package nl.nn.adapterframework.http;

import java.io.IOException;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.URL;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.security.cert.X509Certificate;
import nl.nn.adapterframework.util.CredentialFactory;
import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import org.apache.commons.httpclient.protocol.ControllerThreadSocketFactory;
import org.apache.commons.httpclient.protocol.ReflectionSocketFactory;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
import org.apache.commons.net.SocketFactory;

/* loaded from: input_file:adapterframework.war:WEB-INF/lib/ibis-adapterframework-core-7.6.5.jar:nl/nn/adapterframework/http/AuthSSLProtocolSocketFactory.class */
public class AuthSSLProtocolSocketFactory extends AuthSSLContextFactory implements SocketFactory, SecureProtocolSocketFactory {
    protected boolean verifyHostname;
    protected boolean ignoreCertificateExpiredException;

    public AuthSSLProtocolSocketFactory(URL url, String str, String str2, String str3, URL url2, String str4, String str5, String str6, boolean z, boolean z2, boolean z3) {
        super(url, str, str2, str3, url2, str4, str5, str6, z, z3);
        this.verifyHostname = true;
        this.ignoreCertificateExpiredException = false;
        this.verifyHostname = z2;
    }

    public static AuthSSLProtocolSocketFactory createSocketFactory(URL url, String str, String str2, String str3, String str4, URL url2, String str5, String str6, String str7, String str8, boolean z, boolean z2, boolean z3) throws NoSuchAlgorithmException, KeyStoreException, GeneralSecurityException, IOException {
        return new AuthSSLProtocolSocketFactory(url, new CredentialFactory(str, null, str2).getPassword(), str3, str4, url2, new CredentialFactory(str5, null, str6).getPassword(), str7, str8, z, z2, z3);
    }

    protected static void addProvider(String str) {
        try {
            Security.addProvider((Provider) Class.forName(str).newInstance());
        } catch (Throwable th) {
            log.error("cannot add provider [" + str + "], " + th.getClass().getName(), th);
        }
    }

    public SSLContext getSSLContextLimitedExceptions() throws IOException {
        try {
            return getSSLContext();
        } catch (KeyStoreException e) {
            throw new IOException("Keystore exception", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new IOException("Unsupported algorithm exception", e2);
        } catch (GeneralSecurityException e3) {
            throw new IOException("Key management exception", e3);
        }
    }

    @Override // org.apache.commons.net.SocketFactory, org.apache.commons.httpclient.protocol.ProtocolSocketFactory
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException, UnknownHostException {
        SSLSocket sSLSocket = (SSLSocket) getSSLContextLimitedExceptions().getSocketFactory().createSocket(str, i, inetAddress, i2);
        verifyHostname(sSLSocket);
        return sSLSocket;
    }

    @Override // org.apache.commons.net.SocketFactory, org.apache.commons.httpclient.protocol.ProtocolSocketFactory
    public Socket createSocket(String str, int i) throws IOException, UnknownHostException {
        SSLSocket sSLSocket = (SSLSocket) getSSLContextLimitedExceptions().getSocketFactory().createSocket(str, i);
        verifyHostname(sSLSocket);
        return sSLSocket;
    }

    @Override // org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory
    public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException, UnknownHostException {
        SSLSocket sSLSocket = (SSLSocket) getSSLContextLimitedExceptions().getSocketFactory().createSocket(socket, str, i, z);
        verifyHostname(sSLSocket);
        return sSLSocket;
    }

    @Override // org.apache.commons.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
        SSLSocket sSLSocket = (SSLSocket) getSSLContextLimitedExceptions().getSocketFactory().createSocket(inetAddress, i);
        verifyHostname(sSLSocket);
        return sSLSocket;
    }

    @Override // org.apache.commons.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
        SSLSocket sSLSocket = (SSLSocket) getSSLContextLimitedExceptions().getSocketFactory().createSocket(inetAddress, i, inetAddress2, i2);
        verifyHostname(sSLSocket);
        return sSLSocket;
    }

    @Override // org.apache.commons.httpclient.protocol.ProtocolSocketFactory
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2, HttpConnectionParams httpConnectionParams) throws IOException, UnknownHostException, ConnectTimeoutException {
        if (httpConnectionParams == null) {
            throw new IllegalArgumentException("Parameters may not be null");
        }
        int connectionTimeout = httpConnectionParams.getConnectionTimeout();
        if (connectionTimeout == 0) {
            return createSocket(str, i, inetAddress, i2);
        }
        Socket createSocket = ReflectionSocketFactory.createSocket("javax.net.ssl.SSLSocketFactory", str, i, inetAddress, i2, connectionTimeout);
        if (createSocket == null) {
            createSocket = ControllerThreadSocketFactory.createSocket(this, str, i, inetAddress, i2, connectionTimeout);
        }
        return createSocket;
    }

    @Override // org.apache.commons.net.SocketFactory
    public ServerSocket createServerSocket(int i) throws IOException {
        return new ServerSocket(i);
    }

    @Override // org.apache.commons.net.SocketFactory
    public ServerSocket createServerSocket(int i, int i2) throws IOException {
        return new ServerSocket(i, i2);
    }

    @Override // org.apache.commons.net.SocketFactory
    public ServerSocket createServerSocket(int i, int i2, InetAddress inetAddress) throws IOException {
        return new ServerSocket(i, i2, inetAddress);
    }

    protected void verifyHostname(SSLSocket sSLSocket) throws SSLPeerUnverifiedException, UnknownHostException {
        if (this.verifyHostname) {
            SSLSession session = sSLSocket.getSession();
            if (session == null) {
                throw new UnknownHostException("could not obtain session from socket");
            }
            String peerHost = session.getPeerHost();
            try {
                InetAddress.getByName(peerHost);
            } catch (UnknownHostException e) {
                log.warn("Could not resolve SSL sessions server hostname: " + peerHost, (Throwable) e);
            }
            X509Certificate[] peerCertificateChain = session.getPeerCertificateChain();
            if (peerCertificateChain == null || peerCertificateChain.length == 0) {
                throw new SSLPeerUnverifiedException("No server certificates found!");
            }
            String name2 = peerCertificateChain[0].getSubjectDN().getName();
            if (log.isInfoEnabled()) {
                log.info("Server certificate chain:");
                for (int i = 0; i < peerCertificateChain.length; i++) {
                    log.info("X509Certificate[" + i + "]=" + peerCertificateChain[i]);
                }
            }
            String cn = getCN(name2);
            if (!peerHost.equalsIgnoreCase(cn)) {
                throw new SSLPeerUnverifiedException("HTTPS hostname invalid: expected '" + peerHost + "', received '" + cn + "'");
            }
            if (log.isInfoEnabled()) {
                log.info("Target hostname valid: " + cn);
            }
        }
    }

    protected String getCN(String str) {
        int indexOf = str.indexOf("CN=");
        if (indexOf == -1) {
            return null;
        }
        String substring = str.substring(indexOf + 3);
        char[] charArray = substring.toCharArray();
        int i = 0;
        while (i < charArray.length && (charArray[i] != ',' || i <= 0 || charArray[i - 1] == '\\')) {
            i++;
        }
        return substring.substring(0, i);
    }
}
