package org.commonjava.aprox.core.rest.util;

import java.io.IOException;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.util.Map;
import java.util.WeakHashMap;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.TrustStrategy;
import org.apache.http.params.HttpParams;
import org.commonjava.aprox.core.model.Repository;
import org.commonjava.util.logging.Logger;

/* loaded from: input_file:org/commonjava/aprox/core/rest/util/RepoSSLSocketFactory.class */
public class RepoSSLSocketFactory extends SSLSocketFactory {
    private final Map<Repository, SSLSocketFactory> repoFactories;
    private final Logger logger;

    public RepoSSLSocketFactory() throws KeyManagementException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {
        super((TrustStrategy) null, BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
        this.repoFactories = new WeakHashMap();
        this.logger = new Logger(getClass());
    }

    public Socket createSocket(HttpParams httpParams) throws IOException {
        SSLSocketFactory repoSSLFactory;
        Repository repository = (Repository) httpParams.getParameter("repository");
        if (repository != null && (repoSSLFactory = getRepoSSLFactory(repository)) != null) {
            return repoSSLFactory.createSocket(httpParams);
        }
        return super.createSocket(httpParams);
    }

    private synchronized SSLSocketFactory getRepoSSLFactory(Repository repository) throws IOException {
        SSLSocketFactory sSLSocketFactory = this.repoFactories.get(repository);
        if (sSLSocketFactory == null) {
            KeyStore keyStore = null;
            KeyStore keyStore2 = null;
            String keyCertPem = repository.getKeyCertPem();
            String keyPassword = repository.getKeyPassword();
            if (keyCertPem != null) {
                if (keyPassword == null || keyPassword.length() < 1) {
                    this.logger.error("Invalid configuration. Repository: %s cannot have an empty key password!", new Object[]{repository.getName()});
                    throw new IOException("Repository: " + repository.getName() + " is misconfigured!");
                }
                try {
                    keyStore = SSLUtils.readKeyAndCert(keyCertPem, keyPassword);
                } catch (KeyStoreException e) {
                    this.logger.error("Invalid configuration. Cannot initialize keystore for repository: %s. Error: %s", e, new Object[]{repository.getName(), e.getMessage()});
                    throw new IOException("Failed to initialize SSL connection for repository: " + repository.getName());
                } catch (NoSuchAlgorithmException e2) {
                    this.logger.error("Invalid configuration. Cannot initialize keystore for repository: %s. Error: %s", e2, new Object[]{repository.getName(), e2.getMessage()});
                    throw new IOException("Failed to initialize SSL connection for repository: " + repository.getName());
                } catch (CertificateException e3) {
                    this.logger.error("Invalid configuration. Repository: %s has an invalid client certificate! Error: %s", e3, new Object[]{repository.getName(), e3.getMessage()});
                    throw new IOException("Failed to initialize SSL connection for repository: " + repository.getName());
                } catch (InvalidKeySpecException e4) {
                    this.logger.error("Invalid configuration. Invalid client key for repository: %s. Error: %s", e4, new Object[]{repository.getName(), e4.getMessage()});
                    throw new IOException("Failed to initialize SSL connection for repository: " + repository.getName());
                }
            }
            String serverCertPem = repository.getServerCertPem();
            if (serverCertPem != null) {
                try {
                    keyStore2 = SSLUtils.readCerts(serverCertPem, repository.getHost());
                } catch (KeyStoreException e5) {
                    this.logger.error("Invalid configuration. Cannot initialize keystore for repository: %s. Error: %s", e5, new Object[]{repository.getName(), e5.getMessage()});
                    throw new IOException("Failed to initialize SSL connection for repository: " + repository.getName());
                } catch (NoSuchAlgorithmException e6) {
                    this.logger.error("Invalid configuration. Cannot initialize keystore for repository: %s. Error: %s", e6, new Object[]{repository.getName(), e6.getMessage()});
                    throw new IOException("Failed to initialize SSL connection for repository: " + repository.getName());
                } catch (CertificateException e7) {
                    this.logger.error("Invalid configuration. Repository: %s has an invalid server certificate! Error: %s", e7, new Object[]{repository.getName(), e7.getMessage()});
                    throw new IOException("Failed to initialize SSL connection for repository: " + repository.getName());
                }
            }
            if (keyStore != null || keyStore2 != null) {
                try {
                    sSLSocketFactory = new SSLSocketFactory("TLS", keyStore, keyPassword, keyStore2, null, null, SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
                    this.repoFactories.put(repository, sSLSocketFactory);
                } catch (KeyManagementException e8) {
                    this.logger.error("Invalid configuration. Cannot initialize SSL socket factory for repository: %s. Error: %s", e8, new Object[]{repository.getName(), e8.getMessage()});
                    throw new IOException("Failed to initialize SSL connection for repository: " + repository.getName());
                } catch (KeyStoreException e9) {
                    this.logger.error("Invalid configuration. Cannot initialize SSL socket factory for repository: %s. Error: %s", e9, new Object[]{repository.getName(), e9.getMessage()});
                    throw new IOException("Failed to initialize SSL connection for repository: " + repository.getName());
                } catch (NoSuchAlgorithmException e10) {
                    this.logger.error("Invalid configuration. Cannot initialize SSL socket factory for repository: %s. Error: %s", e10, new Object[]{repository.getName(), e10.getMessage()});
                    throw new IOException("Failed to initialize SSL connection for repository: " + repository.getName());
                } catch (UnrecoverableKeyException e11) {
                    this.logger.error("Invalid configuration. Cannot initialize SSL socket factory for repository: %s. Error: %s", e11, new Object[]{repository.getName(), e11.getMessage()});
                    throw new IOException("Failed to initialize SSL connection for repository: " + repository.getName());
                }
            }
        }
        return sSLSocketFactory;
    }
}
