package org.zaproxy.zap.extension.dynssl;

import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Path;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.List;
import org.apache.commons.io.FileUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.parosproxy.paros.CommandLine;
import org.parosproxy.paros.Constant;
import org.parosproxy.paros.control.Control;
import org.parosproxy.paros.extension.CommandLineArgument;
import org.parosproxy.paros.extension.CommandLineListener;
import org.parosproxy.paros.extension.ExtensionAdaptor;
import org.parosproxy.paros.extension.ExtensionHook;
import org.parosproxy.paros.network.SSLConnector;
import org.parosproxy.paros.security.CachedSslCertifificateServiceImpl;
import org.parosproxy.paros.security.SslCertificateService;

@Deprecated
/* loaded from: input_file:org/zaproxy/zap/extension/dynssl/ExtensionDynSSL.class */
public class ExtensionDynSSL extends ExtensionAdaptor implements CommandLineListener {
    public static final String EXTENSION_ID = "ExtensionDynSSL";
    private DynSSLParam params;
    private DynamicSSLPanel optionsPanel;
    private static final int ARG_CERT_LOAD = 0;
    private static final int ARG_CERT_PUB_DUMP = 1;
    private static final int ARG_CERT_FULL_DUMP = 2;
    private CommandLineArgument[] arguments = new CommandLineArgument[3];
    private final Logger logger = LogManager.getLogger(ExtensionDynSSL.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/zaproxy/zap/extension/dynssl/ExtensionDynSSL$CertWriter.class */
    public interface CertWriter {
        void write(Path path) throws Exception;
    }

    public ExtensionDynSSL() {
        setName(EXTENSION_ID);
        setOrder(54);
    }

    @Override // org.parosproxy.paros.extension.ExtensionAdaptor, org.parosproxy.paros.extension.Extension
    public String getUIName() {
        return Constant.messages.getString("dynssl.name");
    }

    @Override // org.parosproxy.paros.extension.ExtensionAdaptor, org.parosproxy.paros.extension.Extension
    public void hook(ExtensionHook extensionHook) {
        super.hook(extensionHook);
        if (getView() != null) {
            extensionHook.getHookView().addOptionPanel(getOptionsPanel());
        }
        extensionHook.addCommandLine(getCommandLineArguments());
        extensionHook.addOptionsParamSet(getParams());
    }

    @Override // org.parosproxy.paros.extension.ExtensionAdaptor, org.parosproxy.paros.extension.Extension
    public void start() {
        try {
            startImpl();
            SSLConnector.setSslCertificateService(CachedSslCertifificateServiceImpl.getService());
        } catch (Throwable th) {
            SSLConnector.setSslCertificateService(CachedSslCertifificateServiceImpl.getService());
            throw th;
        }
    }

    private void startImpl() {
        KeyStore rootca = getParams().getRootca();
        if (rootca == null) {
            try {
                createNewRootCa();
                return;
            } catch (Exception e) {
                this.logger.error("Failed to create new root CA certificate:", e);
                return;
            }
        }
        try {
            setRootCa(rootca);
        } catch (Exception e2) {
            this.logger.error("Couldn't initialize Root CA", e2);
        }
        if (isCertExpired(getRootCaCertificate())) {
            warnRootCaCertExpired();
        }
    }

    public void createNewRootCa() throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException {
        this.logger.info("Creating new root CA certificate");
        KeyStore createRootCA = SslCertificateUtils.createRootCA();
        setRootCa(createRootCA);
        getParams().setRootca(createRootCA);
        this.logger.info("New root CA certificate created");
    }

    private DynamicSSLPanel getOptionsPanel() {
        if (this.optionsPanel == null) {
            this.optionsPanel = new DynamicSSLPanel(this);
        }
        return this.optionsPanel;
    }

    public DynSSLParam getParams() {
        if (this.params == null) {
            this.params = new DynSSLParam();
        }
        return this.params;
    }

    @Override // org.parosproxy.paros.extension.Extension
    public String getAuthor() {
        return Constant.ZAP_TEAM;
    }

    @Override // org.parosproxy.paros.extension.ExtensionAdaptor, org.parosproxy.paros.extension.Extension
    public String getDescription() {
        return Constant.messages.getString("dynssl.desc");
    }

    public void setRootCa(KeyStore keyStore) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException {
        CachedSslCertifificateServiceImpl.getService().initializeRootCA(keyStore);
    }

    public Certificate getRootCA() throws KeyStoreException {
        if (getParams().getRootca() == null) {
            return null;
        }
        return getParams().getRootca().getCertificate(SslCertificateService.ZAPROXY_JKS_ALIAS);
    }

    @Override // org.parosproxy.paros.extension.ExtensionAdaptor, org.parosproxy.paros.extension.Extension
    public boolean supportsDb(String str) {
        return true;
    }

    @Override // org.parosproxy.paros.extension.ExtensionAdaptor, org.parosproxy.paros.extension.Extension
    public boolean supportsLowMemory() {
        return true;
    }

    public X509Certificate getRootCaCertificate() {
        try {
            return (X509Certificate) getRootCA();
        } catch (KeyStoreException e) {
            this.logger.error("Couldn't get ZAP's Root CA Certificate", e);
            return null;
        }
    }

    public void writeRootPubCaCertificateToFile(Path path) throws IOException, KeyStoreException {
    }

    public void writeRootFullCaCertificateToFile(Path path) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
    }

    private static void writeCert(String str, CertWriter certWriter) {
        File file = new File(str);
        if (file.exists() && !file.canWrite()) {
            CommandLine.error(Constant.messages.getString("dynssl.cmdline.error.nowrite", file.getAbsolutePath()));
            return;
        }
        try {
            certWriter.write(file.toPath());
            CommandLine.info(Constant.messages.getString("dynssl.cmdline.certdump.done", file.getAbsolutePath()));
        } catch (Exception e) {
            CommandLine.error(Constant.messages.getString("dynssl.cmdline.error.write", file.getAbsolutePath()), e);
        }
    }

    public String importRootCaCertificate(File file) {
        try {
            String readFileToString = FileUtils.readFileToString(file, StandardCharsets.US_ASCII);
            try {
                byte[] extractCertificate = SslCertificateUtils.extractCertificate(readFileToString);
                if (extractCertificate.length == 0) {
                    return Constant.messages.getString("dynssl.importpem.nocertsection", SslCertificateUtils.BEGIN_CERTIFICATE_TOKEN, SslCertificateUtils.END_CERTIFICATE_TOKEN);
                }
                try {
                    byte[] extractPrivateKey = SslCertificateUtils.extractPrivateKey(readFileToString);
                    if (extractPrivateKey.length == 0) {
                        return Constant.messages.getString("dynssl.importpem.noprivkeysection", SslCertificateUtils.BEGIN_PRIVATE_KEY_TOKEN, SslCertificateUtils.END_PRIVATE_KEY_TOKEN);
                    }
                    try {
                        KeyStore pem2KeyStore = SslCertificateUtils.pem2KeyStore(extractCertificate, extractPrivateKey);
                        setRootCa(pem2KeyStore);
                        getParams().setRootca(pem2KeyStore);
                        return null;
                    } catch (Exception e) {
                        return Constant.messages.getString("dynssl.importpem.failedkeystore", e.getLocalizedMessage());
                    }
                } catch (IllegalArgumentException e2) {
                    return Constant.messages.getString("dynssl.importpem.privkeynobase64");
                }
            } catch (IllegalArgumentException e3) {
                return Constant.messages.getString("dynssl.importpem.certnobase64");
            }
        } catch (IOException e4) {
            return Constant.messages.getString("dynssl.importpem.failedreadfile", e4.getLocalizedMessage());
        }
    }

    private boolean isCertExpired(X509Certificate x509Certificate) {
        return x509Certificate != null && x509Certificate.getNotAfter().before(new Date());
    }

    private void warnRootCaCertExpired() {
        X509Certificate rootCaCertificate = getRootCaCertificate();
        if (rootCaCertificate == null) {
            return;
        }
        String string = Constant.messages.getString("dynssl.warn.cert.expired", rootCaCertificate.getNotAfter().toString(), new Date().toString());
        if (hasView() && getView().showConfirmDialog(string) == 0) {
            try {
                createNewRootCa();
                Control.getSingleton().getMenuToolsControl().options(Constant.messages.getString("dynssl.options.name"));
            } catch (Exception e) {
                this.logger.error("Failed to create new root CA certificate:", e);
                getView().showWarningDialog(Constant.messages.getString("dynssl.warn.cert.failed", e.getMessage()));
            }
        }
        this.logger.warn(string);
    }

    @Override // org.parosproxy.paros.extension.CommandLineListener
    public void execute(CommandLineArgument[] commandLineArgumentArr) {
        if (this.arguments[0].isEnabled()) {
            File file = new File(this.arguments[0].getArguments().firstElement());
            if (file.canRead()) {
                String importRootCaCertificate = importRootCaCertificate(file);
                if (importRootCaCertificate == null) {
                    CommandLine.info(Constant.messages.getString("dynssl.cmdline.certload.done", file.getAbsolutePath()));
                } else {
                    CommandLine.error(importRootCaCertificate);
                }
            } else {
                CommandLine.error(Constant.messages.getString("dynssl.cmdline.error.noread", file.getAbsolutePath()));
            }
        }
        if (this.arguments[1].isEnabled()) {
            writeCert(this.arguments[1].getArguments().firstElement(), this::writeRootPubCaCertificateToFile);
        }
        if (this.arguments[2].isEnabled()) {
            writeCert(this.arguments[2].getArguments().firstElement(), this::writeRootFullCaCertificateToFile);
        }
    }

    private CommandLineArgument[] getCommandLineArguments() {
        this.arguments[0] = new CommandLineArgument("-certload", 1, null, Constant.USER_AGENT, "-certload <path>         " + Constant.messages.getString("dynssl.cmdline.certload"));
        this.arguments[1] = new CommandLineArgument("-certpubdump", 1, null, Constant.USER_AGENT, "-certpubdump <path>      " + Constant.messages.getString("dynssl.cmdline.certpubdump"));
        this.arguments[2] = new CommandLineArgument("-certfulldump", 1, null, Constant.USER_AGENT, "-certfulldump <path>     " + Constant.messages.getString("dynssl.cmdline.certfulldump"));
        return this.arguments;
    }

    @Override // org.parosproxy.paros.extension.CommandLineListener
    public boolean handleFile(File file) {
        return false;
    }

    @Override // org.parosproxy.paros.extension.CommandLineListener
    public List<String> getHandledExtensions() {
        return null;
    }
}
