package gnu.classpath.tools.keytool;

import gnu.classpath.Configuration;
import gnu.classpath.SystemProperties;
import gnu.classpath.tools.common.ClasspathToolParser;
import gnu.classpath.tools.getopt.Option;
import gnu.classpath.tools.getopt.OptionException;
import gnu.classpath.tools.getopt.OptionGroup;
import gnu.classpath.tools.getopt.Parser;
import gnu.java.security.x509.X509CertPath;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Collection;
import java.util.LinkedList;
import java.util.ListIterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.ConfirmationCallback;
import javax.security.auth.callback.UnsupportedCallbackException;

/* loaded from: input_file:gnu/classpath/tools/keytool/ImportCmd.class */
class ImportCmd extends Command {
    private static final Logger log = Logger.getLogger(ImportCmd.class.getName());
    private static final String GKR = "gkr";
    private static final String JKS = "jks";
    private static final String LIB = "lib";
    private static final String SECURITY = "security";
    private static final String CACERTS = "cacerts";
    private static final String CACERTS_GKR = "cacerts.gkr";
    protected String _alias;
    protected String _certFileName;
    protected String _password;
    protected boolean noPrompt;
    protected boolean trustCACerts;
    protected String _ksType;
    protected String _ksURL;
    protected String _ksPassword;
    protected String _providerClassName;
    private CertificateFactory x509Factory;
    private String gkrCaCertsPathName;
    private String jksCaCertsPathName;
    private X509Certificate selfSignedCertificate;

    public void setAlias(String str) {
        this._alias = str;
    }

    public void setFile(String str) {
        this._certFileName = str;
    }

    public void setKeypass(String str) {
        this._password = str;
    }

    public void setNoprompt(String str) {
        this.noPrompt = Boolean.valueOf(str).booleanValue();
    }

    public void setTrustcacerts(String str) {
        this.trustCACerts = Boolean.valueOf(str).booleanValue();
    }

    public void setStoretype(String str) {
        this._ksType = str;
    }

    public void setKeystore(String str) {
        this._ksURL = str;
    }

    public void setStorepass(String str) {
        this._ksPassword = str;
    }

    public void setProvider(String str) {
        this._providerClassName = str;
    }

    @Override // gnu.classpath.tools.keytool.Command
    void setup() throws Exception {
        setInputStreamParam(this._certFileName);
        setKeyStoreParams(true, this._providerClassName, this._ksType, this._ksPassword, this._ksURL);
        setAliasParam(this._alias);
        setKeyPasswordNoPrompt(this._password);
        if (Configuration.DEBUG) {
            log.fine("-import handler will use the following options:");
            log.fine("  -alias=" + this.alias);
            log.fine("  -file=" + this._certFileName);
            log.fine("  -noprompt=" + this.noPrompt);
            log.fine("  -trustcacerts=" + this.trustCACerts);
            log.fine("  -storetype=" + this.storeType);
            log.fine("  -keystore=" + this.storeURL);
            log.fine("  -provider=" + this.provider);
            log.fine("  -v=" + this.verbose);
        }
    }

    @Override // gnu.classpath.tools.keytool.Command
    void start() throws CertificateException, KeyStoreException, IOException, UnsupportedCallbackException, NoSuchAlgorithmException, CertPathValidatorException, UnrecoverableKeyException {
        if (Configuration.DEBUG) {
            log.entering(getClass().getName(), "start");
        }
        if (this.trustCACerts) {
            String property = SystemProperties.getProperty("file.separator");
            this.gkrCaCertsPathName = SystemProperties.getProperty("gnu.classpath.home") + property + LIB + property + SECURITY + property + CACERTS_GKR;
            this.jksCaCertsPathName = SystemProperties.getProperty("java.home") + property + LIB + property + SECURITY + property + CACERTS;
        }
        this.x509Factory = CertificateFactory.getInstance("X.509");
        if (this.store.containsAlias(this.alias)) {
            ensureAliasIsKeyEntry();
            importCertificateReply();
        } else {
            importNewTrustedCertificate();
        }
        if (Configuration.DEBUG) {
            log.exiting(getClass().getName(), "start");
        }
    }

    @Override // gnu.classpath.tools.keytool.Command
    Parser getParser() {
        if (Configuration.DEBUG) {
            log.entering(getClass().getName(), "getParser");
        }
        ClasspathToolParser classpathToolParser = new ClasspathToolParser("import", true);
        classpathToolParser.setHeader(Messages.getString("ImportCmd.27"));
        classpathToolParser.setFooter(Messages.getString("ImportCmd.26"));
        OptionGroup optionGroup = new OptionGroup(Messages.getString("ImportCmd.25"));
        optionGroup.add(new Option("alias", Messages.getString("ImportCmd.24"), Messages.getString("ImportCmd.23")) { // from class: gnu.classpath.tools.keytool.ImportCmd.1
            @Override // gnu.classpath.tools.getopt.Option
            public void parsed(String str) throws OptionException {
                ImportCmd.this._alias = str;
            }
        });
        optionGroup.add(new Option("file", Messages.getString("ImportCmd.22"), Messages.getString("ImportCmd.21")) { // from class: gnu.classpath.tools.keytool.ImportCmd.2
            @Override // gnu.classpath.tools.getopt.Option
            public void parsed(String str) throws OptionException {
                ImportCmd.this._certFileName = str;
            }
        });
        optionGroup.add(new Option("keypass", Messages.getString("ImportCmd.20"), Messages.getString("ImportCmd.19")) { // from class: gnu.classpath.tools.keytool.ImportCmd.3
            @Override // gnu.classpath.tools.getopt.Option
            public void parsed(String str) throws OptionException {
                ImportCmd.this._password = str;
            }
        });
        optionGroup.add(new Option("noprompt", Messages.getString("ImportCmd.18")) { // from class: gnu.classpath.tools.keytool.ImportCmd.4
            @Override // gnu.classpath.tools.getopt.Option
            public void parsed(String str) throws OptionException {
                ImportCmd.this.noPrompt = true;
            }
        });
        optionGroup.add(new Option("trustcacerts", Messages.getString("ImportCmd.17")) { // from class: gnu.classpath.tools.keytool.ImportCmd.5
            @Override // gnu.classpath.tools.getopt.Option
            public void parsed(String str) throws OptionException {
                ImportCmd.this.trustCACerts = true;
            }
        });
        optionGroup.add(new Option("storetype", Messages.getString("ImportCmd.16"), Messages.getString("ImportCmd.15")) { // from class: gnu.classpath.tools.keytool.ImportCmd.6
            @Override // gnu.classpath.tools.getopt.Option
            public void parsed(String str) throws OptionException {
                ImportCmd.this._ksType = str;
            }
        });
        optionGroup.add(new Option("keystore", Messages.getString("ImportCmd.14"), Messages.getString("ImportCmd.13")) { // from class: gnu.classpath.tools.keytool.ImportCmd.7
            @Override // gnu.classpath.tools.getopt.Option
            public void parsed(String str) throws OptionException {
                ImportCmd.this._ksURL = str;
            }
        });
        optionGroup.add(new Option("storepass", Messages.getString("ImportCmd.12"), Messages.getString("ImportCmd.11")) { // from class: gnu.classpath.tools.keytool.ImportCmd.8
            @Override // gnu.classpath.tools.getopt.Option
            public void parsed(String str) throws OptionException {
                ImportCmd.this._ksPassword = str;
            }
        });
        optionGroup.add(new Option("provider", Messages.getString("ImportCmd.10"), Messages.getString("ImportCmd.9")) { // from class: gnu.classpath.tools.keytool.ImportCmd.9
            @Override // gnu.classpath.tools.getopt.Option
            public void parsed(String str) throws OptionException {
                ImportCmd.this._providerClassName = str;
            }
        });
        optionGroup.add(new Option("v", Messages.getString("ImportCmd.8")) { // from class: gnu.classpath.tools.keytool.ImportCmd.10
            @Override // gnu.classpath.tools.getopt.Option
            public void parsed(String str) throws OptionException {
                ImportCmd.this.verbose = true;
            }
        });
        classpathToolParser.add(optionGroup);
        if (Configuration.DEBUG) {
            log.exiting(getClass().getName(), "getParser", classpathToolParser);
        }
        return classpathToolParser;
    }

    private void importNewTrustedCertificate() throws CertificateException, KeyStoreException, NoSuchAlgorithmException, IOException, UnsupportedCallbackException, CertPathValidatorException, UnrecoverableKeyException {
        if (Configuration.DEBUG) {
            log.entering(getClass().getName(), "importNewTrustedCertificate");
        }
        Certificate generateCertificate = this.x509Factory.generateCertificate(this.inStream);
        if (Configuration.DEBUG) {
            log.fine("certificate = " + generateCertificate);
        }
        LinkedList linkedList = new LinkedList();
        linkedList.addLast(generateCertificate);
        if (findTrustAndUpdate(linkedList, !this.noPrompt)) {
            this.store.setCertificateEntry(this.alias, generateCertificate);
            System.out.println(Messages.getString("ImportCmd.29"));
            saveKeyStore();
        } else {
            System.out.println(Messages.getString("ImportCmd.28"));
        }
        if (Configuration.DEBUG) {
            log.exiting(getClass().getName(), "importNewTrustedCertificate");
        }
    }

    private void importCertificateReply() throws CertificateException, IOException, UnsupportedCallbackException, KeyStoreException, NoSuchAlgorithmException, CertPathValidatorException, UnrecoverableKeyException {
        if (Configuration.DEBUG) {
            log.entering(getClass().getName(), "importCertificateReply");
        }
        Collection<? extends Certificate> generateCertificates = this.x509Factory.generateCertificates(this.inStream);
        ensureReplyIsOurs(generateCertificates);
        if (generateCertificates.size() == 1) {
            importCertificate(generateCertificates.iterator().next());
        } else {
            importChain(generateCertificates);
        }
        if (Configuration.DEBUG) {
            log.exiting(getClass().getName(), "importCertificateReply");
        }
    }

    private void importCertificate(Certificate certificate) throws NoSuchAlgorithmException, CertPathValidatorException, KeyStoreException, UnrecoverableKeyException, IOException, UnsupportedCallbackException, CertificateException {
        if (Configuration.DEBUG) {
            log.entering(getClass().getName(), "importCertificate", certificate);
        }
        LinkedList linkedList = new LinkedList();
        linkedList.addLast(certificate);
        if (!findTrustAndUpdate(linkedList, false)) {
            throw new CertPathValidatorException(Messages.getString("ImportCmd.34"));
        }
        Certificate[] certificateArr = (Certificate[]) linkedList.toArray(new Certificate[0]);
        this.store.setKeyEntry(this.alias, getAliasPrivateKey(), this.keyPasswordChars, certificateArr);
        saveKeyStore();
        if (Configuration.DEBUG) {
            log.exiting(getClass().getName(), "importCertificate");
        }
    }

    private void importChain(Collection collection) throws NoSuchAlgorithmException, CertPathValidatorException, KeyStoreException, UnrecoverableKeyException, IOException, UnsupportedCallbackException, CertificateException {
        if (Configuration.DEBUG) {
            log.entering(getClass().getName(), "importChain", collection);
        }
        LinkedList orderChain = orderChain(collection);
        if (findTrustAndUpdate(orderChain, !this.noPrompt)) {
            this.store.setKeyEntry(this.alias, getAliasPrivateKey(), this.keyPasswordChars, (Certificate[]) orderChain.toArray(new Certificate[0]));
            saveKeyStore();
        }
        if (Configuration.DEBUG) {
            log.exiting(getClass().getName(), "importChain");
        }
    }

    private void ensureReplyIsOurs(Collection collection) throws IOException, UnsupportedCallbackException, KeyStoreException {
        boolean areEqual;
        if (Configuration.DEBUG) {
            log.entering(getClass().getName(), "ensureReplyIsOurs");
        }
        Certificate certificate = (Certificate) collection.iterator().next();
        if (Configuration.DEBUG) {
            log.fine("certificate = " + certificate);
        }
        Certificate[] certificateChain = this.store.getCertificateChain(this.alias);
        if (certificateChain == null) {
            throw new IllegalArgumentException(Messages.getFormattedString("ImportCmd.37", this.alias));
        }
        this.selfSignedCertificate = (X509Certificate) certificateChain[0];
        PublicKey publicKey = this.selfSignedCertificate.getPublicKey();
        PublicKey publicKey2 = certificate.getPublicKey();
        if (publicKey instanceof DSAPublicKey) {
            DSAPublicKey dSAPublicKey = (DSAPublicKey) publicKey;
            if (!(publicKey2 instanceof DSAPublicKey)) {
                throw new IllegalArgumentException(Messages.getString("ImportCmd.38"));
            }
            areEqual = areEqual(dSAPublicKey, (DSAPublicKey) publicKey2);
        } else {
            if (!(publicKey instanceof RSAPublicKey)) {
                throw new IllegalArgumentException(Messages.getFormattedString("ImportCmd.40", new String[]{this.alias, publicKey.getClass().getName()}));
            }
            RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
            if (!(publicKey2 instanceof RSAPublicKey)) {
                throw new IllegalArgumentException(Messages.getString("ImportCmd.38"));
            }
            areEqual = areEqual(rSAPublicKey, (RSAPublicKey) publicKey2);
        }
        if (!areEqual) {
            throw new IllegalArgumentException(Messages.getString("ImportCmd.41"));
        }
        if (Configuration.DEBUG) {
            log.exiting(getClass().getName(), "ensureReplyIsOurs");
        }
    }

    private boolean areEqual(DSAPublicKey dSAPublicKey, DSAPublicKey dSAPublicKey2) {
        if (dSAPublicKey.getY().compareTo(dSAPublicKey2.getY()) != 0) {
            return false;
        }
        DSAParams params = dSAPublicKey.getParams();
        DSAParams params2 = dSAPublicKey2.getParams();
        return params.getG().compareTo(params2.getG()) == 0 && params.getP().compareTo(params2.getP()) == 0 && params.getQ().compareTo(params2.getQ()) == 0;
    }

    private boolean areEqual(RSAPublicKey rSAPublicKey, RSAPublicKey rSAPublicKey2) {
        return rSAPublicKey.getPublicExponent().compareTo(rSAPublicKey2.getPublicExponent()) == 0 && rSAPublicKey.getModulus().compareTo(rSAPublicKey2.getModulus()) == 0;
    }

    private LinkedList orderChain(Collection collection) {
        ListIterator listIterator;
        X509Certificate x509Certificate;
        if (Configuration.DEBUG) {
            log.entering(getClass().getName(), "orderChain");
        }
        LinkedList linkedList = new LinkedList(collection);
        int size = linkedList.size();
        LinkedList linkedList2 = new LinkedList();
        Principal issuerDN = this.selfSignedCertificate.getIssuerDN();
        while (true) {
            Principal principal = issuerDN;
            if (linkedList.size() <= 0) {
                if (Configuration.DEBUG) {
                    log.exiting(getClass().getName(), "orderChain", linkedList2);
                }
                return linkedList2;
            }
            listIterator = linkedList.listIterator();
            while (listIterator.hasNext()) {
                x509Certificate = (X509Certificate) listIterator.next();
                if (principal.equals(x509Certificate.getSubjectDN())) {
                    break;
                }
            }
            throw new IllegalArgumentException(Messages.getFormattedString(Messages.getString("ImportCmd.7"), new Object[]{Integer.valueOf(linkedList2.size()), Integer.valueOf(size)}));
            listIterator.remove();
            linkedList2.addLast(x509Certificate);
            issuerDN = x509Certificate.getIssuerDN();
        }
    }

    private boolean findTrustAndUpdate(LinkedList linkedList, boolean z) throws IOException, NoSuchAlgorithmException, CertPathValidatorException, KeyStoreException, UnrecoverableKeyException, UnsupportedCallbackException, CertificateEncodingException {
        if (Configuration.DEBUG) {
            log.entering(getClass().getName(), "findTrustAndUpdate");
        }
        CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
        X509CertPath x509CertPath = new X509CertPath(linkedList);
        PKIXCertPathValidatorResult findTrustInStore = findTrustInStore(x509CertPath, certPathValidator);
        if (findTrustInStore == null && this.trustCACerts) {
            findTrustInStore = validate(certPathValidator, x509CertPath, getCertPathParameters(GKR, this.gkrCaCertsPathName));
            if (findTrustInStore == null) {
                findTrustInStore = validate(certPathValidator, x509CertPath, getCertPathParameters(JKS, this.jksCaCertsPathName));
            }
        }
        boolean z2 = false;
        if (findTrustInStore != null) {
            TrustAnchor trustAnchor = findTrustInStore.getTrustAnchor();
            log.fine("Found a chain-of-trust anchored by " + trustAnchor);
            linkedList.addLast(trustAnchor.getTrustedCert());
            z2 = true;
        } else if (z) {
            printVerbose((Certificate) linkedList.getLast());
            ConfirmationCallback confirmationCallback = new ConfirmationCallback(Messages.getString("ImportCmd.32"), 0, 0, 1);
            getCallbackHandler().handle(new Callback[]{confirmationCallback});
            z2 = confirmationCallback.getSelectedIndex() == 0;
        }
        if (Configuration.DEBUG) {
            log.exiting(getClass().getName(), "findTrustAndUpdate", Boolean.valueOf(z2));
        }
        return z2;
    }

    private PKIXCertPathValidatorResult findTrustInStore(X509CertPath x509CertPath, CertPathValidator certPathValidator) {
        PKIXCertPathValidatorResult pKIXCertPathValidatorResult;
        if (Configuration.DEBUG) {
            log.entering(getClass().getName(), "findTrustInStore");
        }
        try {
            pKIXCertPathValidatorResult = (PKIXCertPathValidatorResult) certPathValidator.validate(x509CertPath, new PKIXParameters(this.store));
        } catch (Exception e) {
            log.log(Level.FINE, "Exception in findTrustInStore(). Ignore + Return NULL", (Throwable) e);
            pKIXCertPathValidatorResult = null;
        }
        if (Configuration.DEBUG) {
            log.exiting(getClass().getName(), "findTrustInStore", pKIXCertPathValidatorResult);
        }
        return pKIXCertPathValidatorResult;
    }

    private PKIXParameters getCertPathParameters(String str, String str2) {
        if (Configuration.DEBUG) {
            log.entering(getClass().getName(), "getCertPathParameters", new Object[]{str, str2});
        }
        FileInputStream fileInputStream = null;
        PKIXParameters pKIXParameters = null;
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance(str);
                fileInputStream = new FileInputStream(str2);
                keyStore.load(fileInputStream, "changeit".toCharArray());
                pKIXParameters = new PKIXParameters(keyStore);
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (Exception unused) {
                    }
                }
            } catch (Exception e) {
                if (Configuration.DEBUG) {
                    log.log(Level.FINE, "Exception in getCertPathParameters(). Ignore", (Throwable) e);
                }
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (Exception unused2) {
                    }
                }
            }
            if (Configuration.DEBUG) {
                log.exiting(getClass().getName(), "getCertPathParameters", pKIXParameters);
            }
            return pKIXParameters;
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (Exception unused3) {
                }
            }
            throw th;
        }
    }

    private PKIXCertPathValidatorResult validate(CertPathValidator certPathValidator, X509CertPath x509CertPath, PKIXParameters pKIXParameters) {
        if (Configuration.DEBUG) {
            log.entering(getClass().getName(), "validate");
        }
        PKIXCertPathValidatorResult pKIXCertPathValidatorResult = null;
        if (pKIXParameters != null) {
            try {
                pKIXCertPathValidatorResult = (PKIXCertPathValidatorResult) certPathValidator.validate(x509CertPath, pKIXParameters);
            } catch (Exception e) {
                if (Configuration.DEBUG) {
                    log.log(Level.FINE, "Exception in validate(). Ignore", (Throwable) e);
                }
            }
        }
        if (Configuration.DEBUG) {
            log.exiting(getClass().getName(), "validate", pKIXCertPathValidatorResult);
        }
        return pKIXCertPathValidatorResult;
    }
}
