package fr.aym.mps.utils;

import fr.aym.mps.ModProtectionSystem;
import java.io.BufferedInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.net.URLStreamHandler;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:fr/aym/mps/utils/SSLHelper.class */
public class SSLHelper {
    public static boolean disableSSLCertification;
    private static SSLContext mpsSSLContext;
    private static final MpsUrlStreamHandler mpsUrlStreamHandler = new MpsUrlStreamHandler();

    public static boolean shouldInstallCert() {
        String property = System.getProperty("java.version");
        String str = "0";
        if (property.startsWith("1.")) {
            str = property.substring(2, 3);
        } else {
            int indexOf = property.indexOf(".");
            if (indexOf != -1) {
                str = property.substring(0, indexOf);
            }
        }
        int parseInt = Integer.parseInt(str);
        boolean z = false;
        if (parseInt == 8) {
            String str2 = property.split("_")[1];
            if (str2.contains("-")) {
                str2 = str2.split("-")[0];
            }
            z = Integer.parseInt(str2) < 200;
        } else if (parseInt <= 7) {
            z = true;
        }
        return z;
    }

    public static SSLContext createCustomSSLContext(String... strArr) {
        try {
            if (disableSSLCertification) {
                trustAllCerts();
                return null;
            }
            ModProtectionSystem.log.info("Creating SSL context with server certificates: " + Arrays.toString(strArr));
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(Files.newInputStream(Paths.get(System.getProperty("java.home"), "lib", "security", "cacerts"), new OpenOption[0]), "changeit".toCharArray());
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            for (String str : strArr) {
                loadCertificate(str, keyStore, certificateFactory);
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());
            mpsSSLContext = sSLContext;
            return sSLContext;
        } catch (Exception e) {
            throw new ProtectionException("Cannot setup SSL", e, false);
        }
    }

    private static void loadCertificate(String str, KeyStore keyStore, CertificateFactory certificateFactory) throws IOException, CertificateException, KeyStoreException {
        InputStream resourceAsStream = SSLHelper.class.getResourceAsStream("/" + str);
        if (resourceAsStream == null) {
            throw new FileNotFoundException(str + " certificate not found !");
        }
        BufferedInputStream bufferedInputStream = new BufferedInputStream(resourceAsStream);
        Throwable th = null;
        try {
            try {
                keyStore.setCertificateEntry(str, certificateFactory.generateCertificate(bufferedInputStream));
                if (bufferedInputStream != null) {
                    if (0 == 0) {
                        bufferedInputStream.close();
                        return;
                    }
                    try {
                        bufferedInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (bufferedInputStream != null) {
                if (th != null) {
                    try {
                        bufferedInputStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    bufferedInputStream.close();
                }
            }
            throw th4;
        }
    }

    private static void trustAllCerts() throws Exception {
        ModProtectionSystem.log.warn("========================");
        ModProtectionSystem.log.warn("YOU DISABLED LET'S ENCRYPT SSL CERTIFICATE CHECKING, THIS IS A POTENTIAL SECURITY BREACH");
        ModProtectionSystem.log.warn("Disable this only if you know what you are doing");
        ModProtectionSystem.log.warn("DynamX team removes all responsibility from potential problems");
        ModProtectionSystem.log.warn("========================");
        HostnameVerifier defaultHostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
        HttpsURLConnection.setDefaultHostnameVerifier((str, sSLSession) -> {
            return str.contains("dynamx.fr") || defaultHostnameVerifier.verify(str, sSLSession);
        });
        SSLContext sSLContext = SSLContext.getInstance("SSL");
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        X509TrustManager x509TrustManager = null;
        ModProtectionSystem.log.debug("JVM Default Trust Managers:");
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            ModProtectionSystem.log.debug(trustManager);
            if ((trustManager instanceof X509TrustManager) && x509TrustManager == null) {
                x509TrustManager = (X509TrustManager) trustManager;
                ModProtectionSystem.log.debug("\tAccepted issuers count : " + x509TrustManager.getAcceptedIssuers().length);
            }
        }
        if (x509TrustManager == null) {
            throw new IllegalStateException("Default JDK X509TrustManager not found ! If you want to bypass it, you can recompile DynamX.");
        }
        final X509TrustManager x509TrustManager2 = x509TrustManager;
        sSLContext.init(null, new TrustManager[]{new X509TrustManager() { // from class: fr.aym.mps.utils.SSLHelper.1
            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
                try {
                    x509TrustManager2.checkClientTrusted(x509CertificateArr, str2);
                } catch (CertificateException e) {
                    if (0 < x509CertificateArr.length) {
                        X509Certificate x509Certificate = x509CertificateArr[0];
                        if (!x509Certificate.getSubjectDN().getName().contains("dynamx.fr")) {
                            throw e;
                        }
                        ModProtectionSystem.log.warn("Trusting invalid DynamX SSL certificate " + x509Certificate.getSubjectDN());
                    }
                }
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
                try {
                    x509TrustManager2.checkServerTrusted(x509CertificateArr, str2);
                } catch (CertificateException e) {
                    if (0 < x509CertificateArr.length) {
                        X509Certificate x509Certificate = x509CertificateArr[0];
                        if (!x509Certificate.getSubjectDN().getName().contains("dynamx.fr")) {
                            throw e;
                        }
                        ModProtectionSystem.log.warn("Trusting invalid DynamX SSL certificate " + x509Certificate.getSubjectDN());
                    }
                }
            }
        }}, new SecureRandom());
        mpsSSLContext = sSLContext;
    }

    public static MpsUrlStreamHandler getMpsUrlStreamHandler() {
        return mpsUrlStreamHandler;
    }

    public static URL createContextualizedURL(String str, boolean z) {
        try {
            return new URL((URL) null, str, (URLStreamHandler) (z ? mpsUrlStreamHandler : null));
        } catch (Exception e) {
            throw new ProtectionException("Cannot create contextualized URL", e, false);
        }
    }

    public static SSLContext getMpsSSLContext() {
        if (mpsSSLContext != null) {
            return mpsSSLContext;
        }
        try {
            return SSLContext.getDefault();
        } catch (NoSuchAlgorithmException e) {
            throw new ProtectionException("Cannot get default SSL context", e, false);
        }
    }
}
