package org.bzdev.ejws;

import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.lang.ProcessBuilder;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.util.Iterator;
import java.util.ResourceBundle;
import java.util.ServiceLoader;
import java.util.Set;
import java.util.TimeZone;
import java.util.TreeSet;
import javax.net.ssl.TrustManager;
import org.bzdev.ejws.EmbeddedWebServer;
import org.bzdev.util.SafeFormatter;

/* loaded from: input_file:libbzdev-ejws.jar:org/bzdev/ejws/CertManager.class */
public abstract class CertManager {
    private static ResourceBundle exbundle = ResourceBundle.getBundle("org.bzdev.ejws.lpack.EmbeddedWebServer");
    private static final int DAY = 86400;
    private Mode mode = Mode.NORMAL;
    private boolean alwaysCreate = false;
    String dommain = null;
    String email = null;
    String name = null;
    String protocol = null;
    File keystoreFile = null;
    File truststoreFile = null;
    TrustManager[] trustManagers = null;
    char[] keystorePW = "changeit".toCharArray();
    char[] keyPW = null;
    char[] truststorePW = null;
    String domain = null;
    EmbeddedWebServer.Configurator configurator = null;
    EmbeddedWebServer helper = null;
    Appendable tracer = null;
    int timeOffset = 0;
    int interval = 5;
    int stopDelay = 3;
    private TimeZone timezone = TimeZone.getDefault();
    boolean certTrace = false;
    volatile int stopcount = 0;
    Thread[] certThreads = null;
    EmbeddedWebServer ews = null;

    /* loaded from: input_file:libbzdev-ejws.jar:org/bzdev/ejws/CertManager$DefaultCertManager.class */
    private static class DefaultCertManager extends CertManager {
        private static final int DAY = 86400;
        static final int validity = 90;
        boolean status = false;
        String ks = null;
        protected boolean externalKeystore = false;
        private X509Certificate ourcert = null;
        private Object monitor = new Object();
        private boolean rstatus = false;

        private DefaultCertManager() {
        }

        private boolean handleCertificateRequest(boolean z) {
            boolean z2;
            File keystoreFile;
            String property = System.getProperty("file.separator");
            String str = System.getProperty("java.home") + property + "bin" + property + "keytool";
            char[] keystorePW = getKeystorePW();
            String str2 = keystorePW == null ? null : new String(keystorePW);
            String str3 = getKeyPW() == null ? str2 : new String(keystorePW);
            if (str2 == null) {
                Appendable tracer = getTracer();
                if (tracer == null) {
                    return false;
                }
                try {
                    tracer.append(errorMsg("keytoolPW", new Object[0]) + "\n");
                    return false;
                } catch (IOException e) {
                    return false;
                }
            }
            if (getDomain() == null) {
                if (this.tracer == null) {
                    return false;
                }
                try {
                    this.tracer.append(errorMsg("Domain", new Object[0]) + "\n");
                    return false;
                } catch (IOException e2) {
                    return false;
                }
            }
            try {
                keystoreFile = getKeystoreFile();
            } catch (Exception e3) {
                z2 = false;
                Appendable tracer2 = getTracer();
                if (tracer2 != null) {
                    try {
                        tracer2.append(errorMsg("newCert", e3.getMessage()) + "\n");
                    } catch (IOException e4) {
                    }
                }
            }
            if (keystoreFile == null) {
                if (this.tracer == null) {
                    return false;
                }
                try {
                    this.tracer.append(errorMsg("Keytool", new Object[0]) + "\n");
                    return false;
                } catch (IOException e5) {
                    return false;
                }
            }
            this.ks = keystoreFile.getCanonicalPath();
            if (keystoreFile.exists()) {
                try {
                    KeyStore keyStore = KeyStore.getInstance(keystoreFile, keystorePW);
                    Certificate certificate = keyStore.getCertificate("servercert");
                    if (certificate != null && (certificate instanceof X509Certificate)) {
                        X509Certificate x509Certificate = (X509Certificate) certificate;
                        if (this.externalKeystore) {
                            if (this.ourcert == null) {
                                this.ourcert = x509Certificate;
                            }
                            return (!alwaysCreate() && x509Certificate == this.ourcert && z) ? false : true;
                        }
                        long time = (x509Certificate.getNotAfter().getTime() - Instant.now().toEpochMilli()) / 86400000;
                        Certificate[] certificateChain = keyStore.getCertificateChain("servercert");
                        boolean z3 = (certificateChain != null && certificateChain.length > 1) || alwaysCreate();
                        if (3 * time > 90 && !z3) {
                            return !z;
                        }
                        try {
                            ProcessBuilder processBuilder = new ProcessBuilder(str, "-delete", "-keystore", this.ks, "-storepass", str2, "-alias", "servercert");
                            processBuilder.redirectOutput(ProcessBuilder.Redirect.DISCARD);
                            processBuilder.redirectError(ProcessBuilder.Redirect.DISCARD);
                            processBuilder.start().waitFor();
                        } catch (Exception e6) {
                        }
                    } else if (certificate != null) {
                        if (this.tracer == null) {
                            return false;
                        }
                        this.tracer.append(errorMsg("notX509", new Object[0]) + "\n");
                        return false;
                    }
                } catch (Exception e7) {
                    Appendable tracer3 = getTracer();
                    if (tracer3 == null) {
                        return false;
                    }
                    tracer3.append(errorMsg("oldCert", e7.getMessage()) + "\n");
                    return false;
                }
            }
            if (this.externalKeystore) {
                return false;
            }
            ProcessBuilder processBuilder2 = new ProcessBuilder(str, "-genkeypair", "-keyalg", "EC", "-groupname", "secp256r1", "-sigalg", "SHA256withECDSA", "-keystore", this.ks, "-keypass", str3, "-storepass", str2, "-alias", "servercert", "-dname", "CN=" + getDomain(), "-validity", "90");
            processBuilder2.redirectOutput(ProcessBuilder.Redirect.DISCARD);
            processBuilder2.redirectError(ProcessBuilder.Redirect.DISCARD);
            z2 = processBuilder2.start().waitFor() == 0;
            return z2;
        }

        @Override // org.bzdev.ejws.CertManager
        protected void requestCertificate() {
            this.status = handleCertificateRequest(false);
        }

        @Override // org.bzdev.ejws.CertManager
        protected boolean certificateRequestStatus() {
            return this.status;
        }

        @Override // org.bzdev.ejws.CertManager
        protected void requestRenewal() {
            boolean handleCertificateRequest = handleCertificateRequest(true);
            synchronized (this.monitor) {
                this.rstatus = handleCertificateRequest;
                this.monitor.notifyAll();
            }
        }

        @Override // org.bzdev.ejws.CertManager
        protected boolean renewalRequestStatus() throws InterruptedException {
            synchronized (this.monitor) {
                while (!this.rstatus) {
                    try {
                        try {
                            this.monitor.wait();
                            Appendable tracer = getTracer();
                            if (tracer != null) {
                                try {
                                    tracer.append(errorMsg("renewStatus", Boolean.valueOf(this.rstatus)) + "\n");
                                } catch (IOException e) {
                                }
                            }
                        } catch (InterruptedException e2) {
                            this.rstatus = false;
                            throw e2;
                        }
                    } finally {
                        this.rstatus = false;
                    }
                }
            }
            return true;
        }
    }

    /* loaded from: input_file:libbzdev-ejws.jar:org/bzdev/ejws/CertManager$ExternalCertManager.class */
    private static class ExternalCertManager extends DefaultCertManager {
        ExternalCertManager() {
            this.externalKeystore = true;
        }
    }

    /* loaded from: input_file:libbzdev-ejws.jar:org/bzdev/ejws/CertManager$Mode.class */
    public enum Mode {
        NORMAL,
        LOCAL,
        STAGED,
        TEST
    }

    static String errorMsg(String str, Object... objArr) {
        return new SafeFormatter().format(exbundle.getString(str), objArr).toString();
    }

    public CertManager setMode(Mode mode) {
        if (mode == null) {
            mode = Mode.NORMAL;
        }
        this.mode = mode;
        return this;
    }

    public Mode getMode() {
        return this.mode;
    }

    public boolean alwaysCreate() {
        return this.alwaysCreate;
    }

    public CertManager alwaysCreate(boolean z) {
        this.alwaysCreate = z;
        return this;
    }

    public static CertManager newInstance() {
        Iterator it = ServiceLoader.load(CertManager.class).iterator();
        return it.hasNext() ? (CertManager) it.next() : new DefaultCertManager();
    }

    public static Set<String> providerNames() {
        TreeSet treeSet = new TreeSet();
        ServiceLoader.load(CertManager.class).stream().map((v0) -> {
            return v0.get();
        }).forEach(certManager -> {
            treeSet.add(certManager.getClass().getCanonicalName());
            String providerName = certManager.providerName();
            if (providerName != null) {
                treeSet.add(providerName);
            }
        });
        treeSet.add("default");
        treeSet.add("external");
        return treeSet;
    }

    public static CertManager newInstance(String str) {
        if (str.equals("default")) {
            return new DefaultCertManager();
        }
        if (str.equals("external")) {
            return new ExternalCertManager();
        }
        Iterator it = ServiceLoader.load(CertManager.class).iterator();
        while (it.hasNext()) {
            CertManager certManager = (CertManager) it.next();
            if (str != null && !certManager.getClass().getCanonicalName().equals(str) && !certManager.providerName().equals(str)) {
            }
            return certManager;
        }
        return null;
    }

    public CertManager setTracer(Appendable appendable) {
        this.tracer = appendable;
        return this;
    }

    protected Appendable getTracer() {
        return this.tracer;
    }

    public CertManager setCertName(String str) {
        this.name = str;
        return this;
    }

    public String getCertName() {
        return this.name;
    }

    public CertManager setDomain(String str) {
        this.domain = str;
        return this;
    }

    public String getDomain() {
        return this.domain;
    }

    public CertManager setEmail(String str) {
        this.email = str;
        return this;
    }

    public String getEmail() {
        return this.email;
    }

    public String providerName() {
        return null;
    }

    public int helperPort() {
        return 0;
    }

    protected void configureHelper(EmbeddedWebServer embeddedWebServer) {
    }

    protected abstract void requestCertificate();

    protected abstract boolean certificateRequestStatus();

    protected abstract void requestRenewal();

    protected abstract boolean renewalRequestStatus() throws InterruptedException;

    public CertManager setTimeOffset(int i) {
        this.timeOffset = i;
        return this;
    }

    public int getTimeOffset() {
        return this.timeOffset;
    }

    public CertManager setInterval(int i) {
        this.interval = i;
        return this;
    }

    public int getInterval() {
        return this.interval;
    }

    public CertManager setStopDelay(int i) {
        this.stopDelay = i;
        return this;
    }

    public int getStopDelay() {
        return this.stopDelay;
    }

    public CertManager setTimeZone(String str) {
        this.timezone = (str == null || str.trim().length() == 0) ? TimeZone.getDefault() : TimeZone.getTimeZone(str);
        return this;
    }

    public CertManager setTimeZone(TimeZone timeZone) {
        this.timezone = timeZone == null ? TimeZone.getDefault() : timeZone;
        return this;
    }

    public String getTimeZone() {
        return this.timezone.getID();
    }

    public long getInitialWaitMillis() {
        int rawOffset = (this.timezone.getRawOffset() + this.timezone.getDSTSavings()) / 1000;
        if (this.interval == 0) {
            return 60000L;
        }
        long epochSecond = Instant.now().getEpochSecond() + rawOffset;
        long j = epochSecond - ((epochSecond / 86400) * 86400);
        if (j < 0) {
            j += 86400;
        }
        if (j > 86400) {
            j -= 86400;
        }
        return ((86400 - j) + this.timeOffset + (DAY * this.interval)) * 1000;
    }

    public CertManager setCertTrace(boolean z) {
        this.certTrace = z;
        return this;
    }

    public long getIntervalMillis() {
        if (this.interval == 0) {
            return 60000L;
        }
        return this.interval * DAY * 1000;
    }

    public CertManager setProtocol(String str) {
        this.protocol = str;
        return this;
    }

    public String getProtocol() {
        return this.protocol;
    }

    public CertManager setKeystoreFile(File file) {
        this.keystoreFile = file;
        return this;
    }

    public File getKeystoreFile() {
        return this.keystoreFile;
    }

    public CertManager setTrustManagers(TrustManager[] trustManagerArr) throws IllegalStateException {
        if (this.truststoreFile != null) {
            throw new IllegalStateException("tsset1");
        }
        this.trustManagers = trustManagerArr;
        return this;
    }

    public CertManager setTruststoreFile(File file) throws IllegalStateException {
        if (this.trustManagers != null) {
            throw new IllegalStateException("tmset1");
        }
        this.truststoreFile = file;
        return this;
    }

    public CertManager setKeystorePW(char[] cArr) {
        this.keystorePW = cArr == null ? "changeit".toCharArray() : (char[]) cArr.clone();
        return this;
    }

    protected char[] getKeystorePW() {
        if (this.keystorePW == null) {
            return null;
        }
        return (char[]) this.keystorePW.clone();
    }

    public CertManager setKeyPW(char[] cArr) {
        this.keyPW = cArr == null ? null : (char[]) cArr.clone();
        return this;
    }

    protected char[] getKeyPW() {
        return this.keyPW == null ? getKeystorePW() : (char[]) this.keyPW.clone();
    }

    public CertManager setTruststorePW(char[] cArr) {
        this.truststorePW = (char[]) cArr.clone();
        return this;
    }

    protected char[] getTruststorePW() {
        return (char[]) this.truststorePW.clone();
    }

    public CertManager setConfigurator(EmbeddedWebServer.Configurator configurator) {
        this.configurator = configurator;
        return this;
    }

    protected EmbeddedWebServer getHelper() {
        return this.helper;
    }

    public CertManager setHelper(EmbeddedWebServer embeddedWebServer) {
        this.helper = embeddedWebServer;
        int helperPort = helperPort();
        if (embeddedWebServer != null && helperPort != 0 && !embeddedWebServer.usesHTTPS() && !embeddedWebServer.serverRunning()) {
            configureHelper(embeddedWebServer);
            embeddedWebServer.start();
        }
        return this;
    }

    private void traceCertificate() {
        if (!this.certTrace || this.tracer == null) {
            return;
        }
        String property = System.getProperty("file.separator");
        try {
            Process start = new ProcessBuilder(System.getProperty("java.home") + property + "bin" + property + "keytool", "-exportcert", "-keystore", this.keystoreFile.getCanonicalPath(), "-storepass", new String(this.keystorePW), "-alias", "servercert", "-rfc").start();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(2048);
            start.getInputStream().transferTo(byteArrayOutputStream);
            this.tracer.append(byteArrayOutputStream.toString());
        } catch (IOException e) {
        }
    }

    /* JADX WARN: Finally extract failed */
    private boolean createCertificateIfNeeded() {
        requestCertificate();
        try {
            boolean certificateRequestStatus = certificateRequestStatus();
            if (this.tracer != null) {
                try {
                    this.tracer.append(errorMsg("hasCert", new Object[0]) + "\n");
                } catch (IOException e) {
                }
            }
            traceCertificate();
            return certificateRequestStatus;
        } catch (Throwable th) {
            if (this.tracer != null) {
                try {
                    this.tracer.append(errorMsg("hasCert", new Object[0]) + "\n");
                } catch (IOException e2) {
                }
            }
            traceCertificate();
            throw th;
        }
    }

    public EmbeddedWebServer.SSLSetup getSetup() throws IOException {
        if (this.protocol != null) {
            createCertificateIfNeeded();
        }
        EmbeddedWebServer.SSLSetup sSLSetup = new EmbeddedWebServer.SSLSetup(this.protocol);
        if (this.keystoreFile != null) {
            sSLSetup.keystore(new FileInputStream(this.keystoreFile));
        }
        if (this.trustManagers != null) {
            sSLSetup.trustManagers(this.trustManagers);
        }
        if (this.truststoreFile != null) {
            sSLSetup.truststore(new FileInputStream(this.truststoreFile));
        }
        if (this.keystorePW != null) {
            sSLSetup.keystorePassword(getKeystorePW());
        }
        if (this.keyPW != null || this.keystorePW != null) {
            sSLSetup.keyPassword(getKeyPW());
        }
        if (this.truststorePW != null) {
            sSLSetup.truststorePassword(this.truststorePW);
        }
        if (this.configurator != null) {
            sSLSetup.configurator(this.configurator);
        }
        return sSLSetup;
    }

    Thread[] monitorCertificate(EmbeddedWebServer embeddedWebServer) {
        Thread thread = new Thread(() -> {
            if (this.tracer != null) {
                try {
                    this.tracer.append(errorMsg("monitoringStarted", new Object[0]) + "\n");
                } catch (IOException e) {
                }
            }
            long initialWaitMillis = getInitialWaitMillis();
            Instant now = Instant.now();
            try {
                Thread.currentThread();
                Thread.sleep(initialWaitMillis);
                Instant plusMillis = now.plusMillis(initialWaitMillis);
                while (true) {
                    long epochMilli = plusMillis.toEpochMilli() - Instant.now().toEpochMilli();
                    long intervalMillis = getIntervalMillis();
                    plusMillis = plusMillis.plusMillis(intervalMillis);
                    long j = intervalMillis + epochMilli;
                    if (this.tracer != null) {
                        try {
                            this.tracer.append(errorMsg("requestRenewal", new Object[0]) + "\n");
                        } catch (IOException e2) {
                        }
                    }
                    synchronized (embeddedWebServer) {
                        requestRenewal();
                    }
                    Thread.currentThread();
                    Thread.sleep(j);
                }
            } catch (InterruptedException e3) {
                this.stopcount++;
                if (this.stopcount == 2) {
                    if (this.tracer != null) {
                        try {
                            this.tracer.append(errorMsg("monitoringStopped", new Object[0]) + "\n");
                        } catch (IOException e4) {
                        }
                    }
                    this.stopcount = 0;
                }
            }
        });
        thread.start();
        Thread thread2 = new Thread(() -> {
            while (true) {
                try {
                    if (renewalRequestStatus()) {
                        synchronized (embeddedWebServer) {
                            if (this.tracer != null) {
                                this.tracer.append(errorMsg("renewed", new Object[0]) + "\n");
                            }
                            traceCertificate();
                            embeddedWebServer.modifyServerSetup();
                            if (embeddedWebServer.serverRunning()) {
                                embeddedWebServer.stop(this.stopDelay);
                                embeddedWebServer.start();
                            }
                        }
                    }
                } catch (InterruptedException e) {
                    this.stopcount++;
                    if (this.stopcount == 2) {
                        if (this.tracer != null) {
                            try {
                                this.tracer.append(errorMsg("monitoringStopped", new Object[0]) + "\n");
                            } catch (IOException e2) {
                            }
                        }
                        this.stopcount = 0;
                        return;
                    }
                    return;
                } catch (Exception e3) {
                    if (this.tracer != null) {
                        try {
                            this.tracer.append(errorMsg("renewalFailed", e3.getMessage()) + "\n");
                            return;
                        } catch (IOException e4) {
                            return;
                        }
                    }
                    return;
                }
            }
        });
        thread2.start();
        return new Thread[]{thread, thread2};
    }

    public boolean isMonitoring() {
        return this.certThreads != null;
    }

    public synchronized void startMonitoring(EmbeddedWebServer embeddedWebServer) {
        if (this.certThreads == null) {
            this.certThreads = monitorCertificate(embeddedWebServer);
            this.stopcount = 0;
            this.ews = embeddedWebServer;
        } else {
            if (this.ews == embeddedWebServer) {
                return;
            }
            String errorMsg = errorMsg("multipleEWS", new Object[0]);
            if (this.tracer != null) {
                try {
                    this.tracer.append(errorMsg + "\n");
                } catch (IOException e) {
                }
            }
            throw new IllegalStateException(errorMsg);
        }
    }

    public synchronized void stopMonitoring() {
        if (this.stopcount > 0) {
            return;
        }
        if (this.certThreads != null) {
            this.stopcount = 0;
            try {
                this.certThreads[0].interrupt();
            } catch (Exception e) {
            }
            try {
                this.certThreads[1].interrupt();
            } catch (Exception e2) {
            }
            this.certThreads = null;
            this.ews = null;
        }
        EmbeddedWebServer helper = getHelper();
        if (helper == null || !helper.serverRunning()) {
            return;
        }
        helper.shutdown(0);
    }
}
