package at.spardat.xma.security;

import at.spardat.xma.boot.BootRuntime;
import at.spardat.xma.boot.Statics;
import at.spardat.xma.boot.comp.DTDStatics;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.URL;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.ResourceBundle;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.springframework.beans.propertyeditors.StringArrayPropertyEditor;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/xmartclient-6.0.2.jar:at/spardat/xma/security/SSLCertificateReader.class
  input_file:WEB-INF/lib/xmartserver-6.0.2.jar:at/spardat/xma/security/SSLCertificateReader.class
 */
/* loaded from: input_file:clientrt/xmartclient.jar:at/spardat/xma/security/SSLCertificateReader.class */
public class SSLCertificateReader {
    public static String SSL_CERT = "SSL_CERT";
    public static String SSL_CERT_ISSUED_TO = "SSL_CERT_ISSUED_TO";
    public static String SSL_CERT_ISSUED_BY = "SSL_CERT_ISSUED_BY";
    public static String SSL_CERT_VALID_FROM = "SSL_CERT_VALID_FROM";
    public static String SSL_CERT_VALID_TO = "SSL_CERT_VALID_TO";
    private ResourceBundle resourceBundle;

    public static void main(String[] strArr) {
        System.setProperty("http.proxyHost", "proxy-sd.s-mxs.net");
        System.setProperty("http.proxyPort", "8080");
        System.setProperty("https.proxyHost", "proxy-sd.s-mxs.net");
        System.setProperty("https.proxyPort", "8080");
        try {
            new SSLCertificateReader().readCertificateProxy("https://dev.imcplus.net/svn/sb", System.getProperty("https.proxyHost"), Integer.getInteger("https.proxyPort").intValue());
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public ArrayList<HashMap> readCertificateProxy(String str, String str2, int i) throws Exception {
        return readCertificate(str, new Proxy(Proxy.Type.HTTP, new InetSocketAddress(str2, i)));
    }

    public ArrayList<HashMap> readCertificate(String str) throws Exception {
        return readCertificate(str, null);
    }

    private ArrayList<HashMap> readCertificate(String str, Proxy proxy) throws Exception {
        HttpsURLConnection httpsURLConnection;
        X509Certificate rootCertificate;
        ArrayList arrayList = new ArrayList();
        try {
            URL url = new URL(str);
            if (proxy != null) {
                SSLContext sSLContext = SSLContext.getInstance("SSL");
                sSLContext.init(null, trustAllCerts(), new SecureRandom());
                HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
                HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid());
                httpsURLConnection = (HttpsURLConnection) url.openConnection(proxy);
            } else {
                httpsURLConnection = (HttpsURLConnection) url.openConnection();
            }
            httpsURLConnection.connect();
            Certificate[] serverCertificates = httpsURLConnection.getServerCertificates();
            X509Certificate x509Certificate = null;
            String[] strArr = new String[2];
            for (int i = 0; i < serverCertificates.length; i++) {
                X509Certificate x509Certificate2 = (X509Certificate) serverCertificates[i];
                addToAList(arrayList, populateCertificateData(x509Certificate2), x509Certificate2);
                if (x509Certificate != null) {
                    try {
                        x509Certificate.verify(x509Certificate2.getPublicKey());
                    } catch (SignatureException e) {
                    }
                } else {
                    x509Certificate = x509Certificate2;
                }
                if (i == serverCertificates.length - 1 && (rootCertificate = getRootCertificate(x509Certificate2.getPublicKey(), x509Certificate2)) != null) {
                    addToAList(arrayList, populateCertificateData(rootCertificate), rootCertificate);
                }
            }
            return arrayList;
        } catch (Exception e2) {
            throw e2;
        }
    }

    private void addToAList(ArrayList arrayList, List list, X509Certificate x509Certificate) {
        HashMap hashMap = new HashMap();
        hashMap.put(SSL_CERT_ISSUED_TO, getCN(x509Certificate.getSubjectDN().getName().split(StringArrayPropertyEditor.DEFAULT_SEPARATOR)));
        hashMap.put(SSL_CERT_ISSUED_BY, getCN(x509Certificate.getIssuerDN().getName().split(StringArrayPropertyEditor.DEFAULT_SEPARATOR)));
        hashMap.put(SSL_CERT_VALID_FROM, x509Certificate.getNotBefore());
        hashMap.put(SSL_CERT_VALID_TO, x509Certificate.getNotAfter());
        hashMap.put(SSL_CERT, list);
        arrayList.add(0, hashMap);
    }

    private List populateCertificateData(Certificate certificate) {
        ArrayList arrayList = new ArrayList();
        X509Certificate x509Certificate = (X509Certificate) certificate;
        arrayList.add(new String[]{getMessage("CertificateForm.Version", "Version"), "V" + x509Certificate.getVersion()});
        arrayList.add(new String[]{getMessage("CertificateForm.SerialNumber", "Seriennummer (Serial Number)"), x509Certificate.getSerialNumber().toString(16)});
        arrayList.add(new String[]{getMessage("CertificateForm.Signature", "Signaturalgorithmus (Signature)"), "" + x509Certificate.getSigAlgName()});
        String[] strArr = {getMessage("CertificateForm.IssuedBy", "Aussteller (Issued By)"), "" + x509Certificate.getIssuerDN()};
        System.out.println("issuer>> " + x509Certificate.getIssuerDN());
        arrayList.add(strArr);
        arrayList.add(new String[]{getMessage("CertificateForm.ValidFrom", "Gültig ab (Valid From)"), "" + x509Certificate.getNotBefore()});
        System.out.println("Valid From >> " + x509Certificate.getNotBefore());
        String[] strArr2 = {getMessage("CertificateForm.ValidTill", "Gültig bis(Valid Till)"), "" + x509Certificate.getNotAfter()};
        System.out.println("Valid Till >> " + x509Certificate.getNotAfter());
        arrayList.add(strArr2);
        String[] strArr3 = {getMessage("CertificateForm.IssuedTo", "Antragsteller (Subject/Issued To)"), "" + x509Certificate.getSubjectDN()};
        System.out.println("issued to >> " + x509Certificate.getSubjectDN());
        arrayList.add(strArr3);
        String[] strArr4 = {getMessage("CertificateForm.publicKey", "Öffentlicher Schlüssel (Public Key)"), "" + x509Certificate.getPublicKey()};
        toHex(x509Certificate.getPublicKey().getEncoded());
        arrayList.add(strArr4);
        String[] strArr5 = new String[2];
        return arrayList;
    }

    static String toHex(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        for (byte b : bArr) {
            sb.append(String.format("%1$02X", Byte.valueOf(b))).append(DTDStatics.SP);
        }
        return sb.toString();
    }

    private TrustManager[] trustAllCerts() {
        return new TrustManager[]{new X509TrustManager() { // from class: at.spardat.xma.security.SSLCertificateReader.1
            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }
        }};
    }

    public HostnameVerifier allHostsValid() {
        return new HostnameVerifier() { // from class: at.spardat.xma.security.SSLCertificateReader.2
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                return true;
            }
        };
    }

    private String getCN(String[] strArr) {
        for (String str : strArr) {
            String[] split = str.split("=");
            if (split[0].endsWith("CN")) {
                return split[1];
            }
        }
        return "";
    }

    public void setResourceBundle(ResourceBundle resourceBundle) {
        this.resourceBundle = resourceBundle;
    }

    private String getMessage(String str, String str2) {
        if (this.resourceBundle == null) {
            return str2;
        }
        try {
            return this.resourceBundle.getString(str);
        } catch (Exception e) {
            return str2;
        }
    }

    public X509Certificate getRootCertificate(PublicKey publicKey, X509Certificate x509Certificate) {
        X509Certificate x509Certificate2 = null;
        try {
            String property = System.getProperty("javax.net.ssl.trustStore");
            if (property == null) {
                property = BootRuntime.getInstance().getConfigProperties().getProperty(Statics.CFG_PROP_SECURECERTS);
            }
            if (property != null) {
                FileInputStream fileInputStream = new FileInputStream(property);
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(fileInputStream, "changeit".toCharArray());
                Iterator<TrustAnchor> it = new PKIXParameters(keyStore).getTrustAnchors().iterator();
                while (it.hasNext()) {
                    x509Certificate2 = it.next().getTrustedCert();
                    try {
                        x509Certificate.verify(x509Certificate2.getPublicKey());
                        break;
                    } catch (Exception e) {
                        x509Certificate2 = null;
                    }
                }
            }
        } catch (IOException e2) {
        } catch (InvalidAlgorithmParameterException e3) {
        } catch (KeyStoreException e4) {
        } catch (NoSuchAlgorithmException e5) {
        } catch (CertificateException e6) {
        }
        return x509Certificate2;
    }
}
