package com.ejie.r01f.net.ssl;

import com.ejie.r01f.log.R01FLog;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Hashtable;
import java.util.LinkedList;
import org.bouncycastle.crypto.tls.CertificateRequest;
import org.bouncycastle.crypto.tls.DefaultTlsClient;
import org.bouncycastle.crypto.tls.TlsAuthentication;
import org.bouncycastle.crypto.tls.TlsCredentials;

/* loaded from: input_file:com/ejie/r01f/net/ssl/TLSClientExtension.class */
public class TLSClientExtension extends DefaultTlsClient {
    private Certificate[] peertCerts;
    private String host;

    public TLSClientExtension(String str) {
        this.host = str;
    }

    protected boolean allowUnexpectedServerExtension(Integer num, byte[] bArr) throws IOException {
        return true;
    }

    public Hashtable<Integer, byte[]> getClientExtensions() throws IOException {
        Hashtable<Integer, byte[]> clientExtensions = super.getClientExtensions();
        if (clientExtensions == null) {
            clientExtensions = new Hashtable<>();
        }
        byte[] bytes = this.host.getBytes();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        dataOutputStream.writeShort(bytes.length + 3);
        dataOutputStream.writeByte(0);
        dataOutputStream.writeShort(bytes.length);
        dataOutputStream.write(bytes);
        dataOutputStream.close();
        clientExtensions.put(0, byteArrayOutputStream.toByteArray());
        return clientExtensions;
    }

    public TlsAuthentication getAuthentication() throws IOException {
        return new TlsAuthentication() { // from class: com.ejie.r01f.net.ssl.TLSClientExtension.1
            public void notifyServerCertificate(org.bouncycastle.crypto.tls.Certificate certificate) throws IOException {
                try {
                    KeyStore _loadKeyStore = _loadKeyStore();
                    R01FLog.to("r01f.util").info(">>>>>>>> KeyStore : " + _loadKeyStore.size());
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                    LinkedList linkedList = new LinkedList();
                    boolean z = false;
                    for (org.bouncycastle.asn1.x509.Certificate certificate2 : certificate.getCertificateList()) {
                        Certificate generateCertificate = certificateFactory.generateCertificate(new ByteArrayInputStream(certificate2.getEncoded()));
                        linkedList.add(generateCertificate);
                        if (_loadKeyStore.getCertificateAlias(generateCertificate) != null) {
                            R01FLog.to("r01f.util").info(">>> Trusted cert\n" + certificate2.getSubject().toString());
                            if (generateCertificate instanceof X509Certificate) {
                                try {
                                    ((X509Certificate) generateCertificate).checkValidity();
                                    z = true;
                                    R01FLog.to("r01f.util").info("Certificate is active for current date\n" + generateCertificate);
                                } catch (CertificateExpiredException e) {
                                    R01FLog.to("r01f.util").info("Certificate is expired...");
                                }
                            }
                        } else {
                            R01FLog.to("r01f.util").info(">>> Unknown cert " + certificate2.getSubject().toString());
                            R01FLog.to("r01f.util").fine("" + generateCertificate);
                        }
                    }
                    if (!z) {
                        throw new CertificateException("Unknown cert " + certificate);
                    }
                    TLSClientExtension.this.peertCerts = (Certificate[]) linkedList.toArray(new Certificate[0]);
                } catch (Exception e2) {
                    e2.printStackTrace();
                    throw new IOException(e2);
                }
            }

            public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {
                return null;
            }

            private KeyStore _loadKeyStore() throws Exception {
                File file;
                FileInputStream fileInputStream = null;
                try {
                    KeyStore keyStore = null;
                    String property = System.getProperty("javax.net.ssl.trustStore");
                    if (!"NONE".equals(property)) {
                        if (property != null) {
                            file = new File(property);
                            fileInputStream = _getFileInputStream(file);
                        } else {
                            String property2 = System.getProperty("java.home");
                            file = new File(property2 + File.separator + "lib" + File.separator + "security" + File.separator + "jssecacerts");
                            FileInputStream _getFileInputStream = _getFileInputStream(file);
                            fileInputStream = _getFileInputStream;
                            if (_getFileInputStream == null) {
                                file = new File(property2 + File.separator + "lib" + File.separator + "security" + File.separator + "cacerts");
                                fileInputStream = _getFileInputStream(file);
                            }
                        }
                        if (fileInputStream != null) {
                            file.getPath();
                        }
                    }
                    String property3 = System.getProperty("javax.net.ssl.trustStoreType") != null ? System.getProperty("javax.net.ssl.trustStoreType") : KeyStore.getDefaultType();
                    String property4 = System.getProperty("javax.net.ssl.trustStoreProvider") != null ? System.getProperty("javax.net.ssl.trustStoreProvider") : "";
                    if (property3.length() != 0) {
                        keyStore = property4.length() == 0 ? KeyStore.getInstance(property3) : KeyStore.getInstance(property3, property4);
                        String property5 = System.getProperty("javax.net.ssl.trustStorePassword") != null ? System.getProperty("javax.net.ssl.trustStorePassword") : "";
                        char[] charArray = property5.length() != 0 ? property5.toCharArray() : null;
                        keyStore.load(fileInputStream, charArray);
                        if (charArray != null) {
                            for (int i = 0; i < charArray.length; i++) {
                                charArray[i] = 0;
                            }
                        }
                    }
                    return keyStore;
                } finally {
                    if (fileInputStream != null) {
                        fileInputStream.close();
                    }
                }
            }

            private FileInputStream _getFileInputStream(File file) throws Exception {
                if (file.exists()) {
                    return new FileInputStream(file);
                }
                return null;
            }
        };
    }

    public Certificate[] getPeertCerts() {
        return this.peertCerts;
    }
}
