package ch.transsoft.edec.service.certificate;

import ch.transsoft.edec.model.config.conf.license.CertificateInfo;
import ch.transsoft.edec.service.Services;
import ch.transsoft.edec.service.config.IConfigService;
import ch.transsoft.edec.util.Base64;
import ch.transsoft.edec.util.Check;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:ch/transsoft/edec/service/certificate/CertificateService.class */
public class CertificateService implements ICertificateService {
    private static final String trust_password = "68hc11";

    /* loaded from: input_file:ch/transsoft/edec/service/certificate/CertificateService$TrustAllX509TrustManager.class */
    public class TrustAllX509TrustManager implements X509TrustManager {
        public TrustAllX509TrustManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }
    }

    @Override // ch.transsoft.edec.service.certificate.ICertificateService
    public void init() {
        try {
            new URL("https://");
        } catch (MalformedURLException e) {
            Check.fail(e);
        }
        updateCertificate();
    }

    @Override // ch.transsoft.edec.service.certificate.ICertificateService
    public void updateCertificate() {
        try {
            if (((IConfigService) Services.get(IConfigService.class)).hasCertificate()) {
                setKeyAndTrustStore();
            } else {
                setTrustStoreOnly();
            }
        } catch (Exception e) {
            Check.fail(e);
        }
    }

    @Override // ch.transsoft.edec.service.certificate.ICertificateService
    public void setTrustStoreOnly() throws Exception {
        getTrustManagerFactory();
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, new TrustManager[]{new TrustAllX509TrustManager()}, null);
        HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
    }

    void setKeyAndTrustStore() throws Exception {
        getTrustManagerFactory();
        KeyManagerFactory keyManagerFactory = getKeyManagerFactory();
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(keyManagerFactory.getKeyManagers(), new TrustManager[]{new TrustAllX509TrustManager()}, null);
        HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
    }

    private TrustManagerFactory getTrustManagerFactory() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(CertificateService.class.getResourceAsStream("cert/truststore.jks"), trust_password.toCharArray());
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        return trustManagerFactory;
    }

    private KeyManagerFactory getKeyManagerFactory() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        CertificateInfo certificate = ((IConfigService) Services.get(IConfigService.class)).getLicenseInfo().getCertificate();
        Check.assertTrue(certificate.getCertificatePassword().isInitialized(), "Certificate password missing");
        Check.assertTrue(certificate.getCertificateData().isInitialized(), "Certificate missing");
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.decode(certificate.getCertificateData().getValue()));
        char[] charArray = certificate.getCertificatePassword().getValue().toCharArray();
        keyStore.load(byteArrayInputStream, charArray);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, charArray);
        return keyManagerFactory;
    }

    @Override // ch.transsoft.edec.service.certificate.ICertificateService
    public Collection<InputStream> getEvzRootCertificates() {
        return Arrays.asList(CertificateService.class.getResourceAsStream("cert/AdminCA-CD-T01.cer"), CertificateService.class.getResourceAsStream("cert/Regular.cer"));
    }
}
