package com.bes.enterprise.appserver.common.security;

import com.bes.enterprise.appserver.common.process.ExecException;
import com.bes.enterprise.appserver.common.process.ProcessExecutor;
import com.bes.enterprise.appserver.common.process.ProcessUtils;
import com.bes.enterprise.appserver.common.util.NetUtils;
import com.bes.enterprise.appserver.common.util.OSUtils;
import com.bes.enterprise.appserver.common.util.RepositoryException;
import com.bes.enterprise.appserver.common.util.SanitizeFile;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.Iterator;

/* loaded from: input_file:com/bes/enterprise/appserver/common/security/KeystoreManager.class */
public class KeystoreManager {
    private static final String KEYTOOL_CMD;
    private static final String KEYTOOL_EXE_NAME;
    private static String CERTIFICATE_DN_PREFIX;
    private static String CERTIFICATE_DN_SUFFIX;
    public static final String CERTIFICATE_ALIAS = "bes";
    public static final String DEFAULT_MASTER_PASSWORD = "changeit";
    private static final String SKID_EXTENSION_SYSTEM_PROPERTY = "-J-Dsun.security.internal.keytool.skid";
    private File securityDir;
    private File keyStoreFile;
    private File trustStoreFile;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:com/bes/enterprise/appserver/common/security/KeystoreManager$KeytoolExecutor.class */
    public static class KeytoolExecutor extends ProcessExecutor {
        public KeytoolExecutor(String[] strArr, long j) {
            super(strArr, j);
            setExecutionRetentionFlag(true);
            addKeytoolCommand();
        }

        public KeytoolExecutor(String[] strArr, long j, String[] strArr2) {
            super(strArr, j, strArr2);
            setExecutionRetentionFlag(true);
            addKeytoolCommand();
        }

        @Override // com.bes.enterprise.appserver.common.process.ProcessExecutor
        protected String getExceptionMessage() {
            return getLatestOutput(this.mOutFile) + " " + getFileBuffer(this.mErrFile);
        }

        private void addKeytoolCommand() {
            if (this.mCmdStrings[0].equals(KeystoreManager.KEYTOOL_CMD)) {
                return;
            }
            String[] strArr = new String[this.mCmdStrings.length + 1];
            strArr[0] = KeystoreManager.KEYTOOL_CMD;
            System.arraycopy(this.mCmdStrings, 0, strArr, 1, this.mCmdStrings.length);
            this.mCmdStrings = strArr;
        }

        public void execute(String str, File file) throws RepositoryException {
            try {
                super.execute();
                if (getProcessExitValue() != 0) {
                    throw new RepositoryException(str + getLastExecutionError() + " " + getLastExecutionOutput());
                }
            } catch (ExecException e) {
                throw new RepositoryException(str + getLastExecutionError() + " " + getLastExecutionOutput(), e);
            }
        }
    }

    public KeystoreManager(String str) {
        this.securityDir = new File(str, "conf/security");
        this.keyStoreFile = new File(this.securityDir, "keystore.jks");
        this.trustStoreFile = new File(this.securityDir, "cacerts.jks");
    }

    public void createSSLCertificateDatabase(String str) {
        createKeyStore(str);
        createTrustStore(str);
    }

    public void createSSLCertificateDatabase() {
        createKeyStore("changeit");
        createTrustStore("changeit");
    }

    public File getSecurityDir() {
        return this.securityDir;
    }

    public File getKeyStore() {
        return this.keyStoreFile;
    }

    public File getTrustStore() {
        return this.trustStoreFile;
    }

    protected void createKeyStore(String str) {
        File keyStore = getKeyStore();
        if (keyStore.exists()) {
            keyStore.delete();
        }
        String certDN = getCertDN();
        System.out.println("The type of security store is: JKS.");
        System.out.println("Distinguished Name of the self-signed X.509 Server Certificate is:");
        System.out.println("[" + certDN + "]");
        addSelfSignedCertToKeyStore(keyStore, CERTIFICATE_ALIAS, str, certDN);
        try {
            chmod("755", keyStore);
        } catch (Exception e) {
        }
    }

    private void addSelfSignedCertToKeyStore(File file, String str, String str2, String str3) {
        try {
            new KeytoolExecutor(new String[]{"-genkey", "-keyalg", "RSA", "-sigalg", "SHA1WithRSA", "-keysize", "2048", "-keystore", file.getAbsolutePath(), "-alias", str, "-dname", str3, "-validity", "3650", "-keypass", str2, "-storepass", str2, "-storetype", "JKS", SKID_EXTENSION_SYSTEM_PROPERTY}, 300L).execute("keystoreNotCreated", file);
        } catch (RepositoryException e) {
            e.printStackTrace();
        }
    }

    protected void createTrustStore(String str) {
        changeKeystorePassword("changeit", str, getTrustStore());
        copyCert(CERTIFICATE_ALIAS, str);
    }

    private void copyCert(String str, String str2) {
        File keyStore = getKeyStore();
        File trustStore = getTrustStore();
        File file = null;
        String[] strArr = {str2};
        try {
            file = new File(getSecurityDir(), str + ".cer");
            try {
                new KeytoolExecutor(new String[]{"-export", "-keystore", keyStore.getAbsolutePath(), "-alias", str, "-storetype", "JKS", "-file", file.getAbsolutePath()}, 300L, strArr).execute("trustStoreNotCreated", trustStore);
            } catch (RepositoryException e) {
                e.printStackTrace();
            }
            try {
                new KeytoolExecutor(new String[]{"-import", "-noprompt", "-keystore", trustStore.getAbsolutePath(), "-alias", str, "-storetype", "JKS", "-file", file.getAbsolutePath()}, 300L, strArr).execute("trustStoreNotCreated", trustStore);
            } catch (RepositoryException e2) {
                try {
                    new KeytoolExecutor(new String[]{"-delete", "-noprompt", "-keystore", trustStore.getAbsolutePath(), "-alias", str, "-storetype", "JKS"}, 300L, strArr).execute("trustStoreNotCreated", trustStore);
                    new KeytoolExecutor(new String[]{"-import", "-noprompt", "-keystore", trustStore.getAbsolutePath(), "-alias", str, "-storetype", "JKS", "-file", file.getAbsolutePath()}, 300L, strArr).execute("trustStoreNotCreated", trustStore);
                } catch (RepositoryException e3) {
                    e3.printStackTrace();
                }
            }
            if (file == null || file.delete()) {
                return;
            }
            System.out.println("errorDeletingTempCertFile:" + file.getAbsolutePath());
        } catch (Throwable th) {
            if (file != null && !file.delete()) {
                System.out.println("errorDeletingTempCertFile:" + file.getAbsolutePath());
            }
            throw th;
        }
    }

    protected void changeKeystorePassword(String str, String str2, File file) {
        if (str.equals(str2)) {
            return;
        }
        try {
            new KeytoolExecutor(new String[]{"-storepasswd", "-keystore", file.getAbsolutePath()}, 300L, new String[]{str, str2, str2}).execute("keyStorePasswordNotChanged", file);
        } catch (RepositoryException e) {
            e.printStackTrace();
        }
    }

    protected void changeBESAliasPassword(String str, String str2, String str3) throws RepositoryException {
        if (str.equals(str2) || str2.equals(str3)) {
            return;
        }
        File keyStore = getKeyStore();
        String property = System.getProperty("javax.net.ssl.keyStoreType");
        if (property == null) {
            property = KeyStore.getDefaultType();
        }
        ArrayList arrayList = new ArrayList();
        FileInputStream fileInputStream = null;
        try {
            try {
                KeyStore keyStore2 = KeyStore.getInstance(property);
                fileInputStream = new FileInputStream(keyStore);
                keyStore2.load(fileInputStream, str.toCharArray());
                Enumeration<String> aliases = keyStore2.aliases();
                while (aliases.hasMoreElements()) {
                    arrayList.add(aliases.nextElement());
                }
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e) {
                        e.printStackTrace();
                    }
                }
                try {
                    new KeytoolExecutor(new String[]{"-list", "-keystore", keyStore.getAbsolutePath(), "-alias", CERTIFICATE_ALIAS}, 300L, new String[]{str}).execute("besKeyPasswordNotChanged", keyStore);
                    Iterator it = arrayList.iterator();
                    while (it.hasNext()) {
                        new KeytoolExecutor(new String[]{"-keypasswd", "-keystore", keyStore.getAbsolutePath(), "-alias", (String) it.next()}, 300L, new String[]{str, str2, str3, str3}).execute("besKeyPasswordNotChanged", keyStore);
                    }
                } catch (RepositoryException e2) {
                }
            } catch (Exception e3) {
                arrayList.add(CERTIFICATE_ALIAS);
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e4) {
                        e4.printStackTrace();
                    }
                }
                try {
                    new KeytoolExecutor(new String[]{"-list", "-keystore", keyStore.getAbsolutePath(), "-alias", CERTIFICATE_ALIAS}, 300L, new String[]{str}).execute("besKeyPasswordNotChanged", keyStore);
                    Iterator it2 = arrayList.iterator();
                    while (it2.hasNext()) {
                        new KeytoolExecutor(new String[]{"-keypasswd", "-keystore", keyStore.getAbsolutePath(), "-alias", (String) it2.next()}, 300L, new String[]{str, str2, str3, str3}).execute("besKeyPasswordNotChanged", keyStore);
                    }
                } catch (RepositoryException e5) {
                }
            }
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e6) {
                    e6.printStackTrace();
                }
            }
            try {
                new KeytoolExecutor(new String[]{"-list", "-keystore", keyStore.getAbsolutePath(), "-alias", CERTIFICATE_ALIAS}, 300L, new String[]{str}).execute("besKeyPasswordNotChanged", keyStore);
                Iterator it3 = arrayList.iterator();
                while (it3.hasNext()) {
                    new KeytoolExecutor(new String[]{"-keypasswd", "-keystore", keyStore.getAbsolutePath(), "-alias", (String) it3.next()}, 300L, new String[]{str, str2, str3, str3}).execute("besKeyPasswordNotChanged", keyStore);
                }
                throw th;
            } catch (RepositoryException e7) {
            }
        }
    }

    protected void changeSSLCertificateDatabasePassword(String str, String str2) {
        File keyStore = getKeyStore();
        File trustStore = getTrustStore();
        if (keyStore.exists()) {
            changeKeystorePassword(str, str2, keyStore);
            try {
                changeBESAliasPassword(str2, str, str2);
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        if (trustStore.exists()) {
            changeKeystorePassword(str, str2, trustStore);
        }
    }

    protected void chmod(String str, File file) throws IOException {
        if (OSUtils.isUNIX()) {
            if (str == null || file == null) {
                throw new IOException("Args is null!");
            }
            if (!file.exists()) {
                throw new IOException("File:" + file + " is found!");
            }
            String[] split = str.split(" +");
            ArrayList arrayList = new ArrayList();
            arrayList.add("/bin/chmod");
            arrayList.addAll(Arrays.asList(split));
            arrayList.add(file.getAbsolutePath());
            new ProcessBuilder(arrayList).start();
        }
    }

    public static String getCertDN() {
        String str;
        try {
            str = NetUtils.getCanonicalHostName();
        } catch (UnknownHostException e) {
            str = "localhost";
        }
        return CERTIFICATE_DN_PREFIX + str + CERTIFICATE_DN_SUFFIX;
    }

    static {
        KEYTOOL_EXE_NAME = OSUtils.isWindows() ? "keytool.exe" : "keytool";
        CERTIFICATE_DN_PREFIX = "CN=";
        CERTIFICATE_DN_SUFFIX = ",OU=BES Application Server,O=bessystem,L=Haidian,ST=Beijing,C=CN";
        String str = KEYTOOL_EXE_NAME;
        File file = new File(new File(System.getenv("JAVA_HOME"), "bin"), KEYTOOL_EXE_NAME);
        if (file.canExecute()) {
            str = SanitizeFile.sanitize(file.getPath());
        } else {
            File exe = ProcessUtils.getExe(KEYTOOL_EXE_NAME);
            if (exe != null && exe.canExecute()) {
                str = exe.getPath();
            }
        }
        KEYTOOL_CMD = str;
    }
}
