package nl.nn.adapterframework.http;

import java.io.IOException;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.URL;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import nl.nn.adapterframework.util.CredentialFactory;
import nl.nn.adapterframework.util.LogUtil;
import org.apache.axis.client.Call;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
import org.apache.commons.net.SocketFactory;
import org.apache.log4j.Logger;

/* loaded from: input_file:WEB-INF/lib/ibis-adapterframework-core-7.2.jar:nl/nn/adapterframework/http/AuthSSLProtocolSocketFactoryBase.class */
public abstract class AuthSSLProtocolSocketFactoryBase implements SocketFactory, SecureProtocolSocketFactory {
    protected static Logger log = LogUtil.getLogger(AuthSSLProtocolSocketFactoryBase.class);
    protected boolean allowSelfSignedCertificates;
    protected URL keystoreUrl;
    protected String keystorePassword;
    protected String keystoreType;
    protected String keyManagerAlgorithm;
    protected URL truststoreUrl;
    protected String truststorePassword;
    protected String truststoreType;
    protected String trustManagerAlgorithm;
    protected boolean verifyHostname;
    protected boolean ignoreCertificateExpiredException;
    protected String protocol = "SSL";
    protected Object sslContext = null;

    public AuthSSLProtocolSocketFactoryBase(URL url, String str, String str2, String str3, URL url2, String str4, String str5, String str6, boolean z, boolean z2, boolean z3) {
        this.allowSelfSignedCertificates = false;
        this.keystoreUrl = null;
        this.keystorePassword = null;
        this.keystoreType = "null";
        this.keyManagerAlgorithm = null;
        this.truststoreUrl = null;
        this.truststorePassword = null;
        this.truststoreType = "null";
        this.trustManagerAlgorithm = null;
        this.verifyHostname = true;
        this.ignoreCertificateExpiredException = false;
        this.allowSelfSignedCertificates = z;
        this.keystoreUrl = url;
        this.keystorePassword = str;
        this.keystoreType = str2;
        this.keyManagerAlgorithm = str3;
        this.truststoreUrl = url2;
        this.truststorePassword = str4;
        this.truststoreType = str5;
        this.trustManagerAlgorithm = str6;
        this.verifyHostname = z2;
        this.ignoreCertificateExpiredException = z3;
    }

    public static AuthSSLProtocolSocketFactoryBase createSocketFactory(URL url, String str, String str2, String str3, String str4, URL url2, String str5, String str6, String str7, String str8, boolean z, boolean z2, boolean z3, boolean z4) throws NoSuchAlgorithmException, KeyStoreException, GeneralSecurityException, IOException {
        AuthSSLProtocolSocketFactoryBase authSSLProtocolSocketFactory;
        CredentialFactory credentialFactory = new CredentialFactory(str, null, str2);
        CredentialFactory credentialFactory2 = new CredentialFactory(str5, null, str6);
        if (z4) {
            addProvider("sun.security.provider.Sun");
            addProvider("com.sun.net.ssl.internal.ssl.Provider");
            System.setProperty(Call.TRANSPORT_PROPERTY, "com.sun.net.ssl.internal.www.protocol");
            authSSLProtocolSocketFactory = new AuthSSLProtocolSocketFactoryForJsse10x(url, str2, str3, str4, url2, credentialFactory.getPassword(), str7, str8, z, z2, z3);
        } else {
            authSSLProtocolSocketFactory = new AuthSSLProtocolSocketFactory(url, str2, str3, str4, url2, credentialFactory2.getPassword(), str7, str8, z, z2, z3);
        }
        return authSSLProtocolSocketFactory;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void addProvider(String str) {
        try {
            Security.addProvider((Provider) Class.forName(str).newInstance());
        } catch (Throwable th) {
            log.error("cannot add provider [" + str + "], " + th.getClass().getName(), th);
        }
    }

    public abstract void initSSLContext() throws NoSuchAlgorithmException, KeyStoreException, GeneralSecurityException, IOException;

    /* JADX INFO: Access modifiers changed from: protected */
    public void initSSLContextNoExceptions() {
        if (this.sslContext == null) {
            try {
                initSSLContext();
            } catch (IOException e) {
                throw new RuntimeException("I/O error reading keystore/truststore file", e);
            } catch (KeyStoreException e2) {
                throw new RuntimeException("Keystore exception", e2);
            } catch (NoSuchAlgorithmException e3) {
                throw new RuntimeException("Unsupported algorithm exception", e3);
            } catch (GeneralSecurityException e4) {
                throw new RuntimeException("Key management exception", e4);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static KeyStore createKeyStore(URL url, String str, String str2, String str3) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        if (url == null) {
            throw new IllegalArgumentException("Keystore url for " + str3 + " may not be null");
        }
        log.info("Initializing keystore for " + str3 + " from " + url.toString());
        KeyStore keyStore = KeyStore.getInstance(str2);
        keyStore.load(url.openStream(), str != null ? str.toCharArray() : null);
        if (log.isInfoEnabled()) {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                log.info(str3 + " '" + nextElement + "':");
                Certificate certificate = keyStore.getCertificate(nextElement);
                if (certificate != null && (certificate instanceof X509Certificate)) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    log.info("  Subject DN: " + x509Certificate.getSubjectDN());
                    log.info("  Signature Algorithm: " + x509Certificate.getSigAlgName());
                    log.info("  Valid from: " + x509Certificate.getNotBefore());
                    log.info("  Valid until: " + x509Certificate.getNotAfter());
                    log.info("  Issuer: " + x509Certificate.getIssuerDN());
                }
            }
        }
        return keyStore;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void verifyHostname(SSLSocket sSLSocket) throws SSLPeerUnverifiedException, UnknownHostException {
        if (this.verifyHostname) {
            SSLSession session = sSLSocket.getSession();
            if (session == null) {
                throw new UnknownHostException("could not obtain session from socket");
            }
            String peerHost = session.getPeerHost();
            try {
                InetAddress.getByName(peerHost);
            } catch (UnknownHostException e) {
                log.warn("Could not resolve SSL sessions server hostname: " + peerHost, e);
            }
            javax.security.cert.X509Certificate[] peerCertificateChain = session.getPeerCertificateChain();
            if (peerCertificateChain == null || peerCertificateChain.length == 0) {
                throw new SSLPeerUnverifiedException("No server certificates found!");
            }
            String name = peerCertificateChain[0].getSubjectDN().getName();
            if (log.isInfoEnabled()) {
                log.info("Server certificate chain:");
                for (int i = 0; i < peerCertificateChain.length; i++) {
                    log.info("X509Certificate[" + i + "]=" + peerCertificateChain[i]);
                }
            }
            String cn = getCN(name);
            if (!peerHost.equalsIgnoreCase(cn)) {
                throw new SSLPeerUnverifiedException("HTTPS hostname invalid: expected '" + peerHost + "', received '" + cn + "'");
            }
            if (log.isInfoEnabled()) {
                log.info("Target hostname valid: " + cn);
            }
        }
    }

    protected String getCN(String str) {
        int indexOf = str.indexOf("CN=");
        if (indexOf == -1) {
            return null;
        }
        String substring = str.substring(indexOf + 3);
        char[] charArray = substring.toCharArray();
        int i = 0;
        while (i < charArray.length && (charArray[i] != ',' || i <= 0 || charArray[i - 1] == '\\')) {
            i++;
        }
        return substring.substring(0, i);
    }

    @Override // org.apache.commons.net.SocketFactory
    public abstract Socket createSocket(InetAddress inetAddress, int i) throws IOException;

    @Override // org.apache.commons.net.SocketFactory
    public abstract Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException;

    @Override // org.apache.commons.net.SocketFactory
    public ServerSocket createServerSocket(int i) throws IOException {
        return new ServerSocket(i);
    }

    @Override // org.apache.commons.net.SocketFactory
    public ServerSocket createServerSocket(int i, int i2) throws IOException {
        return new ServerSocket(i, i2);
    }

    @Override // org.apache.commons.net.SocketFactory
    public ServerSocket createServerSocket(int i, int i2, InetAddress inetAddress) throws IOException {
        return new ServerSocket(i, i2, inetAddress);
    }

    public String getProtocol() {
        return this.protocol;
    }

    public void setProtocol(String str) {
        this.protocol = str;
    }
}
