package si.irm.fisc.ejb;

import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.Key;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Objects;
import javax.ejb.EJB;
import javax.ejb.LocalBean;
import javax.ejb.Stateless;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import si.irm.fisc.entities.FiscalConf;
import si.irm.fisc.enums.TransactionSource;
import si.irm.fisc.util.KeyStoreData;

@LocalBean
@Stateless
/* loaded from: input_file:Fiscalization.jar:si/irm/fisc/ejb/KeyStoreHelper.class */
public class KeyStoreHelper {

    @EJB
    private FiscalConfig fiscalConfig;

    @EJB
    private SettingsEJB settingsEJB;

    public KeyStoreData getKeyStoreData(TransactionSource transactionSource) {
        KeyStoreData keyStoreData = new KeyStoreData();
        try {
            String marinaStringSetting = this.settingsEJB.getMarinaStringSetting("MARINA", "MARINA", "ManageCombinedJavaTrustStore", "0");
            if (Objects.nonNull(marinaStringSetting) && marinaStringSetting.equals("1")) {
                configureTrustStore(keyStoreData, transactionSource);
                return null;
            }
            FiscalConf configuration = this.fiscalConfig.getConfiguration(transactionSource);
            keyStoreData.setKs(KeyStore.getInstance(KeyStore.getDefaultType()));
            keyStoreData.getKs().load(new FileInputStream(configuration.getCertPath()), configuration.getStorepass().toCharArray());
            if (!keyStoreData.getKs().containsAlias(configuration.getAlias())) {
                return null;
            }
            Key key = keyStoreData.getKs().getKey(configuration.getAlias(), configuration.getKeypass().toCharArray());
            if (!(key instanceof PrivateKey)) {
                return null;
            }
            keyStoreData.setCert(keyStoreData.getKs().getCertificate(configuration.getAlias()));
            keyStoreData.setPublicKey(keyStoreData.getCert().getPublicKey());
            keyStoreData.setPrivateKey((PrivateKey) key);
            return keyStoreData;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public void configureTrustStore(KeyStoreData keyStoreData, TransactionSource transactionSource) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, CertificateException, IOException {
        setSystemTrustManager(createMergedTrustManager(getJreTrustManager(), getMyTrustManager(keyStoreData, transactionSource)));
    }

    private X509TrustManager getJreTrustManager() throws NoSuchAlgorithmException, KeyStoreException {
        return findDefaultTrustManager(null);
    }

    private X509TrustManager getMyTrustManager(KeyStoreData keyStoreData, TransactionSource transactionSource) throws FileNotFoundException, KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        FiscalConf configuration = this.fiscalConfig.getConfiguration(transactionSource);
        Throwable th = null;
        try {
            try {
                FileInputStream fileInputStream = new FileInputStream(configuration.getCertPath());
                try {
                    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    keyStoreData.setKs(keyStore);
                    keyStore.load(fileInputStream, configuration.getStorepass().toCharArray());
                    if (keyStoreData.getKs().containsAlias(configuration.getAlias())) {
                        Key key = keyStoreData.getKs().getKey(configuration.getAlias(), configuration.getKeypass().toCharArray());
                        if (key instanceof PrivateKey) {
                            keyStoreData.setCert(keyStoreData.getKs().getCertificate(configuration.getAlias()));
                            keyStoreData.setPublicKey(keyStoreData.getCert().getPublicKey());
                            keyStoreData.setPrivateKey((PrivateKey) key);
                        }
                    }
                    X509TrustManager findDefaultTrustManager = findDefaultTrustManager(keyStore);
                    if (fileInputStream != null) {
                        fileInputStream.close();
                    }
                    return findDefaultTrustManager;
                } catch (Throwable th2) {
                    if (fileInputStream != null) {
                        fileInputStream.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (UnrecoverableKeyException e) {
            e.printStackTrace();
            return null;
        }
    }

    private X509TrustManager findDefaultTrustManager(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        return null;
    }

    private X509TrustManager createMergedTrustManager(final X509TrustManager x509TrustManager, final X509TrustManager x509TrustManager2) {
        return new X509TrustManager() { // from class: si.irm.fisc.ejb.KeyStoreHelper.1
            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return x509TrustManager.getAcceptedIssuers();
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                try {
                    x509TrustManager2.checkServerTrusted(x509CertificateArr, str);
                } catch (CertificateException e) {
                    x509TrustManager.checkServerTrusted(x509CertificateArr, str);
                }
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                x509TrustManager.checkClientTrusted(x509CertificateArr, str);
            }
        };
    }

    private void setSystemTrustManager(X509TrustManager x509TrustManager) throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, new TrustManager[]{x509TrustManager}, null);
        SSLContext.setDefault(sSLContext);
    }
}
