package org.owasp.webscarab.plugin.proxy;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509KeyManager;
import javax.security.auth.x500.X500Principal;
import org.owasp.webscarab.util.SunCertificateUtils;

/* loaded from: input_file:main/main.jar:org/owasp/webscarab/plugin/proxy/SSLSocketFactoryFactory.class */
public class SSLSocketFactoryFactory {
    private static final long DEFAULT_VALIDITY = 315360000000L;
    private static Logger logger = Logger.getLogger(SSLSocketFactoryFactory.class.getName());
    private static final String CA = "CA";
    private static X500Principal CA_NAME;
    private PrivateKey caKey;
    private X509Certificate[] caCerts;
    private String filename;
    private KeyStore keystore;
    private char[] password;
    private boolean reuseKeys;
    private Map contextCache;
    private Set serials;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:main/main.jar:org/owasp/webscarab/plugin/proxy/SSLSocketFactoryFactory$HostKeyManager.class */
    public class HostKeyManager implements X509KeyManager {
        private String host;
        private PrivateKey pk;
        private X509Certificate[] certs;

        public HostKeyManager(String str, PrivateKey privateKey, X509Certificate[] x509CertificateArr) {
            this.host = str;
            this.pk = privateKey;
            this.certs = x509CertificateArr;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            throw new UnsupportedOperationException("Not implemented");
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            return this.host;
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return this.certs;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            throw new UnsupportedOperationException("Not implemented");
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return this.pk;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            return new String[]{this.host};
        }
    }

    public SSLSocketFactoryFactory() throws GeneralSecurityException, IOException {
        this(null, "JKS", "password".toCharArray());
    }

    public SSLSocketFactoryFactory(String str, String str2, char[] cArr) throws GeneralSecurityException, IOException {
        this(str, str2, cArr, CA_NAME);
    }

    public SSLSocketFactoryFactory(String str, String str2, char[] cArr, X500Principal x500Principal) throws GeneralSecurityException, IOException {
        this.reuseKeys = false;
        this.contextCache = new HashMap();
        this.serials = new HashSet();
        this.filename = str;
        this.password = cArr;
        this.keystore = KeyStore.getInstance(str2);
        File file = new File(str);
        if (str == null) {
            logger.info("No keystore provided, keys and certificates will be transient!");
        }
        if (!file.exists()) {
            logger.info("Generating CA key");
            this.keystore.load(null, cArr);
            generateCA(x500Principal);
            return;
        }
        logger.fine("Loading keys from " + str);
        this.keystore.load(new FileInputStream(file), cArr);
        this.caKey = (PrivateKey) this.keystore.getKey(CA, cArr);
        if (this.caKey == null) {
            logger.warning("Keystore does not contain an entry for 'CA'");
        }
        this.caCerts = cast(this.keystore.getCertificateChain(CA));
        initSerials();
    }

    public void setReuseKeys(boolean z) {
        this.reuseKeys = z;
    }

    public synchronized SSLSocketFactory getSocketFactory(String str) throws IOException, GeneralSecurityException {
        SSLContext sSLContext = (SSLContext) this.contextCache.get(str);
        if (sSLContext == null) {
            X509KeyManager createKeyMaterial = !this.keystore.containsAlias(str) ? createKeyMaterial(str) : loadKeyMaterial(str);
            sSLContext = SSLContext.getInstance("SSLv3");
            sSLContext.init(new KeyManager[]{createKeyMaterial}, null, null);
            this.contextCache.put(str, sSLContext);
        }
        return sSLContext.getSocketFactory();
    }

    private X509Certificate[] cast(Certificate[] certificateArr) {
        X509Certificate[] x509CertificateArr = new X509Certificate[certificateArr.length];
        for (int i = 0; i < certificateArr.length; i++) {
            x509CertificateArr[i] = (X509Certificate) certificateArr[i];
        }
        return x509CertificateArr;
    }

    private X509KeyManager loadKeyMaterial(String str) throws GeneralSecurityException, IOException {
        Certificate[] certificateChain = this.keystore.getCertificateChain(str);
        if (certificateChain == null) {
            throw new GeneralSecurityException("Internal error: certificate chain for " + str + " not found!");
        }
        X509Certificate[] cast = cast(certificateChain);
        PrivateKey privateKey = (PrivateKey) this.keystore.getKey(str, this.password);
        if (privateKey == null) {
            throw new GeneralSecurityException("Internal error: private key for " + str + " not found!");
        }
        return new HostKeyManager(str, privateKey, cast);
    }

    private void saveKeystore() {
        if (this.filename == null) {
            return;
        }
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(this.filename);
            this.keystore.store(fileOutputStream, this.password);
            fileOutputStream.close();
        } catch (IOException e) {
            e.printStackTrace();
        } catch (GeneralSecurityException e2) {
            e2.printStackTrace();
        }
    }

    private void generateCA(X500Principal x500Principal) throws GeneralSecurityException, IOException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(1024);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        this.caKey = generateKeyPair.getPrivate();
        PublicKey publicKey = generateKeyPair.getPublic();
        Date date = new Date();
        this.caCerts = new X509Certificate[]{SunCertificateUtils.sign(x500Principal, publicKey, x500Principal, publicKey, this.caKey, date, new Date(date.getTime() + DEFAULT_VALIDITY), BigInteger.ONE)};
        this.keystore.setKeyEntry(CA, this.caKey, this.password, this.caCerts);
        saveKeystore();
    }

    private void initSerials() throws GeneralSecurityException {
        Enumeration<String> aliases = this.keystore.aliases();
        while (aliases.hasMoreElements()) {
            this.serials.add(((X509Certificate) this.keystore.getCertificate(aliases.nextElement())).getSerialNumber());
        }
    }

    protected X500Principal getSubjectPrincipal(String str) {
        return new X500Principal("cn=" + str + ",ou=UNTRUSTED,o=UNTRUSTED");
    }

    protected BigInteger getNextSerialNo() {
        BigInteger valueOf = BigInteger.valueOf(System.currentTimeMillis());
        while (this.serials.contains(valueOf)) {
            valueOf.add(BigInteger.ONE);
        }
        this.serials.add(valueOf);
        return valueOf;
    }

    private X509KeyManager createKeyMaterial(String str) throws GeneralSecurityException {
        KeyPair generateKeyPair;
        if (this.reuseKeys) {
            generateKeyPair = new KeyPair(this.caCerts[0].getPublicKey(), this.caKey);
        } else {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(1024);
            generateKeyPair = keyPairGenerator.generateKeyPair();
        }
        X500Principal subjectPrincipal = getSubjectPrincipal(str);
        Date date = new Date();
        X509Certificate sign = SunCertificateUtils.sign(subjectPrincipal, generateKeyPair.getPublic(), this.caCerts[0].getSubjectX500Principal(), this.caCerts[0].getPublicKey(), this.caKey, date, new Date(date.getTime() + DEFAULT_VALIDITY), getNextSerialNo());
        X509Certificate[] x509CertificateArr = new X509Certificate[this.caCerts.length + 1];
        System.arraycopy(this.caCerts, 0, x509CertificateArr, 1, this.caCerts.length);
        x509CertificateArr[0] = sign;
        PrivateKey privateKey = generateKeyPair.getPrivate();
        this.keystore.setKeyEntry(str, privateKey, this.password, x509CertificateArr);
        saveKeystore();
        return new HostKeyManager(str, privateKey, x509CertificateArr);
    }

    static {
        try {
            CA_NAME = new X500Principal("cn=OWASP Custom CA for " + InetAddress.getLocalHost().getHostName() + " at " + new Date() + ",ou=OWASP Custom CA,o=OWASP,l=OWASP,st=OWASP,c=OWASP");
        } catch (IOException e) {
            e.printStackTrace();
            CA_NAME = null;
        }
    }
}
