package jp.ac.tokushima_u.db.rmi.impl;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import org.apache.poi.openxml4j.opc.PackagingURIHelper;

/* loaded from: input_file:jp/ac/tokushima_u/db/rmi/impl/RMSSL.class */
public class RMSSL {
    SSLContext ctx;
    Set<String> clientPrincipals = new HashSet();
    private static Map<String, X509Certificate> m_CACerts = new HashMap();
    private static Map<String, X509CRL> m_CRLs = new HashMap();

    /* loaded from: input_file:jp/ac/tokushima_u/db/rmi/impl/RMSSL$RMSSLTrustManager.class */
    static class RMSSLTrustManager implements X509TrustManager {
        RMSSL rmssl;
        X509TrustManager tmf;

        RMSSLTrustManager(RMSSL rmssl, X509TrustManager x509TrustManager) {
            this.rmssl = rmssl;
            this.tmf = x509TrustManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.tmf.checkClientTrusted(x509CertificateArr, str);
            for (X509Certificate x509Certificate : x509CertificateArr) {
                X509CRL crl = this.rmssl.getCRL(x509Certificate);
                if (crl != null && crl.isRevoked(x509Certificate)) {
                    throw new CertificateException("Certificate is revoked.");
                }
            }
            if (x509CertificateArr.length > 0 && !this.rmssl.clientPrincipals.contains(x509CertificateArr[0].getSubjectX500Principal().toString().trim())) {
                throw new CertificateException("Client is not acceptable: \"" + x509CertificateArr[0].getSubjectX500Principal().toString().trim() + "\"");
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.tmf.checkServerTrusted(x509CertificateArr, str);
            for (X509Certificate x509Certificate : x509CertificateArr) {
                X509CRL crl = this.rmssl.getCRL(x509Certificate);
                if (crl != null && crl.isRevoked(x509Certificate)) {
                    throw new CertificateException("Certificate is revoked.");
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.tmf.getAcceptedIssuers();
        }
    }

    public static char[] readPassphrase(File file) throws IOException {
        BufferedReader bufferedReader = new BufferedReader(new FileReader(file));
        char[] cArr = new char[1024];
        int read = bufferedReader.read(cArr, 0, cArr.length);
        bufferedReader.close();
        if (cArr[read - 1] == '\n') {
            read--;
        }
        char[] cArr2 = new char[read];
        System.arraycopy(cArr, 0, cArr2, 0, read);
        return cArr2;
    }

    public RMSSL(File[] fileArr, File file, char[] cArr, File[] fileArr2, File file2) throws NoSuchProviderException, NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException, CertificateException, CRLException, IOException {
        KeyManagerFactory keyManagerFactory = null;
        SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
        secureRandom.setSeed(secureRandom.generateSeed(20));
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        int i = 0;
        for (File file3 : fileArr) {
            try {
                FileInputStream fileInputStream = new FileInputStream(file3);
                X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(fileInputStream);
                fileInputStream.close();
                i++;
                keyStore.setCertificateEntry("ROOT" + i, x509Certificate);
                m_CACerts.put(getSubjectX509DN(x509Certificate), x509Certificate);
            } catch (FileNotFoundException e) {
            }
        }
        trustManagerFactory.init(keyStore);
        if (file != null && cArr != null) {
            KeyStore keyStore2 = KeyStore.getInstance("PKCS12", "SunJSSE");
            FileInputStream fileInputStream2 = new FileInputStream(file);
            keyStore2.load(fileInputStream2, cArr);
            fileInputStream2.close();
            keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
            keyManagerFactory.init(keyStore2, cArr);
        }
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        TrustManager[] trustManagerArr = new TrustManager[trustManagers.length];
        for (int i2 = 0; i2 < trustManagers.length; i2++) {
            trustManagerArr[i2] = trustManagers[i2] instanceof X509TrustManager ? new RMSSLTrustManager(this, (X509TrustManager) trustManagers[i2]) : trustManagers[i2];
        }
        this.ctx = SSLContext.getInstance("TLSv1.2");
        this.ctx.init(keyManagerFactory != null ? keyManagerFactory.getKeyManagers() : null, trustManagerArr, secureRandom);
        for (File file4 : fileArr2) {
            try {
                BufferedReader bufferedReader = new BufferedReader(new FileReader(file4));
                String readLine = bufferedReader.readLine();
                bufferedReader.close();
                InputStream openStream = new URL(readLine).openStream();
                X509CRL x509crl = (X509CRL) certificateFactory.generateCRL(openStream);
                openStream.close();
                m_CRLs.put(getIssuerX509DN(x509crl), x509crl);
            } catch (FileNotFoundException e2) {
            }
        }
        if (file2 == null) {
            return;
        }
        BufferedReader bufferedReader2 = new BufferedReader(new FileReader(file2));
        while (true) {
            String readLine2 = bufferedReader2.readLine();
            if (readLine2 == null) {
                bufferedReader2.close();
                return;
            }
            this.clientPrincipals.add(readLine2.trim());
        }
    }

    public X509CRL getCRL(X509Certificate x509Certificate) {
        return m_CRLs.get(getIssuerX509DN(x509Certificate));
    }

    public static String getX509DN(X500Principal x500Principal) {
        String[] split = x500Principal.toString().replaceAll("EMAILADDRESS=", "emailAddress=").split(", ");
        String str = "";
        for (int length = split.length - 1; length >= 0; length--) {
            str = str + PackagingURIHelper.FORWARD_SLASH_STRING + split[length];
        }
        return str;
    }

    public static String getIssuerX509DN(X509Certificate x509Certificate) {
        return getX509DN(x509Certificate.getIssuerX500Principal());
    }

    public static String getSubjectX509DN(X509Certificate x509Certificate) {
        return getX509DN(x509Certificate.getSubjectX500Principal());
    }

    public static String getIssuerX509DN(X509CRL x509crl) {
        return getX509DN(x509crl.getIssuerX500Principal());
    }
}
