                } finally {
                    this.auth_mon.exit();
                }
            }
        });
    }

    public PasswordAuthentication getAuthentication(String str, String str2, String str3, int i) {
        AEMonitor aEMonitor;
        try {
            this.this_mon.enter();
            return getPasswordAuthentication(str, new URL(new StringBuffer(String.valueOf(str2)).append("://").append(str3).append(":").append(i).append("/").toString()));
        } catch (MalformedURLException e) {
            Debug.printStackTrace(e);
            return null;
        } finally {
            this.this_mon.exit();
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    protected boolean checkKeyStoreHasEntry() {
        if (!new File(this.keystore_name).exists()) {
            LGLogger.logUnrepeatableAlertUsingResource(3, "Security.keystore.empty", new String[]{this.keystore_name});
            return false;
        }
        try {
            if (loadKeyStore().aliases().hasMoreElements()) {
                return true;
            }
            LGLogger.logUnrepeatableAlertUsingResource(3, "Security.keystore.empty", new String[]{this.keystore_name});
            return false;
        } catch (Throwable th) {
            LGLogger.logUnrepeatableAlertUsingResource(3, "Security.keystore.corrupt", new String[]{this.keystore_name});
            return false;
        }
    }

    protected boolean ensureStoreExists(String str) {
        try {
            try {
                this.this_mon.enter();
                KeyStore keyStore = KeyStore.getInstance("JKS");
                if (new File(str).exists()) {
                    this.this_mon.exit();
                    return false;
                }
                keyStore.load(null, null);
                FileOutputStream fileOutputStream = null;
                try {
                    fileOutputStream = new FileOutputStream(str);
                    keyStore.store(fileOutputStream, SESecurityManager.SSL_PASSWORD.toCharArray());
                    if (fileOutputStream != null) {
                        fileOutputStream.close();
                    }
                    this.this_mon.exit();
                    return true;
                } catch (Throwable th) {
                    if (fileOutputStream != null) {
                        fileOutputStream.close();
                    }
                    throw th;
                }
            } catch (Throwable th2) {
                Debug.printStackTrace(th2);
                this.this_mon.exit();
                return false;
            }
        } catch (Throwable th3) {
            this.this_mon.exit();
            throw th3;
        }
    }

    protected KeyStore loadKeyStore() throws Exception {
        return loadKeyStore(KeyManagerFactory.getInstance("SunX509"));
    }

    protected KeyStore loadKeyStore(KeyManagerFactory keyManagerFactory) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        if (new File(this.keystore_name).exists()) {
            FileInputStream fileInputStream = null;
            try {
                fileInputStream = new FileInputStream(this.keystore_name);
                keyStore.load(fileInputStream, SESecurityManager.SSL_PASSWORD.toCharArray());
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                throw th;
            }
        } else {
            keyStore.load(null, null);
        }
        keyManagerFactory.init(keyStore, SESecurityManager.SSL_PASSWORD.toCharArray());
        return keyStore;
    }

    public SSLServerSocketFactory getSSLServerSocketFactory() throws Exception {
        if (!checkKeyStoreHasEntry()) {
            return null;
        }
        SSLContext sSLContext = SSLContext.getInstance("SSL");
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        loadKeyStore(keyManagerFactory);
        sSLContext.init(keyManagerFactory.getKeyManagers(), null, new SecureRandom());
        return sSLContext.getServerSocketFactory();
    }

    public SEKeyDetails getKeyDetails(String str) throws Exception {
        KeyStore loadKeyStore = loadKeyStore();
        Key key = loadKeyStore.getKey(str, SESecurityManager.SSL_PASSWORD.toCharArray());
        if (key == null) {
            return null;
        }
        Certificate[] certificateChain = loadKeyStore.getCertificateChain(str);
        X509Certificate[] x509CertificateArr = new X509Certificate[certificateChain.length];
        for (int i = 0; i < certificateChain.length; i++) {
            if (!(certificateChain[i] instanceof X509Certificate)) {
                throw new Exception("Certificate chain must be comprised of X509Certificate entries");
            }
            x509CertificateArr[i] = (X509Certificate) certificateChain[i];
        }
        return new SEKeyDetails(this, key, x509CertificateArr) { // from class: org.gudy.azureus2.core3.security.impl.SESecurityManagerImpl.3
            final SESecurityManagerImpl this$0;
            private final Key val$key;
            private final X509Certificate[] val$res;

            {
                this.this$0 = this;
                this.val$key = key;
                this.val$res = x509CertificateArr;
            }

            @Override // org.gudy.azureus2.core3.security.SEKeyDetails
            public Key getKey() {
                return this.val$key;
            }

            @Override // org.gudy.azureus2.core3.security.SEKeyDetails
            public X509Certificate[] getCertificateChain() {
                return this.val$res;
            }
        };
    }

    public Certificate createSelfSignedCertificate(String str, String str2, int i) throws Exception {
        return SESecurityManagerBC.createSelfSignedCertificate(this, str, str2, i);
    }

    public boolean installServerCertificates(URL url) {
        try {
            this.this_mon.enter();
            String host = url.getHost();
            int port = url.getPort();
            if (port == -1) {
                port = 443;
            }
            SSLSocket sSLSocket = null;
            try {
                try {
                    TrustManager[] trustManagerArr = {new X509TrustManager(this) { // from class: org.gudy.azureus2.core3.security.impl.SESecurityManagerImpl.4
                        final SESecurityManagerImpl this$0;

                        {
                            this.this$0 = this;
                        }

                        @Override // javax.net.ssl.X509TrustManager
                        public X509Certificate[] getAcceptedIssuers() {
                            return null;
                        }

                        @Override // javax.net.ssl.X509TrustManager
                        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
                        }

                        @Override // javax.net.ssl.X509TrustManager
                        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
                        }
                    }};
                    SSLContext sSLContext = SSLContext.getInstance("SSL");
                    sSLContext.init(null, trustManagerArr, new SecureRandom());
                    SSLSocket sSLSocket2 = (SSLSocket) sSLContext.getSocketFactory().createSocket(host, port);
                    sSLSocket2.startHandshake();
                    Certificate[] peerCertificates = sSLSocket2.getSession().getPeerCertificates();
                    if (peerCertificates.length == 0) {
                        if (sSLSocket2 != null) {
                            try {
                                sSLSocket2.close();
                            } catch (Throwable th) {
                                Debug.printStackTrace(th);
                            }
                        }
                        this.this_mon.exit();
                        return false;
                    }
                    Certificate certificate = peerCertificates[0];
                    X509Certificate x509Certificate = certificate instanceof X509Certificate ? (X509Certificate) certificate : (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(certificate.getEncoded()));
                    String url2 = url.toString();
                    int indexOf = url2.indexOf("?");
                    if (indexOf != -1) {
                        url2 = url2.substring(0, indexOf);
                    }
                    for (int i = 0; i < this.certificate_listeners.size(); i++) {
                        if (((SECertificateListener) this.certificate_listeners.get(i)).trustCertificate(url2, x509Certificate)) {
                            addCertToTrustStore(host.concat(":").concat(String.valueOf(port)), certificate);
                            if (sSLSocket2 != null) {
                                try {
                                    sSLSocket2.close();
                                } catch (Throwable th2) {
                                    Debug.printStackTrace(th2);
                                }
                            }
                            this.this_mon.exit();
                            return true;
                        }
                    }
                    if (sSLSocket2 != null) {
                        try {
                            sSLSocket2.close();
                        } catch (Throwable th3) {
                            Debug.printStackTrace(th3);
                        }
                    }
                    this.this_mon.exit();
                    return false;
                } finally {
                }
            } catch (Throwable th4) {
                Debug.printStackTrace(th4);
                if (0 != 0) {
                    try {
                        sSLSocket.close();
                    } catch (Throwable th5) {
                        Debug.printStackTrace(th5);
                    }
                }
                this.this_mon.exit();
                return false;
            }
        } catch (Throwable th6) {
            this.this_mon.exit();
            throw th6;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addCertToKeyStore(String str, Key key, Certificate[] certificateArr) throws Exception {
        try {
            this.this_mon.enter();
            KeyStore loadKeyStore = loadKeyStore();
            if (loadKeyStore.containsAlias(str)) {
                loadKeyStore.deleteEntry(str);
            }
            loadKeyStore.setKeyEntry(str, key, SESecurityManager.SSL_PASSWORD.toCharArray(), certificateArr);
            FileOutputStream fileOutputStream = null;
            try {
                try {
                    fileOutputStream = new FileOutputStream(this.keystore_name);
                    loadKeyStore.store(fileOutputStream, SESecurityManager.SSL_PASSWORD.toCharArray());
                } finally {
                    if (fileOutputStream != null) {
                        fileOutputStream.close();
                    }
                }
            } catch (Throwable th) {
                Debug.printStackTrace(th);
            }
            if (fileOutputStream != null) {
                fileOutputStream.close();
            }
        } finally {
            this.this_mon.exit();
        }
    }

    protected void addCertToTrustStore(String str, Certificate certificate) throws Exception {
        try {
            this.this_mon.enter();
            KeyStore keyStore = KeyStore.getInstance("JKS");
            if (new File(this.truststore_name).exists()) {
                FileInputStream fileInputStream = null;
                try {
                    fileInputStream = new FileInputStream(this.truststore_name);
                    keyStore.load(fileInputStream, SESecurityManager.SSL_PASSWORD.toCharArray());
                    if (fileInputStream != null) {
                        fileInputStream.close();
                    }
                } catch (Throwable th) {
                    if (fileInputStream != null) {
                        fileInputStream.close();
                    }
                    throw th;
                }
            } else {
                keyStore.load(null, null);
            }
            if (certificate != null) {
                if (keyStore.containsAlias(str)) {
                    keyStore.deleteEntry(str);
                }
                keyStore.setCertificateEntry(str, certificate);
                FileOutputStream fileOutputStream = null;
                try {
                    fileOutputStream = new FileOutputStream(this.truststore_name);
                    keyStore.store(fileOutputStream, SESecurityManager.SSL_PASSWORD.toCharArray());
                    if (fileOutputStream != null) {
                        fileOutputStream.close();
                    }
                } catch (Throwable th2) {
                    if (fileOutputStream != null) {
                        fileOutputStream.close();
                    }
                    throw th2;
                }
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
            HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
        } finally {
            this.this_mon.exit();
        }
    }

    public PasswordAuthentication getPasswordAuthentication(String str, URL url) {
        Object[] objArr = (Object[]) this.password_handlers.get(url.toString());
        if (objArr != null) {
            return ((SEPasswordListener) objArr[0]).getAuthentication(str, (URL) objArr[1]);
        }
        for (int i = 0; i < this.password_listeners.size(); i++) {
            PasswordAuthentication authentication = ((SEPasswordListener) this.password_listeners.get(i)).getAuthentication(str, url);
            if (authentication != null) {
                return authentication;
            }
        }
        return null;
    }

    public void setPasswordAuthenticationOutcome(String str, URL url, boolean z) {
        for (int i = 0; i < this.password_listeners.size(); i++) {
            ((SEPasswordListener) this.password_listeners.get(i)).setAuthenticationOutcome(str, url, z);
        }
    }

    public void addPasswordListener(SEPasswordListener sEPasswordListener) {
        try {
            this.this_mon.enter();
            this.password_listeners.add(sEPasswordListener);
        } finally {
            this.this_mon.exit();
        }
    }

    public void removePasswordListener(SEPasswordListener sEPasswordListener) {
        try {
            this.this_mon.enter();
            this.password_listeners.remove(sEPasswordListener);
        } finally {
            this.this_mon.exit();
        }
    }

    public void addPasswordHandler(URL url, SEPasswordListener sEPasswordListener) {
        this.password_handlers.put(new StringBuffer(String.valueOf(url.getProtocol())).append("://").append(url.getHost()).append(":").append(url.getPort()).append("/").toString(), new Object[]{sEPasswordListener, url});
    }

    public void removePasswordHandler(URL url, SEPasswordListener sEPasswordListener) {
        Ignore.ignore(sEPasswordListener);
        this.password_handlers.remove(new StringBuffer(String.valueOf(url.getProtocol())).append("://").append(url.getHost()).append(":").append(url.getPort()).append("/").toString());
    }

    public void addCertificateListener(SECertificateListener sECertificateListener) {
        try {
            this.this_mon.enter();
            this.certificate_listeners.add(sECertificateListener);
        } finally {
            this.this_mon.exit();
        }
    }

    public void removeCertificateListener(SECertificateListener sECertificateListener) {
        try {
            this.this_mon.enter();
            this.certificate_listeners.remove(sECertificateListener);
        } finally {
            this.this_mon.exit();
        }
    }

    public static void main(String[] strArr) {
        SESecurityManagerImpl singleton2 = getSingleton();
        singleton2.initialise();
        try {
            singleton2.createSelfSignedCertificate("SomeAlias", "CN=fred,OU=wap,O=wip,L=here,ST=there,C=GB", 1000);
        } catch (Throwable th) {
            Debug.printStackTrace(th);
        }
    }
}
