package org.eclipse.tcf.ssl;

import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.Socket;
import java.security.KeyFactory;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509TrustManager;
import org.eclipse.tcf.Activator;
import org.eclipse.tcf.core.Base64;
import org.eclipse.tcf.protocol.Protocol;

/* loaded from: input_file:org/eclipse/tcf/ssl/TCFSecurityManager.class */
public class TCFSecurityManager {
    public static File getCertificatesDirectory() throws IOException {
        File file;
        try {
            file = Activator.getDefault().getStateLocation().append("certificates").toFile();
        } catch (IllegalStateException unused) {
            file = new File(new File(System.getProperty("user.home"), ".tcf"), "certificates");
        }
        if (file.exists() || file.mkdirs()) {
            return file;
        }
        throw new IOException("Cannot create directory: " + file);
    }

    public static File getSysCertificatesDirectory() {
        File file = null;
        if (System.getProperty("os.name", "").startsWith("Windows")) {
            Process process = null;
            BufferedReader bufferedReader = null;
            try {
                process = Runtime.getRuntime().exec(new String[]{"cmd", "/c", "set", "SystemRoot"}, (String[]) null);
                bufferedReader = new BufferedReader(new InputStreamReader(process.getInputStream()));
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    }
                    int indexOf = readLine.indexOf(61);
                    if (indexOf > 0 && readLine.substring(0, indexOf).equalsIgnoreCase("SystemRoot")) {
                        File file2 = new File(readLine.substring(indexOf + 1));
                        if (file2.exists()) {
                            file = new File(file2, "TCF/ssl");
                        }
                    }
                }
                try {
                    process.getErrorStream().close();
                    process.getOutputStream().close();
                    bufferedReader.close();
                } catch (IOException e) {
                    Protocol.log("Cannot close child process I/O streams", e);
                }
                process.waitFor();
            } catch (Throwable th) {
                Protocol.log("Cannot get system directory name", th);
                if (process != null) {
                    try {
                        process.getErrorStream().close();
                        process.getOutputStream().close();
                    } catch (IOException unused) {
                    }
                }
                if (bufferedReader != null) {
                    bufferedReader.close();
                }
            }
        } else {
            file = new File("/etc/tcf/ssl");
        }
        if (file != null && file.exists() && file.isDirectory()) {
            return file;
        }
        return null;
    }

    public static SSLContext createSSLContext() {
        try {
            final File certificatesDirectory = getCertificatesDirectory();
            final File sysCertificatesDirectory = getSysCertificatesDirectory();
            if (!certificatesDirectory.exists() && !certificatesDirectory.mkdirs()) {
                throw new Exception("Cannot create directory: " + certificatesDirectory);
            }
            final CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(new KeyManager[]{new X509ExtendedKeyManager() { // from class: org.eclipse.tcf.ssl.TCFSecurityManager.1
                @Override // javax.net.ssl.X509KeyManager
                public X509Certificate[] getCertificateChain(String str) {
                    File file = new File(certificatesDirectory, "local.cert");
                    if (!file.exists() && sysCertificatesDirectory != null) {
                        file = new File(sysCertificatesDirectory, "local.cert");
                    }
                    BufferedInputStream bufferedInputStream = null;
                    try {
                        bufferedInputStream = new BufferedInputStream(new FileInputStream(file));
                        X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(bufferedInputStream);
                        bufferedInputStream.close();
                        return new X509Certificate[]{x509Certificate};
                    } catch (Throwable th) {
                        Protocol.log("Cannot read certificate: " + file, th);
                        if (bufferedInputStream == null) {
                            return null;
                        }
                        try {
                            bufferedInputStream.close();
                            return null;
                        } catch (IOException unused) {
                            Protocol.log("Cannot close certificate file: " + file, th);
                            return null;
                        }
                    }
                }

                @Override // javax.net.ssl.X509KeyManager
                public PrivateKey getPrivateKey(String str) {
                    File file = new File(certificatesDirectory, "local.priv");
                    if (!file.exists() && sysCertificatesDirectory != null) {
                        file = new File(sysCertificatesDirectory, "local.priv");
                    }
                    BufferedReader bufferedReader = null;
                    try {
                        try {
                            BufferedReader bufferedReader2 = new BufferedReader(new InputStreamReader(new FileInputStream(file), "ASCII"));
                            StringBuffer stringBuffer = new StringBuffer();
                            boolean z = false;
                            while (true) {
                                String readLine = bufferedReader2.readLine();
                                if (readLine == null) {
                                    throw new Exception("Invalid format");
                                }
                                if (readLine.indexOf("-----BEGIN ") == 0) {
                                    z = true;
                                } else {
                                    if (readLine.indexOf("-----END ") == 0) {
                                        PrivateKey generatePrivate = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.toByteArray(stringBuffer.toString().toCharArray())));
                                        if (bufferedReader2 != null) {
                                            try {
                                                bufferedReader2.close();
                                            } catch (IOException unused) {
                                            }
                                        }
                                        return generatePrivate;
                                    }
                                    if (z) {
                                        stringBuffer.append(readLine);
                                    }
                                }
                            }
                        } catch (Exception e) {
                            Protocol.log("Cannot read private key: " + file, e);
                            if (0 != 0) {
                                try {
                                    bufferedReader.close();
                                } catch (IOException unused2) {
                                    Protocol.log("Cannot close private key file: " + file, e);
                                }
                            }
                            if (0 == 0) {
                                return null;
                            }
                            try {
                                bufferedReader.close();
                                return null;
                            } catch (IOException unused3) {
                                return null;
                            }
                        }
                    } catch (Throwable th) {
                        if (0 != 0) {
                            try {
                                bufferedReader.close();
                            } catch (IOException unused4) {
                            }
                        }
                        throw th;
                    }
                }

                @Override // javax.net.ssl.X509KeyManager
                public String[] getClientAliases(String str, Principal[] principalArr) {
                    return new String[]{"TCF"};
                }

                @Override // javax.net.ssl.X509KeyManager
                public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
                    return "TCF";
                }

                @Override // javax.net.ssl.X509KeyManager
                public String[] getServerAliases(String str, Principal[] principalArr) {
                    return new String[]{"TCF"};
                }

                @Override // javax.net.ssl.X509KeyManager
                public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
                    return "TCF";
                }
            }}, new TrustManager[]{new X509TrustManager() { // from class: org.eclipse.tcf.ssl.TCFSecurityManager.2
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    if ("RSA".equals(str) && x509CertificateArr != null && x509CertificateArr.length == 1) {
                        for (X509Certificate x509Certificate : getAcceptedIssuers()) {
                            if (x509Certificate.equals(x509CertificateArr[0])) {
                                return;
                            }
                        }
                    }
                    throw new CertificateException("Client certificate validation failed");
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    if ("RSA".equals(str) && x509CertificateArr != null && x509CertificateArr.length == 1) {
                        for (X509Certificate x509Certificate : getAcceptedIssuers()) {
                            if (x509Certificate.equals(x509CertificateArr[0])) {
                                return;
                            }
                        }
                    }
                    throw new CertificateException("Server certificate validation failed");
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    String[] list;
                    ArrayList arrayList = new ArrayList();
                    for (String str : certificatesDirectory.list()) {
                        if (str.endsWith(".cert")) {
                            BufferedInputStream bufferedInputStream = null;
                            try {
                                bufferedInputStream = new BufferedInputStream(new FileInputStream(new File(certificatesDirectory, str)));
                                X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(bufferedInputStream);
                                bufferedInputStream.close();
                                arrayList.add(x509Certificate);
                            } catch (Throwable th) {
                                Protocol.log("Cannot load certificate: " + str, th);
                                if (bufferedInputStream != null) {
                                    try {
                                        bufferedInputStream.close();
                                    } catch (IOException unused) {
                                        Protocol.log("Cannot close certificate file: " + str, th);
                                    }
                                }
                            }
                        }
                    }
                    if (sysCertificatesDirectory != null && (list = sysCertificatesDirectory.list()) != null) {
                        for (String str2 : list) {
                            if (str2.endsWith(".cert")) {
                                BufferedInputStream bufferedInputStream2 = null;
                                try {
                                    bufferedInputStream2 = new BufferedInputStream(new FileInputStream(new File(sysCertificatesDirectory, str2)));
                                    X509Certificate x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(bufferedInputStream2);
                                    bufferedInputStream2.close();
                                    arrayList.add(x509Certificate2);
                                } catch (Throwable th2) {
                                    Protocol.log("Cannot load certificate: " + str2, th2);
                                    if (bufferedInputStream2 != null) {
                                        try {
                                            bufferedInputStream2.close();
                                        } catch (IOException unused2) {
                                            Protocol.log("Cannot close certificate file: " + str2, th2);
                                        }
                                    }
                                }
                            }
                        }
                    }
                    return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
                }
            }}, null);
            return sSLContext;
        } catch (Throwable th) {
            Protocol.log("Cannot initialize SSL context", th);
            return null;
        }
    }
}
