package com.moneydance.apps.md.controller.olb;

import com.moneydance.apps.md.controller.Main;
import com.sun.net.ssl.KeyManager;
import com.sun.net.ssl.SSLContext;
import com.sun.net.ssl.TrustManager;
import com.sun.net.ssl.X509TrustManager;
import java.io.FileOutputStream;
import java.net.Socket;
import java.security.Principal;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Hashtable;
import java.util.Vector;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;

/* loaded from: input_file:com/moneydance/apps/md/controller/olb/HttpsHelper2.class */
public class HttpsHelper2 extends HttpsHelper {
    private static final String CERT_RSRC = "com/moneydance/apps/md/controller/cert/cacerts";
    private static SecureRandom secureRandom = null;
    private static Hashtable cipherSuites = new Hashtable();
    private boolean initialized = false;
    private SSLSocketFactory factory = null;
    private TrustManager trustManager = null;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/moneydance/apps/md/controller/olb/HttpsHelper2$CustomX509TrustManager.class */
    public final class CustomX509TrustManager implements X509TrustManager {
        private X509Certificate[] rootCACerts = new X509Certificate[0];
        private final HttpsHelper2 this$0;

        public CustomX509TrustManager(HttpsHelper2 httpsHelper2) {
            this.this$0 = httpsHelper2;
            loadCert("com/moneydance/apps/md/etc/cert/thawte_root_serverbasic.der");
            loadCert("com/moneydance/apps/md/etc/cert/verisign_class3_pca.der");
            loadCert("com/moneydance/apps/md/etc/cert/verisign_class3_ppca.der");
            loadCert("com/moneydance/apps/md/etc/cert/verisign_ofx_pca.der");
            loadCert("com/moneydance/apps/md/etc/cert/verisign_ofx_class3.der");
            loadCert("com/moneydance/apps/md/etc/cert/verisign_ofx_class3-2.der");
            loadCert("com/moneydance/apps/md/etc/cert/equifax_secure.der");
            loadCert("com/moneydance/apps/md/etc/cert/rsa_secure_server.der");
            loadCert("com/moneydance/apps/md/etc/cert/rsa_secure_server2.der");
        }

        private final void loadCert(String str) {
            try {
                if (Main.DEBUG) {
                    System.err.println(new StringBuffer().append("Loading cert: ").append(str).toString());
                }
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                X509Certificate[] x509CertificateArr = new X509Certificate[this.rootCACerts.length + 1];
                System.arraycopy(this.rootCACerts, 0, x509CertificateArr, 0, this.rootCACerts.length);
                x509CertificateArr[x509CertificateArr.length - 1] = (X509Certificate) certificateFactory.generateCertificate(getClass().getClassLoader().getResourceAsStream(str));
                this.rootCACerts = x509CertificateArr;
            } catch (Exception e) {
                if (Main.DEBUG) {
                    System.err.println(new StringBuffer().append("Error loading certificate: ").append(e).toString());
                    e.printStackTrace(System.err);
                }
            }
        }

        public X509Certificate[] getAcceptedIssuers() {
            return this.rootCACerts;
        }

        private final boolean isCertTrusted(X509Certificate x509Certificate) {
            try {
                x509Certificate.checkValidity();
                for (int length = this.rootCACerts.length - 1; length >= 0; length--) {
                    if (x509Certificate.equals(this.rootCACerts[length])) {
                        return true;
                    }
                }
                Principal issuerDN = x509Certificate.getIssuerDN();
                for (int length2 = this.rootCACerts.length - 1; issuerDN != null && length2 >= 0; length2--) {
                    if (issuerDN.equals(this.rootCACerts[length2].getSubjectDN())) {
                        try {
                            x509Certificate.verify(this.rootCACerts[length2].getPublicKey());
                            return true;
                        } catch (Exception e) {
                            if (Main.DEBUG) {
                                System.err.println(new StringBuffer().append("  exception verifying certificate: ").append(e).toString());
                                e.printStackTrace(System.err);
                            }
                        }
                    }
                }
                return false;
            } catch (Exception e2) {
                if (!Main.DEBUG) {
                    return false;
                }
                System.err.println(new StringBuffer().append("Certificate validity check failed: ").append(e2).toString());
                e2.printStackTrace(System.err);
                return false;
            }
        }

        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            checkClientTrusted(x509CertificateArr, str);
        }

        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (!isServerTrusted(x509CertificateArr)) {
                throw new CertificateException("Untrusted SSL connection: no certificates provided by server");
            }
        }

        public boolean isClientTrusted(X509Certificate[] x509CertificateArr) {
            return isServerTrusted(x509CertificateArr);
        }

        public boolean isServerTrusted(X509Certificate[] x509CertificateArr) {
            if (x509CertificateArr == null || x509CertificateArr.length < 1) {
                return false;
            }
            for (int i = 0; i < x509CertificateArr.length; i++) {
                X509Certificate x509Certificate = x509CertificateArr[i];
                if (x509Certificate == null) {
                    return false;
                }
                if (isCertTrusted(x509Certificate)) {
                    return true;
                }
                if (i == x509CertificateArr.length - 1) {
                    if (!Main.DEBUG) {
                        return false;
                    }
                    saveCert(x509Certificate, i);
                    System.err.println("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
                    System.err.println("!! Warning: encountered untrusted cert (saving) !!");
                    System.err.println("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
                    return false;
                }
                X509Certificate x509Certificate2 = x509CertificateArr[i + 1];
                if (x509Certificate2 == null) {
                    return false;
                }
                x509Certificate2.getPublicKey();
                try {
                    x509Certificate.verify(x509Certificate2.getPublicKey());
                } catch (Exception e) {
                    if (Main.DEBUG) {
                        System.err.println(new StringBuffer().append("  exception verifying certificate: ").append(e).toString());
                        e.printStackTrace(System.err);
                    }
                }
                if (Main.DEBUG) {
                    saveCert(x509Certificate, i);
                }
            }
            if (!Main.DEBUG) {
                return false;
            }
            System.err.println("   Should have never gotten this far in verifyCert");
            return false;
        }

        private void saveCert(X509Certificate x509Certificate, int i) {
            try {
                String stringBuffer = new StringBuffer().append("unknown_cert_").append(i).append(".der").toString();
                System.err.println(new StringBuffer().append("Saving certificate: ").append(i).toString());
                System.err.println(new StringBuffer().append("    subject: ").append(x509Certificate.getSubjectDN()).toString());
                System.err.println(new StringBuffer().append("     issuer: ").append(x509Certificate.getIssuerDN()).toString());
                System.err.println(new StringBuffer().append("  not after: ").append(x509Certificate.getNotAfter()).toString());
                System.err.println(new StringBuffer().append(" not before: ").append(x509Certificate.getNotBefore()).toString());
                System.err.println(new StringBuffer().append("   filename: ").append(stringBuffer).toString());
                FileOutputStream fileOutputStream = new FileOutputStream(stringBuffer);
                fileOutputStream.write(x509Certificate.getEncoded());
                fileOutputStream.close();
            } catch (Exception e) {
                System.err.println(new StringBuffer().append("Error writing unknown cert to file: ").append(e).toString());
            }
        }
    }

    @Override // com.moneydance.apps.md.controller.olb.HttpsHelper
    public final Socket getSSLSocket(String str, int i) throws Exception {
        initSSL();
        int i2 = i == -1 ? 443 : i;
        if (Main.DEBUG) {
            System.err.println(new StringBuffer().append("Connecting to ").append(str).toString());
        }
        this.main.getPreferences();
        SSLSocket sSLSocket = (SSLSocket) this.factory.createSocket(getProxyConnection(str, i2), str, i2, true);
        String[] supportedCipherSuites = this.factory.getSupportedCipherSuites();
        Vector vector = new Vector();
        for (int i3 = 0; i3 < supportedCipherSuites.length; i3++) {
            if (cipherSuites.containsKey(supportedCipherSuites[i3])) {
                vector.addElement(supportedCipherSuites[i3]);
            }
        }
        String[] strArr = new String[vector.size()];
        vector.copyInto(strArr);
        sSLSocket.setEnabledCipherSuites(strArr);
        return sSLSocket;
    }

    @Override // com.moneydance.apps.md.controller.olb.HttpsHelper
    public final void initHelper() {
        try {
            initSSL();
        } catch (Exception e) {
            System.err.println(new StringBuffer().append("Error initializing SSL/TLS: ").append(e).toString());
            e.printStackTrace(System.err);
        }
    }

    private final void initSSL() throws Exception {
        if (this.initialized) {
            return;
        }
        if (Main.DEBUG) {
            System.err.println("Initializing SSL");
        }
        initContext("SSL");
        this.initialized = true;
    }

    private final void initContext(String str) throws Exception {
        try {
            SSLContext sSLContext = SSLContext.getInstance(str);
            if (Main.DEBUG) {
                System.err.println(new StringBuffer().append("initializing context: ").append(sSLContext).append(" for protocol: ").append(str).toString());
            }
            if (secureRandom == null) {
                synchronized (getClass()) {
                    if (secureRandom == null) {
                        this.main.setStatus(this.main.getResources().getString("init_srng..."));
                        secureRandom = new SecureRandom();
                        secureRandom.nextBytes(new byte[4]);
                        this.main.setStatus(Main.CURRENT_STATUS);
                    }
                }
            }
            sSLContext.init((KeyManager[]) null, new TrustManager[]{getTrustManager()}, secureRandom);
            this.factory = sSLContext.getSocketFactory();
            try {
                HttpsURLConnection.setDefaultSSLSocketFactory(this.factory);
            } catch (Throwable th) {
                System.err.println(new StringBuffer().append("Error setting https connection handler (protocol=").append(str).append("): ").append(th).toString());
            }
        } catch (Throwable th2) {
            System.err.println(new StringBuffer().append("Error getting context: ").append(str).append(": ").append(th2).toString());
        }
    }

    private final synchronized TrustManager getTrustManager() {
        if (this.trustManager != null) {
            return this.trustManager;
        }
        this.trustManager = new CustomX509TrustManager(this);
        return this.trustManager;
    }

    static {
        cipherSuites.put("SSL_RSA_WITH_RC4_128_MD5", Main.CURRENT_STATUS);
        cipherSuites.put("SSL_RSA_WITH_RC4_128_SHA", Main.CURRENT_STATUS);
        cipherSuites.put("TLS_RSA_WITH_AES_128_CBC_SHA", Main.CURRENT_STATUS);
        cipherSuites.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA", Main.CURRENT_STATUS);
        cipherSuites.put("TLS_DHE_DSS_WITH_AES_128_CBC_SHA", Main.CURRENT_STATUS);
        cipherSuites.put("SSL_RSA_WITH_3DES_EDE_CBC_SHA", Main.CURRENT_STATUS);
        cipherSuites.put("SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", Main.CURRENT_STATUS);
        cipherSuites.put("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", Main.CURRENT_STATUS);
    }
}
