package org.commonjava.maven.galley.transport.htcli.internal;

import java.io.IOException;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.TrustStrategy;
import org.apache.http.params.HttpParams;
import org.commonjava.maven.galley.auth.PasswordIdentifier;
import org.commonjava.maven.galley.spi.auth.PasswordManager;
import org.commonjava.maven.galley.transport.htcli.Http;
import org.commonjava.maven.galley.transport.htcli.model.HttpLocation;
import org.commonjava.util.logging.Logger;

/* loaded from: input_file:WEB-INF/classes/org/commonjava/maven/galley/transport/htcli/internal/LocationSSLSocketFactory.class */
public class LocationSSLSocketFactory extends SSLSocketFactory {
    private final Logger logger;
    private final TLLocationCredentialsProvider credProvider;
    private final PasswordManager passwordManager;

    public LocationSSLSocketFactory(PasswordManager passwordManager, TLLocationCredentialsProvider tLLocationCredentialsProvider) throws KeyManagementException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {
        super((TrustStrategy) null, BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
        this.logger = new Logger(getClass());
        this.passwordManager = passwordManager;
        this.credProvider = tLLocationCredentialsProvider;
    }

    @Override // org.apache.http.conn.ssl.SSLSocketFactory, org.apache.http.conn.scheme.SchemeSocketFactory
    public Socket createSocket(HttpParams httpParams) throws IOException {
        SSLSocketFactory sSLFactory;
        HttpLocation httpLocation = (HttpLocation) httpParams.getParameter(Http.HTTP_PARAM_LOCATION);
        if (httpLocation != null && (sSLFactory = getSSLFactory(httpLocation)) != null) {
            return sSLFactory.createSocket(httpParams);
        }
        return super.createSocket(httpParams);
    }

    private synchronized SSLSocketFactory getSSLFactory(HttpLocation httpLocation) throws IOException {
        SSLSocketFactory sSLSocketFactory = null;
        if (0 == 0) {
            KeyStore keyStore = null;
            KeyStore keyStore2 = null;
            String keyCertPem = httpLocation.getKeyCertPem();
            String password = this.passwordManager.getPassword(new PasswordIdentifier(httpLocation, PasswordIdentifier.KEY_PASSWORD));
            if (keyCertPem != null) {
                if (password == null || password.length() < 1) {
                    this.logger.error("Invalid configuration. Location: %s cannot have an empty key password!", httpLocation.getUri());
                    throw new IOException("Location: " + httpLocation.getUri() + " is misconfigured!");
                }
                try {
                    keyStore = SSLUtils.readKeyAndCert(keyCertPem, password);
                } catch (KeyStoreException e) {
                    this.logger.error("Invalid configuration. Cannot initialize keystore for repository: %s. Error: %s", e, httpLocation.getUri(), e.getMessage());
                    throw new IOException("Failed to initialize SSL connection for repository: " + httpLocation.getUri());
                } catch (NoSuchAlgorithmException e2) {
                    this.logger.error("Invalid configuration. Cannot initialize keystore for repository: %s. Error: %s", e2, httpLocation.getUri(), e2.getMessage());
                    throw new IOException("Failed to initialize SSL connection for repository: " + httpLocation.getUri());
                } catch (CertificateException e3) {
                    this.logger.error("Invalid configuration. Location: %s has an invalid client certificate! Error: %s", e3, httpLocation.getUri(), e3.getMessage());
                    throw new IOException("Failed to initialize SSL connection for repository: " + httpLocation.getUri());
                } catch (InvalidKeySpecException e4) {
                    this.logger.error("Invalid configuration. Invalid client key for repository: %s. Error: %s", e4, httpLocation.getUri(), e4.getMessage());
                    throw new IOException("Failed to initialize SSL connection for repository: " + httpLocation.getUri());
                }
            }
            String serverCertPem = httpLocation.getServerCertPem();
            if (serverCertPem != null) {
                try {
                    keyStore2 = SSLUtils.readCerts(serverCertPem, httpLocation.getHost());
                } catch (KeyStoreException e5) {
                    this.logger.error("Invalid configuration. Cannot initialize keystore for repository: %s. Error: %s", e5, httpLocation.getUri(), e5.getMessage());
                    throw new IOException("Failed to initialize SSL connection for repository: " + httpLocation.getUri());
                } catch (NoSuchAlgorithmException e6) {
                    this.logger.error("Invalid configuration. Cannot initialize keystore for repository: %s. Error: %s", e6, httpLocation.getUri(), e6.getMessage());
                    throw new IOException("Failed to initialize SSL connection for repository: " + httpLocation.getUri());
                } catch (CertificateException e7) {
                    this.logger.error("Invalid configuration. Location: %s has an invalid server certificate! Error: %s", e7, httpLocation.getUri(), e7.getMessage());
                    throw new IOException("Failed to initialize SSL connection for repository: " + httpLocation.getUri());
                }
            }
            if (keyStore != null || keyStore2 != null) {
                try {
                    sSLSocketFactory = new SSLSocketFactory(SSLSocketFactory.TLS, keyStore, password, keyStore2, null, null, SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
                } catch (KeyManagementException e8) {
                    this.logger.error("Invalid configuration. Cannot initialize SSL socket factory for repository: %s. Error: %s", e8, httpLocation.getUri(), e8.getMessage());
                    throw new IOException("Failed to initialize SSL connection for repository: " + httpLocation.getUri());
                } catch (KeyStoreException e9) {
                    this.logger.error("Invalid configuration. Cannot initialize SSL socket factory for repository: %s. Error: %s", e9, httpLocation.getUri(), e9.getMessage());
                    throw new IOException("Failed to initialize SSL connection for repository: " + httpLocation.getUri());
                } catch (NoSuchAlgorithmException e10) {
                    this.logger.error("Invalid configuration. Cannot initialize SSL socket factory for repository: %s. Error: %s", e10, httpLocation.getUri(), e10.getMessage());
                    throw new IOException("Failed to initialize SSL connection for repository: " + httpLocation.getUri());
                } catch (UnrecoverableKeyException e11) {
                    this.logger.error("Invalid configuration. Cannot initialize SSL socket factory for repository: %s. Error: %s", e11, httpLocation.getUri(), e11.getMessage());
                    throw new IOException("Failed to initialize SSL connection for repository: " + httpLocation.getUri());
                }
            }
        }
        return sSLSocketFactory;
    }

    @Override // org.apache.http.conn.ssl.SSLSocketFactory, org.apache.http.conn.scheme.LayeredSchemeSocketFactory
    public Socket createLayeredSocket(Socket socket, String str, int i, boolean z) throws IOException, UnknownHostException {
        SSLSocketFactory sSLFactory;
        HttpLocation location = this.credProvider.getLocation(str, i < 0 ? 443 : i);
        if (location != null && (sSLFactory = getSSLFactory(location)) != null) {
            return sSLFactory.createLayeredSocket(socket, str, i, z);
        }
        return super.createLayeredSocket(socket, str, i, z);
    }
}
