package org.freshcookies.security.cert;

import java.io.IOException;
import java.security.KeyStoreException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:org/freshcookies/security/cert/SSLHelper.class */
public class SSLHelper {
    protected static final int SSL_PORT = 443;

    public static Certificate[] extractSSLCertificates(String str, int i) {
        Certificate[] certificateArr = new Certificate[0];
        SSLSocket createSSLSocket = createSSLSocket(new TrustManager[]{nullTrustManager()}, str, i);
        if (createSSLSocket != null) {
            try {
                certificateArr = createSSLSocket.getSession().getPeerCertificates();
                createSSLSocket.close();
            } catch (SSLPeerUnverifiedException e) {
                System.out.println(new StringBuffer("Could not verify peer: ").append(e.getMessage()).toString());
            } catch (IOException e2) {
                System.out.println(new StringBuffer("Could not close socket: ").append(e2.getMessage()).toString());
            }
        } else {
            System.err.println("could not create SSL socket.");
        }
        return certificateArr;
    }

    public static void main(String[] strArr) {
        if (strArr.length == 0) {
            System.err.println("FATAL: you must supply a host name (e.g., internal.atstake.com)");
            System.exit(1);
        }
        if (strArr[0].equals("--help") | strArr[0].equals("-h")) {
            System.out.println("Usage: SSLHelper hostname [port]");
            System.exit(0);
        }
        String str = strArr[0];
        int i = SSL_PORT;
        if (strArr.length > 1) {
            i = Integer.parseInt(strArr[1]);
        }
        System.out.print(new StringBuffer("Extracting SSL certificates from ").append(str).append(":").append(i).append("... ").toString());
        Certificate[] extractSSLCertificates = extractSSLCertificates(str, i);
        if (extractSSLCertificates.length == 0) {
            System.err.println("ERROR: No certificates found. Is there an SSL server running on this host?\n");
            System.exit(1);
        }
        System.out.println(new StringBuffer(String.valueOf(extractSSLCertificates.length)).append(" certificate").append(extractSSLCertificates.length == 1 ? "" : "s").append(" found.").toString());
        boolean z = false;
        Trustee trustee = new Trustee();
        for (int i2 = 0; i2 < extractSSLCertificates.length; i2++) {
            if (extractSSLCertificates[i2] instanceof X509Certificate) {
                X509Certificate x509Certificate = (X509Certificate) extractSSLCertificates[i2];
                System.out.println(new StringBuffer("Certificate[").append(i2).append("]:").toString());
                System.out.println(Trustee.getCertificateInfo(x509Certificate));
                try {
                    trustee.saveCertificate(x509Certificate);
                } catch (Exception e) {
                    System.err.println(new StringBuffer("ERROR: could not save certificate. ").append(e.getMessage()).toString());
                }
                if (i2 == 0) {
                    System.out.println("This is the server certificate.");
                } else {
                    try {
                        z |= trustee.trustCACertificate(x509Certificate);
                    } catch (KeyStoreException e2) {
                        System.out.println(e2.getLocalizedMessage());
                    }
                }
                System.out.println("");
            }
        }
        if (extractSSLCertificates.length == 1) {
            System.err.println("WARNING: certificate chain did not include issuing CA certificate. How rude!\n");
        }
        if (z) {
            trustee.commit();
        }
    }

    private static SSLSocket createSSLSocket(TrustManager[] trustManagerArr, String str, int i) {
        SSLSocket sSLSocket = null;
        try {
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
            sSLSocket = (SSLSocket) sSLContext.getSocketFactory().createSocket(str, i);
            sSLSocket.startHandshake();
        } catch (Exception e) {
        }
        return sSLSocket;
    }

    private static X509TrustManager nullTrustManager() {
        return new X509TrustManager() { // from class: org.freshcookies.security.cert.SSLHelper.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        };
    }
}
