package me.escoffier.certs.ca;

import com.dd.plist.NSArray;
import com.dd.plist.NSData;
import com.dd.plist.NSDictionary;
import com.dd.plist.NSNumber;
import com.dd.plist.NSString;
import com.dd.plist.PropertyListParser;
import java.io.File;
import java.lang.System;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.util.Base64;

/* loaded from: input_file:me/escoffier/certs/ca/MacCAInstaller.class */
public class MacCAInstaller {
    static System.Logger LOGGER = System.getLogger(CaGenerator.class.getName());

    public static void installCAOnMac(String str, File file) throws Exception {
        LOGGER.log(System.Logger.Level.INFO, "�� Installing CA certificate (issuer: {0}) into your operating system keychain. Your admin password may be asked.", new Object[]{str});
        ProcessBuilder processBuilder = new ProcessBuilder("sudo", "security", "-v", "add-trusted-cert", "-d", "-r", "trustRoot", "-k", "/Library/Keychains/System.keychain", file.getAbsolutePath());
        processBuilder.inheritIO();
        processBuilder.start().waitFor();
        LOGGER.log(System.Logger.Level.DEBUG, "\t Certificate added to the keychain");
        File file2 = new File("trust-settings.plist");
        ProcessBuilder processBuilder2 = new ProcessBuilder("sudo", "security", "trust-settings-export", "-d", file2.getAbsolutePath());
        processBuilder2.inheritIO();
        processBuilder2.start().waitFor();
        LOGGER.log(System.Logger.Level.DEBUG, "\t Trust settings exported to {0}", new Object[]{file2.getAbsolutePath()});
        ProcessBuilder processBuilder3 = new ProcessBuilder("sudo", "chown", System.getProperty("user.name"), file2.getAbsolutePath());
        processBuilder3.inheritIO();
        processBuilder3.start().waitFor();
        updateCertificateTrustSettings(str, file2);
        LOGGER.log(System.Logger.Level.DEBUG, "\t Trust settings updated");
        ProcessBuilder processBuilder4 = new ProcessBuilder("sudo", "security", "trust-settings-import", "-d", file2.getAbsolutePath());
        processBuilder4.inheritIO();
        processBuilder4.start().waitFor();
        LOGGER.log(System.Logger.Level.DEBUG, "\t Trust settings imported");
    }

    private static void updateCertificateTrustSettings(String str, File file) throws Exception {
        NSDictionary parse = PropertyListParser.parse(Files.readString(file.toPath()).getBytes());
        NSDictionary nSDictionary = parse.get("trustList");
        boolean z = false;
        for (int i = 0; i < nSDictionary.allKeys().length; i++) {
            NSDictionary objectForKey = nSDictionary.objectForKey(nSDictionary.allKeys()[i]);
            if (new String(Base64.getDecoder().decode(objectForKey.get("issuerName").getBase64EncodedData().getBytes())).contains(str)) {
                LOGGER.log(System.Logger.Level.DEBUG, "found ca certificate in plist");
                z = true;
                NSArray nSArray = new NSArray(2);
                NSDictionary nSDictionary2 = new NSDictionary();
                NSDictionary nSDictionary3 = new NSDictionary();
                nSDictionary2.put("kSecTrustSettingsPolicy", new NSData("KoZIhvdjZAED"));
                nSDictionary2.put("kSecTrustSettingsPolicyName", new NSString("sslServer"));
                nSDictionary2.put("kSecTrustSettingsResult", new NSNumber(2));
                nSDictionary3.put("kSecTrustSettingsPolicy", new NSData("KoZIhvdjZAEC"));
                nSDictionary3.put("kSecTrustSettingsPolicyName", new NSString("basicX509"));
                nSDictionary3.put("kSecTrustSettingsResult", new NSNumber(2));
                nSArray.setValue(0, nSDictionary2);
                nSArray.setValue(1, nSDictionary3);
                objectForKey.put("trustSettings", nSArray);
            }
        }
        if (!z) {
            LOGGER.log(System.Logger.Level.INFO, "�� CA certificate not found in plist");
        }
        Files.writeString(file.toPath(), parse.toXMLPropertyList(), new OpenOption[0]);
    }
}
