package br.com.space.api.core.sistema.seguranca;

import br.com.space.api.core.modelo.ChaveValor;
import br.com.space.api.core.sistema.CopiaArquivo;
import br.com.space.api.core.sistema.MD5;
import br.com.space.api.core.sistema.auditoria.Log;
import br.com.space.api.core.sistema.excecao.SpaceExcecao;
import com.itextpdf.text.pdf.security.SecurityConstants;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.Principal;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class ImportaCadeiaCertificado {
    private static final String SENHA_PADRAO = "changeit";
    private static final int TIMEOUT_WS = 60;
    private File cacertsDestino;
    private Log log;
    private char[] passphrase;
    private String senhaCacertsDestino;
    private static String URL_CADEIAS_NFE_MG = "nfe.fazenda.mg.gov.br";
    private static String URL_CADEIAS_NFCE_MG = "nfce.fazenda.mg.gov.br";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class SavingTrustManager implements X509TrustManager {
        private X509Certificate[] chain;
        private final X509TrustManager tm;

        SavingTrustManager(X509TrustManager x509TrustManager) {
            this.tm = x509TrustManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.chain = x509CertificateArr;
            this.tm.checkServerTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            throw new UnsupportedOperationException();
        }
    }

    public ImportaCadeiaCertificado(File file) {
        this(file, (Log) null);
    }

    public ImportaCadeiaCertificado(File file, Log log) {
        this(SENHA_PADRAO, file, log);
    }

    public ImportaCadeiaCertificado(String str, File file) {
        this(str, file, null);
    }

    public ImportaCadeiaCertificado(String str, File file, Log log) {
        this.passphrase = SENHA_PADRAO.toCharArray();
        this.senhaCacertsDestino = SENHA_PADRAO;
        this.senhaCacertsDestino = str;
        this.cacertsDestino = file;
        this.log = log;
    }

    private void copiarCacertsPadrao(File file) throws Exception {
        char c = File.separatorChar;
        File file2 = new File(String.valueOf(System.getProperty("java.home")) + c + "lib" + c + "security", "cacerts");
        CopiaArquivo.copiar(file2, file, true);
        if (!MD5.getMd5File(file).equals(MD5.getMd5File(file2))) {
            throw new SpaceExcecao("Nao foi possivel copiar o " + file2.getAbsolutePath() + " para " + file.getAbsolutePath());
        }
        this.passphrase = SENHA_PADRAO.toCharArray();
    }

    private void error(String str, Throwable th) {
        if (this.log != null) {
            this.log.error(getClass(), "ERROR: " + str, th);
        }
    }

    private void gerarCacerts(String str, int i) throws Exception {
        info("| Loading KeyStore " + this.cacertsDestino + "...");
        FileInputStream fileInputStream = new FileInputStream(this.cacertsDestino);
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(fileInputStream, this.passphrase);
        fileInputStream.close();
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        SavingTrustManager savingTrustManager = new SavingTrustManager((X509TrustManager) trustManagerFactory.getTrustManagers()[0]);
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
        sSLContext.init(null, new TrustManager[]{savingTrustManager}, null);
        SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
        info("| Opening connection to " + str + ":" + i + "...");
        SSLSocket sSLSocket = (SSLSocket) socketFactory.createSocket(str, i);
        sSLSocket.setSoTimeout(60000);
        try {
            info("| Starting SSL handshake...");
            sSLSocket.startHandshake();
            sSLSocket.close();
            info("| No errors, certificate is already trusted");
        } catch (SSLHandshakeException e) {
        } catch (SSLException e2) {
            error("| " + e2.toString(), e2);
        }
        X509Certificate[] x509CertificateArr = savingTrustManager.chain;
        if (x509CertificateArr == null) {
            info("| Could not obtain server certificate chain " + str + ":" + i);
            return;
        }
        info("| Server sent " + x509CertificateArr.length + " certificate(s):");
        MessageDigest messageDigest = MessageDigest.getInstance(SecurityConstants.SHA1);
        MessageDigest messageDigest2 = MessageDigest.getInstance("MD5");
        for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
            X509Certificate x509Certificate = x509CertificateArr[i2];
            messageDigest.update(x509Certificate.getEncoded());
            messageDigest2.update(x509Certificate.getEncoded());
            String str2 = String.valueOf(str) + "-" + i2;
            try {
                str2 = getAlias(x509Certificate);
            } catch (Exception e3) {
                error("| Alias não obtido", e3);
            }
            keyStore.setCertificateEntry(str2, x509Certificate);
            info("| Added certificate to keystore '" + this.cacertsDestino.getName() + "' using alias '" + str2 + "'");
        }
        this.passphrase = this.senhaCacertsDestino.toCharArray();
        FileOutputStream fileOutputStream = new FileOutputStream(this.cacertsDestino);
        keyStore.store(fileOutputStream, this.passphrase);
        fileOutputStream.close();
    }

    private String getAlias(X509Certificate x509Certificate) throws InvalidNameException {
        return MessageFormat.format("{0} ({1})", getCN(x509Certificate.getSubjectX500Principal()), getCN(x509Certificate.getIssuerX500Principal())).toLowerCase();
    }

    private String getCN(Principal principal) throws InvalidNameException {
        for (Rdn rdn : new LdapName(principal.getName()).getRdns()) {
            if ("CN".equalsIgnoreCase(rdn.getType())) {
                return rdn.getValue().toString();
            }
        }
        return null;
    }

    private void info(String str) {
        if (this.log != null) {
            this.log.info(getClass(), str, null);
        }
    }

    public static void main(String[] strArr) {
        try {
            new ImportaCadeiaCertificado(new File("C:\\WorkSpacePolarisNFCe\\NFeGuardianClient\\src\\cacerts", "NFeCacerts")).importar(new ChaveValor<>("nfce.fazenda.mg.gov.br", 443));
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public boolean baixarCertificados(ImportaCadeiaCertificado importaCadeiaCertificado) {
        try {
            importaCadeiaCertificado.importar(new ChaveValor<>(URL_CADEIAS_NFE_MG, 443));
            importaCadeiaCertificado.importar(new ChaveValor<>(URL_CADEIAS_NFCE_MG, 443));
            return true;
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
    }

    public boolean importar(ChaveValor<String, Integer>... chaveValorArr) throws Exception {
        if (!this.cacertsDestino.exists() || !this.cacertsDestino.isFile()) {
            copiarCacertsPadrao(this.cacertsDestino);
        }
        SpaceExcecao spaceExcecao = new SpaceExcecao("Erro ao montar " + this.cacertsDestino.getAbsolutePath());
        for (ChaveValor<String, Integer> chaveValor : chaveValorArr) {
            try {
                gerarCacerts(chaveValor.getChave(), chaveValor.getValor().intValue());
            } catch (Exception e) {
                spaceExcecao.addErrosAdicionais(new SpaceExcecao(MessageFormat.format("{0}:{1}", chaveValor.getChave(), chaveValor.getValor()), e));
            }
        }
        if (spaceExcecao.isPossuiErrosAdicionais()) {
            throw spaceExcecao;
        }
        return true;
    }
}
