package com.apusic.net;

import com.apusic.deploy.runtime.Tags;
import com.apusic.server.Config;
import com.apusic.util.Base64;
import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertPathParameters;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509CRL;
import java.security.cert.X509CertSelector;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure;

/* loaded from: input_file:com/apusic/net/SSLCertificateSupporter.class */
public class SSLCertificateSupporter {
    private static CertificateFactory jdkX509CF = null;

    /* loaded from: input_file:com/apusic/net/SSLCertificateSupporter$SSLCRLChecker.class */
    static class SSLCRLChecker extends PKIXCertPathChecker {
        boolean forward;
        private String[] crlLists;
        private Map<String, Long> initTimeMap = new HashMap();
        private Map<String, Collection<? extends CRL>> crlsMap = new HashMap();
        private boolean shouldCheck;

        public SSLCRLChecker(String str, int i) {
            this.crlLists = null;
            this.crlLists = str.split(";");
            try {
                getCRLs();
                Config.getTimer().scheduleAtFixedRate(new Runnable() { // from class: com.apusic.net.SSLCertificateSupporter.SSLCRLChecker.1
                    @Override // java.lang.Runnable
                    public void run() {
                        SSLCRLChecker.this.checkUpdate();
                    }
                }, 0L, i, TimeUnit.SECONDS);
            } catch (Exception e) {
                e.printStackTrace();
            }
        }

        @Override // java.security.cert.PKIXCertPathChecker
        public void check(Certificate certificate, Collection<String> collection) throws CertPathValidatorException {
            if (checkRevoked(certificate)) {
                throw new CertPathValidatorException(".....user in crl....");
            }
        }

        @Override // java.security.cert.PKIXCertPathChecker
        public Set<String> getSupportedExtensions() {
            return null;
        }

        @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
        public void init(boolean z) throws CertPathValidatorException {
            this.forward = z;
        }

        @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
        public boolean isForwardCheckingSupported() {
            return this.forward;
        }

        private void getCRLs() throws IOException, CRLException, CertificateException {
            for (int i = 0; i < this.crlLists.length; i++) {
                String trim = this.crlLists[i].trim();
                if (trim.length() != 0) {
                    getCRL(trim, 0L);
                }
            }
        }

        private synchronized void getCRL(String str, long j) throws IOException, CRLException, CertificateException {
            if (this.initTimeMap.get(str) == null || j != this.initTimeMap.get(str).longValue()) {
                BufferedInputStream bufferedInputStream = null;
                try {
                    File file = Config.getFile(str);
                    bufferedInputStream = new BufferedInputStream(new FileInputStream(file));
                    this.crlsMap.put(str, CertificateFactory.getInstance("X.509").generateCRLs(bufferedInputStream));
                    this.initTimeMap.put(str, Long.valueOf(file.lastModified()));
                    if (bufferedInputStream != null) {
                        try {
                            bufferedInputStream.close();
                        } catch (Exception e) {
                        }
                    }
                } catch (Throwable th) {
                    if (bufferedInputStream != null) {
                        try {
                            bufferedInputStream.close();
                        } catch (Exception e2) {
                        }
                    }
                    throw th;
                }
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void checkUpdate() {
            for (int i = 0; i < this.crlLists.length; i++) {
                String trim = this.crlLists[i].trim();
                long lastModified = Config.getFile(trim).lastModified();
                if (lastModified != this.initTimeMap.get(trim).longValue()) {
                    try {
                        getCRL(trim, lastModified);
                    } catch (Exception e) {
                        e.printStackTrace();
                    }
                }
            }
        }

        private boolean checkRevoked(Certificate certificate) {
            boolean z = false;
            Iterator<Map.Entry<String, Collection<? extends CRL>>> it = this.crlsMap.entrySet().iterator();
            while (it.hasNext()) {
                Iterator<? extends CRL> it2 = it.next().getValue().iterator();
                while (true) {
                    if (it2.hasNext()) {
                        CRL next = it2.next();
                        Date nextUpdate = ((X509CRL) next).getNextUpdate();
                        Date date = new Date(System.currentTimeMillis());
                        if (nextUpdate != null && nextUpdate.before(date)) {
                            System.err.println("CRL file is expired,please update...");
                        }
                        if (next.isRevoked(certificate)) {
                            z = true;
                            break;
                        }
                    }
                }
            }
            return z;
        }
    }

    private static synchronized CertificateFactory getCertificateFactory() throws Exception {
        if (jdkX509CF == null) {
            jdkX509CF = CertificateFactory.getInstance("X.509");
        }
        return jdkX509CF;
    }

    public static void initKeystore(KeyStore keyStore, char[] cArr, String str, String str2) throws Exception {
        if (keyStore == null || cArr == null || str == null || str2 == null) {
            throw new IllegalArgumentException("All parameters are not allowed to be null");
        }
        CertificateFactory certificateFactory = getCertificateFactory();
        ArrayList arrayList = new ArrayList();
        String[] split = str2.split(";");
        for (int i = 0; i < split.length; i++) {
            String trim = split[i].trim();
            if (trim.length() != 0) {
                FileInputStream fileInputStream = new FileInputStream(Config.getFile(trim));
                Certificate generateCertificate = certificateFactory.generateCertificate(fileInputStream);
                fileInputStream.close();
                arrayList.add(generateCertificate);
                if (i != 0) {
                    keyStore.setCertificateEntry("CA" + i, generateCertificate);
                }
            }
        }
        Certificate[] certificateArr = (Certificate[]) arrayList.toArray(new Certificate[0]);
        FileInputStream fileInputStream2 = new FileInputStream(Config.getFile(str));
        byte[] readKey = readKey(fileInputStream2);
        fileInputStream2.close();
        RSAPrivateKeyStructure rSAPrivateKeyStructure = new RSAPrivateKeyStructure((ASN1Sequence) ASN1Sequence.class.getMethod("fromByteArray", byte[].class).invoke(null, Base64.decodeBase64(readKey)));
        keyStore.setKeyEntry(Tags.SERVER, KeyFactory.getInstance("RSA").generatePrivate(new RSAPrivateCrtKeySpec(rSAPrivateKeyStructure.getModulus(), rSAPrivateKeyStructure.getPublicExponent(), rSAPrivateKeyStructure.getPrivateExponent(), rSAPrivateKeyStructure.getPrime1(), rSAPrivateKeyStructure.getPrime2(), rSAPrivateKeyStructure.getExponent1(), rSAPrivateKeyStructure.getExponent2(), rSAPrivateKeyStructure.getCoefficient())), cArr, certificateArr);
    }

    private static byte[] readKey(InputStream inputStream) throws IOException {
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
        StringBuffer stringBuffer = new StringBuffer();
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                break;
            }
            if (readLine.indexOf("BEGIN RSA PRIVATE KEY") == -1 && readLine.trim().length() != 0) {
                if (readLine.indexOf("END RSA PRIVATE KEY") != -1) {
                    break;
                }
                stringBuffer.append(readLine);
            }
        }
        return stringBuffer.toString().getBytes();
    }

    public static void initTruststore(KeyStore keyStore, String str) throws Exception {
        if (keyStore == null || str == null) {
            throw new IllegalArgumentException("All parameters are not allowed to be null");
        }
        CertificateFactory certificateFactory = getCertificateFactory();
        String[] split = str.split(";");
        FileInputStream fileInputStream = null;
        for (int i = 0; i < split.length; i++) {
            try {
                String trim = split[i].trim();
                if (trim.length() != 0) {
                    fileInputStream = new FileInputStream(Config.getFile(trim));
                    Certificate generateCertificate = certificateFactory.generateCertificate(fileInputStream);
                    fileInputStream.close();
                    keyStore.setCertificateEntry("CA" + i, generateCertificate);
                }
            } finally {
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
            }
        }
    }

    public static CertPathParameters getParameters(String str, String str2, KeyStore keyStore, int i) throws Exception {
        if (!"PKIX".equalsIgnoreCase(str)) {
            throw new CRLException("CRLs not supported for type: " + str);
        }
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, new X509CertSelector());
        pKIXBuilderParameters.setRevocationEnabled(false);
        pKIXBuilderParameters.addCertPathChecker(new SSLCRLChecker(str2, i));
        return pKIXBuilderParameters;
    }

    private static Collection<? extends CRL> getCRLs(String str) throws IOException, CRLException, CertificateException {
        ArrayList arrayList = null;
        for (String str2 : str.split(";")) {
            String trim = str2.trim();
            if (trim.length() != 0) {
                BufferedInputStream bufferedInputStream = null;
                try {
                    bufferedInputStream = new BufferedInputStream(new FileInputStream(Config.getFile(trim)));
                    Collection<? extends CRL> generateCRLs = CertificateFactory.getInstance("X.509").generateCRLs(bufferedInputStream);
                    if (generateCRLs != null) {
                        if (arrayList == null) {
                            arrayList = new ArrayList();
                        }
                        arrayList.addAll(generateCRLs);
                    }
                    if (bufferedInputStream != null) {
                        try {
                            bufferedInputStream.close();
                        } catch (Exception e) {
                        }
                    }
                } catch (Throwable th) {
                    if (bufferedInputStream != null) {
                        try {
                            bufferedInputStream.close();
                        } catch (Exception e2) {
                        }
                    }
                    throw th;
                }
            }
        }
        return arrayList;
    }
}
