package es.gob.afirma.keystores.misc;

import es.gob.afirma.core.misc.AOUtil;
import es.gob.afirma.core.ui.AOUIFactory;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.CodeSource;
import java.security.KeyStore;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.logging.Logger;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
import sun.security.pkcs.PKCS7;

/* loaded from: input_file:es/gob/afirma/keystores/misc/JarSignatureCertExtractor.class */
public final class JarSignatureCertExtractor {
    private static final Logger a = Logger.getLogger("es.gob.afirma");
    private static final String[] b = {"", "changeit", "changeme"};
    private static String c = null;

    private JarSignatureCertExtractor() {
    }

    private static X509Certificate[] a() {
        byte[] b2 = b();
        if (b2 == null) {
            return null;
        }
        return new PKCS7(b2).getCertificates();
    }

    private static byte[] b() {
        CodeSource codeSource = JarSignatureCertExtractor.class.getProtectionDomain().getCodeSource();
        if (codeSource == null) {
            throw new IOException("No se ha podido acceder a los recursos del JAR");
        }
        ByteArrayOutputStream byteArrayOutputStream = null;
        byte[] bArr = new byte[1024];
        ZipInputStream zipInputStream = new ZipInputStream(codeSource.getLocation().openStream());
        while (true) {
            ZipEntry nextEntry = zipInputStream.getNextEntry();
            if (nextEntry == null) {
                break;
            }
            String name = nextEntry.getName();
            if (name.startsWith("META-INF/") && name.endsWith(".RSA")) {
                byteArrayOutputStream = new ByteArrayOutputStream();
                while (true) {
                    int read = zipInputStream.read(bArr);
                    if (read <= 0) {
                        break;
                    }
                    byteArrayOutputStream.write(bArr, 0, read);
                }
            }
        }
        if (byteArrayOutputStream == null) {
            return null;
        }
        return byteArrayOutputStream.toByteArray();
    }

    private static File c() {
        String property = System.getProperty("deployment.user.security.trusted.cacerts");
        if (property != null && property.contains("$USER_HOME")) {
            property = property.replace("$USER_HOME", System.getProperty("user.home"));
        }
        File file = property != null ? new File(property) : null;
        if (file == null || !file.getParentFile().exists()) {
            return null;
        }
        return file;
    }

    private static File d() {
        String property = System.getProperty("deployment.system.security.cacerts");
        if (property == null) {
            return null;
        }
        File file = new File(property);
        if (file.exists()) {
            return file;
        }
        return null;
    }

    private static KeyStore a(File file) {
        FileInputStream fileInputStream = new FileInputStream(file);
        KeyStore keyStore = KeyStore.getInstance("JKS");
        for (String str : b) {
            try {
                keyStore.load(fileInputStream, str.toCharArray());
                c = str;
                break;
            } catch (IOException e) {
                if (!(e.getCause() instanceof UnrecoverableKeyException)) {
                    fileInputStream.close();
                    throw e;
                }
            }
        }
        fileInputStream.close();
        return keyStore;
    }

    private static void a(X509Certificate[] x509CertificateArr, KeyStore keyStore) {
        if (keyStore.size() == 0) {
            throw new CertPathValidatorException("No hay certificados en el almacen de confianza");
        }
        X509Certificate x509Certificate = x509CertificateArr[x509CertificateArr.length - 1];
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            if (x509Certificate.getSerialNumber().equals(((X509Certificate) keyStore.getCertificate(aliases.nextElement())).getSerialNumber())) {
                a.info("El extremo de la cadena de certificados esta en el truststore de Java");
                return;
            }
        }
        PKIXParameters pKIXParameters = new PKIXParameters(keyStore);
        pKIXParameters.setRevocationEnabled(false);
        CertPathValidator.getInstance(CertPathValidator.getDefaultType()).validate(CertificateFactory.getInstance("X.509").generateCertPath(Arrays.asList(x509CertificateArr)), pKIXParameters);
    }

    public static void insertJarSignerOnCACerts(Object obj) {
        KeyStore a2;
        X509Certificate[] a3 = a();
        if (a3 == null || a3.length < 1) {
            a.warning("La aplicacion no esta firmada");
            return;
        }
        File d = d();
        if (d != null) {
            try {
                a(a3, a(d));
                a.warning("Los certificados de firma del JAR son de confianza en Java");
                return;
            } catch (Exception e) {
                a.warning("Error en la validacion de los certificados contra el almacen de Java");
            }
        }
        File c2 = c();
        if (c2 == null) {
            a.warning("No se puede localizar el almacen de confianza del usuario, se suspende la validacion");
            return;
        }
        if (c2.exists()) {
            try {
                a2 = a(c2);
            } catch (Exception e2) {
                a.warning("No se ha podido cargar el almacen de certificados de CA de confianza del usuario, no se agregara el certificado: " + e2);
                return;
            }
        } else {
            c = "";
            a2 = KeyStore.getInstance(KeyStore.getDefaultType());
            a2.load(null, c.toCharArray());
            a.info("Creamos el truststore ya que no existia previamente");
        }
        try {
            a(a3, a2);
            a.info("Los certificados de firma del JAR ya son de confianza para el usuario");
        } catch (CertPathValidatorException e3) {
            a.warning("Debemos agregar el certificado al truststore del usuario para que sea de confianza: " + e3);
            StringBuilder sb = new StringBuilder("<br>");
            for (X509Certificate x509Certificate : a3) {
                sb.append("&nbsp;- ");
                sb.append(AOUtil.getCN(x509Certificate));
                sb.append("<br>");
            }
            if (AOUIFactory.showConfirmDialog(obj, "<html><p>" + a.a("JarSignatureCertExtractor.0") + "</p><p>" + a.a("JarSignatureCertExtractor.1") + "</p><p>&nbsp;<br>" + a.a("JarSignatureCertExtractor.2") + sb.toString() + "&nbsp;</p></html>", a.a("JarSignatureCertExtractor.3"), AOUIFactory.YES_NO_OPTION, AOUIFactory.WARNING_MESSAGE) == AOUIFactory.NO_OPTION) {
                return;
            }
            for (X509Certificate x509Certificate2 : a3) {
                a2.setCertificateEntry(AOUtil.getCN(x509Certificate2) + x509Certificate2.getSerialNumber(), x509Certificate2);
            }
            FileOutputStream fileOutputStream = new FileOutputStream(c2);
            a2.store(fileOutputStream, c.toCharArray());
            fileOutputStream.close();
            a.info("Se han insertado correctamente certificados en el cacerts del usuario");
        }
    }
}
