package com.atlassian.jira.plugin;

import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.config.util.JiraHome;
import com.atlassian.jira.permission.GlobalPermissionKey;
import com.atlassian.jira.web.action.JiraWebActionSupport;
import com.atlassian.sal.api.websudo.WebSudoRequired;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.InputStreamReader;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.LinkedList;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

@WebSudoRequired
/* loaded from: input_file:com/atlassian/jira/plugin/ConfigureSsl.class */
public class ConfigureSsl extends JiraWebActionSupport {
    private String rulesText;
    private LinkedList<String> existingRules;
    private final String SUCCESS = "success";
    private String message = new String();
    private StringBuilder hostsAdded = new StringBuilder();
    private String portNumber;
    private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/jira/plugin/ConfigureSsl$SavingTrustManager.class */
    public static class SavingTrustManager implements X509TrustManager {
        private final X509TrustManager tm;
        private X509Certificate[] chain;

        SavingTrustManager(X509TrustManager x509TrustManager) {
            this.tm = x509TrustManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.chain = x509CertificateArr;
            this.tm.checkServerTrusted(x509CertificateArr, str);
        }
    }

    public String doDefault() throws Exception {
        return "";
    }

    public String doExecute() throws Exception {
        if (!isAdministrator()) {
            return "denied";
        }
        buildExistingRules();
        if (this.rulesText == null) {
            return "configure";
        }
        ArrayList arrayList = new ArrayList();
        for (String str : this.rulesText.split("\n")) {
            String trim = str.trim();
            if (!trim.equals("") && !trim.isEmpty()) {
                arrayList.add(trim);
                Matcher matcher = Pattern.compile("\\w*://").matcher(trim);
                if (matcher.find()) {
                    trim = trim.substring(matcher.end(), trim.length());
                }
                String[] split = trim.split(":");
                if (split.length > 1) {
                    this.portNumber = split[1];
                    if (this.portNumber.contains("/")) {
                        this.portNumber = this.portNumber.substring(0, this.portNumber.indexOf("/"));
                        this.message = addSslCert(split[0], Integer.parseInt(this.portNumber), "changeit");
                    }
                    this.message = addSslCert(split[0], Integer.parseInt(this.portNumber), "changeit");
                } else if (split[0].contains("/")) {
                    split[0] = split[0].substring(0, split[0].indexOf("/"));
                    this.message = addSslCert(split[0], 443, "changeit");
                } else {
                    this.message = addSslCert(split[0], 443, "changeit");
                }
            }
        }
        return "success";
    }

    private void buildExistingRules() throws Exception {
        this.existingRules = new LinkedList<>();
        File file = new File("cacerts");
        if (!file.isFile()) {
            char c = File.separatorChar;
            File file2 = new File(System.getProperty("java.home") + c + "lib" + c + "security");
            file = new File(file2, "cacerts");
            if (!file.isFile()) {
                file = new File(file2, "cacerts");
            }
        }
        FileInputStream fileInputStream = new FileInputStream(file);
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(fileInputStream, "changeit".toCharArray());
        fileInputStream.close();
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            Certificate certificate = keyStore.getCertificate(aliases.nextElement());
            if (certificate instanceof X509Certificate) {
                this.existingRules.add(((X509Certificate) certificate).getSubjectDN().getName());
            }
        }
    }

    public String addSslCert(String str, int i, String str2) throws Exception {
        File file = new File("cacerts");
        if (!file.isFile()) {
            char c = File.separatorChar;
            File file2 = new File(System.getProperty("java.home") + c + "lib" + c + "security");
            file = new File(file2, "cacerts");
            if (!file.isFile()) {
                file = new File(file2, "cacerts");
            }
        }
        FileInputStream fileInputStream = new FileInputStream(file);
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(fileInputStream, str2.toCharArray());
        fileInputStream.close();
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        SavingTrustManager savingTrustManager = new SavingTrustManager((X509TrustManager) trustManagerFactory.getTrustManagers()[0]);
        sSLContext.init(null, new TrustManager[]{savingTrustManager}, null);
        SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
        this.log.debug("Opening connection to " + str + ":" + i + "...");
        try {
            SSLSocket sSLSocket = (SSLSocket) socketFactory.createSocket(str, i);
            sSLSocket.setSoTimeout(10000);
            this.log.debug("Starting SSL handshake...");
            sSLSocket.startHandshake();
            sSLSocket.close();
            this.log.debug("No errors, certificate is already trusted");
        } catch (Exception e) {
            addErrorMessage(e.getClass() + " during connection to " + str + ":" + i + "...");
        }
        X509Certificate[] x509CertificateArr = savingTrustManager.chain;
        if (x509CertificateArr == null) {
            addErrorMessage("Could not obtain server certificate chain");
            return "error";
        }
        new BufferedReader(new InputStreamReader(System.in));
        MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
        MessageDigest messageDigest2 = MessageDigest.getInstance("MD5");
        for (X509Certificate x509Certificate : x509CertificateArr) {
            messageDigest.update(x509Certificate.getEncoded());
            messageDigest2.update(x509Certificate.getEncoded());
        }
        String file3 = ((JiraHome) ComponentAccessor.getComponentOfType(JiraHome.class)).getHome().toString();
        for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
            keyStore.setCertificateEntry(str + "-" + (i2 + 1), x509CertificateArr[i2]);
            try {
                FileOutputStream fileOutputStream = new FileOutputStream(file);
                keyStore.store(fileOutputStream, str2.toCharArray());
                fileOutputStream.close();
            } catch (FileNotFoundException e2) {
                FileOutputStream fileOutputStream2 = new FileOutputStream(new File(file3 + "/cacerts"));
                keyStore.store(fileOutputStream2, str2.toCharArray());
                fileOutputStream2.close();
            }
        }
        this.hostsAdded.append("Added ");
        this.hostsAdded.append(str);
        this.hostsAdded.append(" to temporary location.\n ");
        return "To complete the process, copy the file from " + file3 + "/cacerts to " + file + ", then restart JIRA.";
    }

    private static String toHexString(byte[] bArr) {
        StringBuilder sb = new StringBuilder(bArr.length * 3);
        for (byte b : bArr) {
            int i = b & 255;
            sb.append(HEXDIGITS[i >> 4]);
            sb.append(HEXDIGITS[i & 15]);
            sb.append(' ');
        }
        return sb.toString();
    }

    public boolean isAdministrator() {
        return hasGlobalPermission(GlobalPermissionKey.ADMINISTER);
    }

    public String getRulesText() {
        return this.rulesText;
    }

    public void setRulesText(String str) {
        this.rulesText = str;
    }

    public LinkedList<String> getExistingRules() {
        return this.existingRules;
    }

    public void setExistingRules(LinkedList<String> linkedList) {
        this.existingRules = linkedList;
    }

    public String getMessage() {
        return this.message;
    }

    public String getHostsAdded() {
        return this.hostsAdded.toString();
    }
}
