package org.jivesoftware.sparkimpl.certificates;

import java.awt.Component;
import java.awt.HeadlessException;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import javax.naming.InvalidNameException;
import javax.swing.JOptionPane;
import javax.swing.JTable;
import javax.swing.SwingUtilities;
import javax.swing.table.DefaultTableModel;
import javax.swing.table.TableColumnModel;
import org.jivesoftware.Spark;
import org.jivesoftware.resource.Res;
import org.jivesoftware.spark.component.VerticalFlowLayout;
import org.jivesoftware.spark.ui.login.CertificateDialog;
import org.jivesoftware.spark.ui.login.CertificatesManagerSettingsPanel;
import org.jivesoftware.spark.util.log.Log;
import org.jivesoftware.sparkimpl.settings.local.LocalPreferences;

/* loaded from: input_file:org/jivesoftware/sparkimpl/certificates/CertificateController.class */
public class CertificateController extends CertManager {
    private KeyStore trustStore;
    private KeyStore exceptionsStore;
    private KeyStore displayCaStore;
    private KeyStore distrustedCaStore;
    private KeyStore exceptionsCaStore;
    private List<CertificateModel> trustedCertificates = new LinkedList();
    private List<CertificateModel> exemptedCertificates = new LinkedList();
    private List<CertificateModel> exemptedCacerts = new LinkedList();
    private List<CertificateModel> displayCaCertificates = new LinkedList();
    public static final File TRUSTED = new File(Spark.getSparkUserHome() + File.separator + "security" + File.separator + "truststore");
    public static final File EXCEPTIONS = new File(Spark.getSparkUserHome() + File.separator + "security" + File.separator + "exceptions");
    public static final File DISTRUSTED_CACERTS = new File(Spark.getSparkUserHome() + File.separator + "security" + File.separator + "distrusted_cacerts");
    public static final File CACERTS_EXCEPTIONS = new File(Spark.getSparkUserHome() + File.separator + "security" + File.separator + "cacerts_exceptions");
    public static final File DISPLAYED_CACERTS = new File(Spark.getSparkUserHome() + File.separator + "security" + File.separator + "displayed_cacerts");
    public static final File CACERTS = new File(System.getProperty("java.home") + File.separator + "lib" + File.separator + "security" + File.separator + "cacerts");
    private static final String[] COLUMN_NAMES = {Res.getString("table.column.certificate.subject"), Res.getString("table.column.certificate.validity"), Res.getString("table.column.certificate.exempted")};
    private static final int NUMBER_OF_COLUMNS = COLUMN_NAMES.length;

    public CertificateController(LocalPreferences localPreferences) {
        if (localPreferences == null) {
            throw new IllegalArgumentException("localPreferences cannot be null");
        }
        this.localPreferences = localPreferences;
    }

    @Override // org.jivesoftware.sparkimpl.certificates.CertManager
    public void loadKeyStores() {
        this.blackListStore = openKeyStore(BLACKLIST);
        this.trustStore = openKeyStore(TRUSTED);
        this.exceptionsStore = openKeyStore(EXCEPTIONS);
        this.distrustedCaStore = openKeyStore(DISTRUSTED_CACERTS);
        this.exceptionsCaStore = openKeyStore(CACERTS_EXCEPTIONS);
        this.displayCaStore = openCacertsKeyStore();
        this.trustedCertificates = fillTableListWithKeyStoreContent(this.trustStore, this.trustedCertificates);
        this.exemptedCertificates = fillTableListWithKeyStoreContent(this.exceptionsStore, this.exemptedCertificates);
        this.displayCaCertificates = fillTableListWithKeyStoreContent(this.displayCaStore, this.displayCaCertificates);
        this.exemptedCacerts = fillTableListWithKeyStoreContent(this.exceptionsCaStore, this.exemptedCacerts);
    }

    public KeyStore openCacertsKeyStore() {
        KeyStore openKeyStore = openKeyStore(CACERTS);
        KeyStore openKeyStore2 = openKeyStore(DISTRUSTED_CACERTS);
        openKeyStore(CACERTS_EXCEPTIONS);
        KeyStore keyStore = null;
        try {
            keyStore = KeyStore.getInstance("JKS");
            keyStore.load(null, passwd);
            if (openKeyStore != null) {
                Enumeration<String> aliases = openKeyStore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    X509Certificate x509Certificate = (X509Certificate) openKeyStore.getCertificate(nextElement);
                    if (openKeyStore2.getCertificateAlias(x509Certificate) == null) {
                        keyStore.setCertificateEntry(nextElement, x509Certificate);
                    }
                }
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            Log.error("Cannot read KeyStore", e);
        }
        return keyStore;
    }

    @Override // org.jivesoftware.sparkimpl.certificates.CertManager
    public void overWriteKeyStores() {
        saveKeyStore(this.trustStore, TRUSTED);
        saveKeyStore(this.exceptionsStore, EXCEPTIONS);
        saveKeyStore(this.blackListStore, BLACKLIST);
        saveKeyStore(this.distrustedCaStore, DISTRUSTED_CACERTS);
        saveKeyStore(this.exceptionsCaStore, CACERTS_EXCEPTIONS);
    }

    @Override // org.jivesoftware.sparkimpl.certificates.CertManager
    public void createTableModel() {
        this.tableModel = new DefaultTableModel() { // from class: org.jivesoftware.sparkimpl.certificates.CertificateController.1
            public Class<?> getColumnClass(int i) {
                switch (i) {
                    case 0:
                    case 1:
                        return String.class;
                    case VerticalFlowLayout.BOTTOM /* 2 */:
                        return Boolean.class;
                    default:
                        throw new RuntimeException("Cannot assign classes for columns");
                }
            }

            public boolean isCellEditable(int i, int i2) {
                return i2 == 2;
            }
        };
        this.tableModel.setColumnIdentifiers(COLUMN_NAMES);
        Object[] objArr = new Object[NUMBER_OF_COLUMNS];
        addRowsToTableModel(this.trustedCertificates, objArr);
        addRowsToTableModel(this.displayCaCertificates, objArr);
    }

    private void addRowsToTableModel(List<CertificateModel> list, Object[] objArr) {
        if (list != null) {
            Iterator<CertificateModel> it = list.iterator();
            while (it.hasNext()) {
                this.tableModel.addRow(fillTableWithList(objArr, it.next()));
            }
        }
    }

    private Object[] fillTableWithList(Object[] objArr, CertificateModel certificateModel) {
        if (certificateModel.getSubjectCommonName() != null) {
            objArr[0] = certificateModel.getSubjectCommonName();
        } else {
            objArr[0] = certificateModel.getSubject();
        }
        objArr[1] = certificateModel.getValidityStatus();
        objArr[2] = Boolean.valueOf(isOnExceptionList(certificateModel));
        return objArr;
    }

    public void addCertToExceptions(String str) {
        try {
            this.exceptionsStore.setCertificateEntry(str, (X509Certificate) this.trustStore.getCertificate(str));
        } catch (KeyStoreException e) {
            Log.error("Error at moving certificate from trusted list to the exceptions list", e);
        }
    }

    private void removeCertFromExceptions(String str) {
        try {
            this.exceptionsStore.deleteEntry(str);
        } catch (KeyStoreException e) {
            Log.error("Error at moving certificate from exceptions list to trusted list", e);
        }
    }

    private void addCaCertToExceptions(String str) {
        try {
            this.exceptionsCaStore.setCertificateEntry(str, (X509Certificate) this.displayCaStore.getCertificate(str));
        } catch (KeyStoreException e) {
            Log.error("Error at moving certificate from trusted list to the exception list", e);
        }
    }

    private void removeCaCertFromExceptions(String str) {
        try {
            this.exceptionsCaStore.deleteEntry(str);
        } catch (KeyStoreException e) {
            Log.error("Error at moving certificate from exceptions list to trusted list", e);
        }
    }

    @Override // org.jivesoftware.sparkimpl.certificates.CertManager
    public void addOrRemoveFromExceptionList(boolean z) {
        String alias = this.allCertificates.get(getTranslatedRow()).getAlias();
        if (getAliasKeyStorePath(alias).equals(TRUSTED)) {
            if (z) {
                addCertToExceptions(alias);
                return;
            } else {
                removeCertFromExceptions(alias);
                return;
            }
        }
        if (getAliasKeyStorePath(alias).equals(DISPLAYED_CACERTS)) {
            if (z) {
                addCaCertToExceptions(alias);
            } else {
                removeCaCertFromExceptions(alias);
            }
        }
    }

    public boolean isInTrustStore(CertificateModel certificateModel) {
        try {
            if (this.trustStore.getCertificateAlias(certificateModel.getCertificate()) != null) {
                return true;
            }
            return this.displayCaStore.getCertificateAlias(certificateModel.getCertificate()) != null;
        } catch (KeyStoreException e) {
            return false;
        }
    }

    @Override // org.jivesoftware.sparkimpl.certificates.CertManager
    public boolean isOnExceptionList(CertificateModel certificateModel) {
        try {
            if (this.exceptionsStore.getCertificateAlias(certificateModel.getCertificate()) != null) {
                return true;
            }
            return this.exceptionsCaStore.getCertificateAlias(certificateModel.getCertificate()) != null;
        } catch (KeyStoreException e) {
            return false;
        }
    }

    public boolean isOnBlackList(CertificateModel certificateModel) {
        return this.blackListedCertificates.contains(certificateModel);
    }

    private KeyStore getAliasKeyStore(String str) {
        try {
            if (this.exceptionsStore.containsAlias(str)) {
                return this.exceptionsStore;
            }
            if (this.blackListStore.containsAlias(str)) {
                return this.blackListStore;
            }
            if (this.trustStore.containsAlias(str)) {
                return this.trustStore;
            }
            if (this.exceptionsCaStore.containsAlias(str)) {
                return this.exceptionsCaStore;
            }
            if (this.displayCaStore.containsAlias(str)) {
                return this.displayCaStore;
            }
            return null;
        } catch (KeyStoreException e) {
            Log.error(e);
            return null;
        }
    }

    private File getAliasKeyStorePath(String str) {
        try {
            if (this.blackListStore.containsAlias(str)) {
                return BLACKLIST;
            }
            if (this.trustStore.containsAlias(str)) {
                return TRUSTED;
            }
            if (this.exceptionsStore.containsAlias(str)) {
                return EXCEPTIONS;
            }
            if (this.displayCaStore.containsAlias(str)) {
                return DISPLAYED_CACERTS;
            }
            if (this.exceptionsCaStore.containsAlias(str)) {
                return CACERTS_EXCEPTIONS;
            }
            return null;
        } catch (KeyStoreException e) {
            Log.error(e);
            return null;
        }
    }

    @Override // org.jivesoftware.sparkimpl.certificates.CertManager
    public void deleteEntry(String str) throws KeyStoreException {
        if (JOptionPane.showConfirmDialog((Component) null, Res.getString("dialog.certificate.sure.to.delete"), (String) null, 0) == 0) {
            KeyStore aliasKeyStore = getAliasKeyStore(str);
            if (aliasKeyStore.equals(this.displayCaStore) || aliasKeyStore.equals(this.exceptionsCaStore)) {
                this.distrustedCaStore.setCertificateEntry(str, aliasKeyStore.getCertificate(str));
            }
            aliasKeyStore.deleteEntry(str);
            if (aliasKeyStore.equals(this.trustStore)) {
                removeCertFromExceptions(str);
            }
            JOptionPane.showMessageDialog((Component) null, Res.getString("dialog.certificate.has.been.deleted"));
            CertificateModel certificateModel = null;
            for (CertificateModel certificateModel2 : this.allCertificates) {
                if (certificateModel2.getAlias().equals(str)) {
                    certificateModel = certificateModel2;
                }
            }
            this.exemptedCertificates.remove(certificateModel);
            this.trustedCertificates.remove(certificateModel);
            this.blackListedCertificates.remove(certificateModel);
            this.displayCaCertificates.remove(certificateModel);
            this.exemptedCacerts.remove(certificateModel);
            this.allCertificates.remove(certificateModel);
        }
        refreshCertTable();
    }

    @Override // org.jivesoftware.sparkimpl.certificates.CertManager
    public void refreshCertTable() {
        createTableModel();
        SwingUtilities.invokeLater(() -> {
            resizeColumnWidth(CertificatesManagerSettingsPanel.getCertTable());
            CertificatesManagerSettingsPanel.getCertTable().setModel(this.tableModel);
            this.tableModel.fireTableDataChanged();
        });
    }

    public void resizeColumnWidth(JTable jTable) {
        SwingUtilities.invokeLater(() -> {
            TableColumnModel columnModel = jTable.getColumnModel();
            int width = jTable.getParent().getWidth();
            columnModel.getColumn(1).setPreferredWidth(80);
            columnModel.getColumn(2).setPreferredWidth(60);
            columnModel.getColumn(0).setPreferredWidth(width - 140);
        });
    }

    public void addEntryToKeyStore(X509Certificate x509Certificate, boolean z) throws HeadlessException, InvalidNameException, KeyStoreException {
        if (x509Certificate == null) {
            throw new IllegalArgumentException("Cert cannot be null");
        }
        addEntryToKeyStoreImpl(new CertificateModel(x509Certificate), z);
    }

    public void addEntryToKeyStore(X509Certificate x509Certificate, CertificateDialogReason certificateDialogReason) throws HeadlessException, InvalidNameException, KeyStoreException {
        if (x509Certificate == null) {
            throw new IllegalArgumentException("Cert cannot be null");
        }
        if (certificateDialogReason != null) {
            addEntryToKeyStoreImpl(x509Certificate, certificateDialogReason);
        } else {
            addEntryToKeyStoreImpl(new CertificateModel(x509Certificate), false);
        }
    }

    @Override // org.jivesoftware.sparkimpl.certificates.CertManager
    public void addEntryFileToKeyStore(File file) throws IOException, CertificateException, KeyStoreException, HeadlessException, InvalidNameException {
        if (file == null) {
            throw new IllegalArgumentException("File cannot be null");
        }
        addEntryToKeyStoreImpl(certificateFromFile(file), CertificateDialogReason.ADD_CERTIFICATE);
    }

    public void addChain(X509Certificate[] x509CertificateArr) {
        try {
            KeyStore openCacertsKeyStore = openCacertsKeyStore();
            for (X509Certificate x509Certificate : x509CertificateArr) {
                if (this.trustStore.getCertificateAlias(x509Certificate) == null && openCacertsKeyStore.getCertificateAlias(x509Certificate) == null) {
                    addEntryToKeyStore(x509Certificate, true);
                }
            }
            overWriteKeyStores();
        } catch (Exception e) {
            Log.error("An exception occurred while trying to add a certificate chain to the truststores", e);
        }
    }

    public void addCertificateAsExempted(CertificateModel certificateModel) throws HeadlessException, InvalidNameException, KeyStoreException {
        addEntryToKeyStoreImpl(certificateModel, true);
    }

    private void addEntryToKeyStoreImpl(CertificateModel certificateModel, boolean z) throws HeadlessException, InvalidNameException, KeyStoreException {
        String useCommonNameAsAlias = useCommonNameAsAlias(certificateModel.getCertificate());
        if (!certificateModel.isValid() || checkRevocation(certificateModel.getCertificate()) || certificateModel.isSelfSigned() || z) {
            this.exceptionsStore.setCertificateEntry(useCommonNameAsAlias, certificateModel.getCertificate());
            this.exemptedCertificates.add(certificateModel);
        }
        this.trustStore.setCertificateEntry(useCommonNameAsAlias, certificateModel.getCertificate());
        this.trustedCertificates.add(certificateModel);
        if (this.tableModel != null) {
            refreshCertTable();
        }
    }

    private void addEntryToKeyStoreImpl(X509Certificate x509Certificate, CertificateDialogReason certificateDialogReason) throws HeadlessException, InvalidNameException, KeyStoreException {
        CertificateModel certificateModel = new CertificateModel(x509Certificate);
        CertificateDialog certificateDialog = null;
        if (!checkForSameCertificate(x509Certificate)) {
            certificateDialog = showCertificate(certificateModel, certificateDialogReason);
        }
        if (certificateDialog == null || !certificateDialog.isAddCert()) {
            return;
        }
        addEntryToKeyStoreImpl(certificateModel, false);
        JOptionPane.showMessageDialog((Component) null, Res.getString("dialog.certificate.has.been.added"));
    }

    private X509Certificate certificateFromFile(File file) throws FileNotFoundException, IOException, CertificateException {
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(fileInputStream);
            fileInputStream.close();
            return x509Certificate;
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Override // org.jivesoftware.sparkimpl.certificates.CertManager
    protected boolean checkForSameAlias(String str) throws HeadlessException {
        Iterator<CertificateModel> it = this.allCertificates.iterator();
        while (it.hasNext()) {
            if (it.next().getAlias().equals(str)) {
                return true;
            }
        }
        return false;
    }

    @Override // org.jivesoftware.sparkimpl.certificates.CertManager
    public void showCertificate() {
        new CertificateDialog(this.localPreferences, this.allCertificates.get(getTranslatedRow()), this, CertificateDialogReason.SHOW_CERTIFICATE);
    }

    private int getTranslatedRow() {
        return CertificatesManagerSettingsPanel.getCertTable().convertRowIndexToModel(CertificatesManagerSettingsPanel.getCertTable().getSelectedRow());
    }

    public List<CertificateModel> getAllCertificates() {
        return this.allCertificates;
    }

    public void setTableModel(DefaultTableModel defaultTableModel) {
        this.tableModel = defaultTableModel;
    }
}
