package org.openstreetmap.josm.io.remotecontrol;

import com.drew.metadata.exif.makernotes.NikonType2MakernoteDirectory;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.SocketException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.StandardOpenOption;
import java.nio.file.attribute.FileAttribute;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.Enumeration;
import java.util.Vector;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;
import org.openstreetmap.josm.Main;
import org.openstreetmap.josm.data.preferences.StringProperty;
import org.openstreetmap.josm.io.remotecontrol.handler.VersionHandler;
import org.openstreetmap.josm.tools.I18n;
import sun.security.util.ObjectIdentifier;
import sun.security.x509.AlgorithmId;
import sun.security.x509.BasicConstraintsExtension;
import sun.security.x509.CertificateAlgorithmId;
import sun.security.x509.CertificateExtensions;
import sun.security.x509.CertificateIssuerName;
import sun.security.x509.CertificateSerialNumber;
import sun.security.x509.CertificateSubjectName;
import sun.security.x509.CertificateValidity;
import sun.security.x509.CertificateVersion;
import sun.security.x509.CertificateX509Key;
import sun.security.x509.ExtendedKeyUsageExtension;
import sun.security.x509.GeneralName;
import sun.security.x509.GeneralNames;
import sun.security.x509.IPAddressName;
import sun.security.x509.OIDName;
import sun.security.x509.SubjectAlternativeNameExtension;
import sun.security.x509.URIName;
import sun.security.x509.X500Name;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;

/* loaded from: input_file:org/openstreetmap/josm/io/remotecontrol/RemoteControlHttpsServer.class */
public class RemoteControlHttpsServer extends Thread {
    private ServerSocket server;
    private SSLContext sslContext;
    private static final int HTTPS_PORT = 8112;
    public static final String KEYSTORE_FILENAME = "josm.keystore";
    public static final String ENTRY_ALIAS = "josm_localhost";
    private static volatile RemoteControlHttpsServer instance4 = null;
    private static volatile RemoteControlHttpsServer instance6 = null;
    public static final StringProperty KEYSTORE_PASSWORD = new StringProperty("remotecontrol.https.keystore.password", "");
    public static final StringProperty KEYENTRY_PASSWORD = new StringProperty("remotecontrol.https.keyentry.password", "");

    private static GeneralName createGeneralName(String str, String str2) throws IOException {
        URIName oIDName;
        String lowerCase = str.toLowerCase();
        boolean z = -1;
        switch (lowerCase.hashCode()) {
            case 3367:
                if (lowerCase.equals("ip")) {
                    z = 2;
                    break;
                }
                break;
            case 99625:
                if (lowerCase.equals("dns")) {
                    z = true;
                    break;
                }
                break;
            case 116076:
                if (lowerCase.equals("uri")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                oIDName = new URIName(str2);
                break;
            case true:
                oIDName = new DNSName(str2);
                break;
            case true:
                oIDName = new IPAddressName(str2);
                break;
            default:
                oIDName = new OIDName(str2);
                break;
        }
        return new GeneralName(oIDName);
    }

    private static X509Certificate generateCertificate(String str, KeyPair keyPair, int i, String str2, String str3) throws GeneralSecurityException, IOException {
        PrivateKey privateKey = keyPair.getPrivate();
        X509CertInfo x509CertInfo = new X509CertInfo();
        Date date = new Date();
        CertificateValidity certificateValidity = new CertificateValidity(date, new Date(date.getTime() + (i * 86400000)));
        BigInteger bigInteger = new BigInteger(64, new SecureRandom());
        X500Name x500Name = new X500Name(str);
        x509CertInfo.set("validity", certificateValidity);
        x509CertInfo.set("serialNumber", new CertificateSerialNumber(bigInteger));
        if (Main.isJava8orLater()) {
            x509CertInfo.set("subject", x500Name);
            x509CertInfo.set("issuer", x500Name);
        } else {
            x509CertInfo.set("subject", new CertificateSubjectName(x500Name));
            x509CertInfo.set("issuer", new CertificateIssuerName(x500Name));
        }
        x509CertInfo.set("key", new CertificateX509Key(keyPair.getPublic()));
        x509CertInfo.set(VersionHandler.command, new CertificateVersion(2));
        x509CertInfo.set("algorithmID", new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid)));
        CertificateExtensions certificateExtensions = new CertificateExtensions();
        certificateExtensions.set("BasicConstraints", new BasicConstraintsExtension(true, false, 0));
        certificateExtensions.set("ExtendedKeyUsage", new ExtendedKeyUsageExtension(true, new Vector(Arrays.asList(new ObjectIdentifier("1.3.6.1.5.5.7.3.1")))));
        if (str3 != null) {
            String[] split = str3.split(",");
            GeneralNames generalNames = new GeneralNames();
            for (String str4 : split) {
                int indexOf = str4.indexOf(58);
                if (indexOf < 0) {
                    throw new IllegalArgumentException("Illegal item " + str4 + " in " + str3);
                }
                generalNames.add(createGeneralName(str4.substring(0, indexOf), str4.substring(indexOf + 1)));
            }
            certificateExtensions.set("SubjectAlternativeName", new SubjectAlternativeNameExtension(false, generalNames));
        }
        x509CertInfo.set("extensions", certificateExtensions);
        X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
        x509CertImpl.sign(privateKey, str2);
        x509CertInfo.set("algorithmID.algorithm", (AlgorithmId) x509CertImpl.get("x509.algorithm"));
        X509CertImpl x509CertImpl2 = new X509CertImpl(x509CertInfo);
        x509CertImpl2.sign(privateKey, str2);
        return x509CertImpl2;
    }

    public static Path setupJosmKeystore() throws IOException, GeneralSecurityException {
        KEYSTORE_PASSWORD.get().toCharArray();
        KEYENTRY_PASSWORD.get().toCharArray();
        Path path = Paths.get(RemoteControl.getRemoteControlDir(), new String[0]);
        Path resolve = path.resolve(KEYSTORE_FILENAME);
        Files.createDirectories(path, new FileAttribute[0]);
        if (!Files.exists(resolve, new LinkOption[0])) {
            Main.debug("No keystore found, creating a new one");
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            X509Certificate generateCertificate = generateCertificate("CN=localhost, OU=JOSM, O=OpenStreetMap", generateKeyPair, 1825, "SHA256withRSA", "dns:localhost,ip:127.0.0.1,dns:127.0.0.1,ip:::1,uri:https://127.0.0.1:8112,uri:https://::1:8112");
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(null, null);
            SecureRandom secureRandom = new SecureRandom();
            KEYSTORE_PASSWORD.put(new BigInteger(NikonType2MakernoteDirectory.TAG_ADAPTER, secureRandom).toString(32));
            KEYENTRY_PASSWORD.put(new BigInteger(NikonType2MakernoteDirectory.TAG_ADAPTER, secureRandom).toString(32));
            char[] charArray = KEYSTORE_PASSWORD.get().toCharArray();
            keyStore.setKeyEntry(ENTRY_ALIAS, generateKeyPair.getPrivate(), KEYENTRY_PASSWORD.get().toCharArray(), new Certificate[]{generateCertificate});
            keyStore.store(Files.newOutputStream(resolve, StandardOpenOption.CREATE), charArray);
        }
        return resolve;
    }

    public static KeyStore loadJosmKeystore() throws IOException, GeneralSecurityException {
        InputStream newInputStream = Files.newInputStream(setupJosmKeystore(), new OpenOption[0]);
        Throwable th = null;
        try {
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(newInputStream, KEYSTORE_PASSWORD.get().toCharArray());
            if (Main.isDebugEnabled()) {
                Enumeration<String> aliases = keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    Main.debug("Alias in JOSM keystore: " + aliases.nextElement());
                }
            }
            return keyStore;
        } finally {
            if (newInputStream != null) {
                if (0 != 0) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    newInputStream.close();
                }
            }
        }
    }

    private void initialize() throws IOException, GeneralSecurityException {
        KeyStore loadJosmKeystore = loadJosmKeystore();
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        keyManagerFactory.init(loadJosmKeystore, KEYENTRY_PASSWORD.get().toCharArray());
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
        trustManagerFactory.init(loadJosmKeystore);
        this.sslContext = SSLContext.getInstance("TLS");
        this.sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
        if (Main.isTraceEnabled()) {
            Main.trace("SSL Context protocol: " + this.sslContext.getProtocol());
            Main.trace("SSL Context provider: " + this.sslContext.getProvider());
        }
        setupPlatform(loadJosmKeystore);
    }

    public static boolean setupPlatform(KeyStore keyStore) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        Enumeration<String> aliases = keyStore.aliases();
        if (aliases.hasMoreElements()) {
            return Main.platform.setupHttpsCertificate(ENTRY_ALIAS, new KeyStore.TrustedCertificateEntry(keyStore.getCertificate(aliases.nextElement())));
        }
        return false;
    }

    public static void restartRemoteControlHttpsServer() {
        stopRemoteControlHttpsServer();
        if (RemoteControl.PROP_REMOTECONTROL_HTTPS_ENABLED.get().booleanValue()) {
            int integer = Main.pref.getInteger("remote.control.https.port", HTTPS_PORT);
            try {
                instance4 = new RemoteControlHttpsServer(integer, false);
                instance4.start();
            } catch (Exception e) {
                Main.warn(I18n.marktr("Cannot start IPv4 remotecontrol https server on port {0}: {1}"), Integer.toString(integer), e.getLocalizedMessage());
            }
            try {
                instance6 = new RemoteControlHttpsServer(integer, true);
                instance6.start();
            } catch (Exception e2) {
                if (instance4 == null) {
                    Main.warn(I18n.marktr("Cannot start IPv6 remotecontrol https server on port {0}: {1}"), Integer.toString(integer), e2.getLocalizedMessage());
                }
            }
        }
    }

    public static void stopRemoteControlHttpsServer() {
        if (instance4 != null) {
            try {
                instance4.stopServer();
            } catch (IOException e) {
                Main.error(e);
            }
            instance4 = null;
        }
        if (instance6 != null) {
            try {
                instance6.stopServer();
            } catch (IOException e2) {
                Main.error(e2);
            }
            instance6 = null;
        }
    }

    public RemoteControlHttpsServer(int i, boolean z) throws IOException, NoSuchAlgorithmException, GeneralSecurityException {
        super("RemoteControl HTTPS Server");
        this.server = null;
        setDaemon(true);
        initialize();
        SSLServerSocketFactory serverSocketFactory = this.sslContext.getServerSocketFactory();
        if (Main.isTraceEnabled()) {
            Main.trace("SSL factory - Supported Cipher suites: " + Arrays.toString(serverSocketFactory.getSupportedCipherSuites()));
        }
        this.server = serverSocketFactory.createServerSocket(i, 1, z ? RemoteControl.getInet6Address() : RemoteControl.getInet4Address());
        if (Main.isTraceEnabled() && (this.server instanceof SSLServerSocket)) {
            SSLServerSocket sSLServerSocket = (SSLServerSocket) this.server;
            Main.trace("SSL server - Enabled Cipher suites: " + Arrays.toString(sSLServerSocket.getEnabledCipherSuites()));
            Main.trace("SSL server - Enabled Protocols: " + Arrays.toString(sSLServerSocket.getEnabledProtocols()));
            Main.trace("SSL server - Enable Session Creation: " + sSLServerSocket.getEnableSessionCreation());
            Main.trace("SSL server - Need Client Auth: " + sSLServerSocket.getNeedClientAuth());
            Main.trace("SSL server - Want Client Auth: " + sSLServerSocket.getWantClientAuth());
            Main.trace("SSL server - Use Client Mode: " + sSLServerSocket.getUseClientMode());
        }
    }

    @Override // java.lang.Thread, java.lang.Runnable
    public void run() {
        Main.info(I18n.marktr("RemoteControl::Accepting secure remote connections on {0}:{1}"), this.server.getInetAddress(), Integer.toString(this.server.getLocalPort()));
        while (true) {
            try {
                Socket accept = this.server.accept();
                if (Main.isTraceEnabled() && (accept instanceof SSLSocket)) {
                    SSLSocket sSLSocket = (SSLSocket) accept;
                    Main.trace("SSL socket - Enabled Cipher suites: " + Arrays.toString(sSLSocket.getEnabledCipherSuites()));
                    Main.trace("SSL socket - Enabled Protocols: " + Arrays.toString(sSLSocket.getEnabledProtocols()));
                    Main.trace("SSL socket - Enable Session Creation: " + sSLSocket.getEnableSessionCreation());
                    Main.trace("SSL socket - Need Client Auth: " + sSLSocket.getNeedClientAuth());
                    Main.trace("SSL socket - Want Client Auth: " + sSLSocket.getWantClientAuth());
                    Main.trace("SSL socket - Use Client Mode: " + sSLSocket.getUseClientMode());
                    Main.trace("SSL socket - Session: " + sSLSocket.getSession());
                }
                RequestProcessor.processRequest(accept);
            } catch (SocketException e) {
                if (!this.server.isClosed()) {
                    Main.error(e);
                }
            } catch (IOException e2) {
                Main.error(e2);
            }
        }
    }

    public void stopServer() throws IOException {
        Main.info(I18n.marktr("RemoteControl::Server {0}:{1} stopped."), this.server.getInetAddress(), Integer.toString(this.server.getLocalPort()));
        this.server.close();
    }
}
