package org.xwiki.contrib.letsencrypt.internal;

import java.io.BufferedInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/xwiki/contrib/letsencrypt/internal/LetsEncryptRegisterUtils.class */
public final class LetsEncryptRegisterUtils {
    private static final Logger LOGGER = LoggerFactory.getLogger(LetsEncryptRegisterUtils.class);
    private static final String CERTIFICATE_ALIAS = "DSTRootCAX3";
    private static final String CERTIFICATE_FILE = "DSTRootCAX3.der";

    private LetsEncryptRegisterUtils() {
    }

    public static void register() {
        try {
            String property = System.getProperty("javax.net.ssl.keyStore");
            SSLContext updateCustomTrustStore = property != null ? updateCustomTrustStore(property) : updateOracleTrustStore();
            if (updateCustomTrustStore != null) {
                SSLContext.setDefault(updateCustomTrustStore);
            }
        } catch (Exception e) {
            LOGGER.warn("Failed to regsiter Let's Encryp certificate", e);
        }
    }

    private static Certificate getCertificate() throws CertificateException, IOException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        BufferedInputStream bufferedInputStream = new BufferedInputStream(LetsEncryptRegisterUtils.class.getResourceAsStream(CERTIFICATE_FILE));
        Throwable th = null;
        try {
            Certificate generateCertificate = certificateFactory.generateCertificate(bufferedInputStream);
            if (bufferedInputStream != null) {
                if (0 != 0) {
                    try {
                        bufferedInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    bufferedInputStream.close();
                }
            }
            return generateCertificate;
        } catch (Throwable th3) {
            if (bufferedInputStream != null) {
                if (0 != 0) {
                    try {
                        bufferedInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    bufferedInputStream.close();
                }
            }
            throw th3;
        }
    }

    private static SSLContext getSSLContext() throws NoSuchAlgorithmException {
        return SSLContext.getInstance("TLS");
    }

    private static SSLContext updateOracleTrustStore() throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException, KeyManagementException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        Path path = Paths.get(System.getProperty("java.home"), "lib", "security", "cacerts");
        keyStore.load(Files.newInputStream(path, new OpenOption[0]), "changeit".toCharArray());
        if (keyStore.getCertificate(CERTIFICATE_ALIAS) != null) {
            return null;
        }
        Certificate certificate = getCertificate();
        LOGGER.info("Added certificate [{}] in default [{}]", ((X509Certificate) certificate).getSubjectDN(), path);
        keyStore.setCertificateEntry(CERTIFICATE_ALIAS, certificate);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        SSLContext sSLContext = getSSLContext();
        sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
        return sSLContext;
    }

    private static SSLContext updateCustomTrustStore(String str) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, KeyManagementException, UnrecoverableKeyException {
        String property = System.getProperty("javax.net.ssl.keyStoreType", KeyStore.getDefaultType());
        String property2 = System.getProperty("javax.net.ssl.keyStorePassword", "");
        if (str == null || str.equals("NONE")) {
            return null;
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        KeyStore keyStore = KeyStore.getInstance(property);
        FileInputStream fileInputStream = new FileInputStream(str);
        Throwable th = null;
        try {
            try {
                keyStore.load(fileInputStream, property2.toCharArray());
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                if (keyStore.getCertificate(CERTIFICATE_ALIAS) == null) {
                    return null;
                }
                Certificate certificate = getCertificate();
                LOGGER.info("Added certificate [{}] in custom [{}]", ((X509Certificate) certificate).getSubjectDN(), str);
                keyStore.setCertificateEntry(CERTIFICATE_ALIAS, certificate);
                keyManagerFactory.init(keyStore, property2.length() > 0 ? property2.toCharArray() : null);
                KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
                SSLContext sSLContext = getSSLContext();
                sSLContext.init(keyManagers, null, null);
                return sSLContext;
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (fileInputStream != null) {
                if (th != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th4;
        }
    }
}
