package nl.nn.adapterframework.http;

import java.io.IOException;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import nl.nn.adapterframework.util.LogUtil;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;

/* loaded from: input_file:WEB-INF/lib/ibis-adapterframework-core-7.1-B1.jar:nl/nn/adapterframework/http/AuthSSLConnectionSocket.class */
public class AuthSSLConnectionSocket {
    private static Logger log = LogUtil.getLogger(AuthSSLConnectionSocket.class);
    private String protocol;
    private boolean allowSelfSignedCertificates;
    private URL keystoreUrl;
    private String keystorePassword;
    private String keystoreType;
    private String keyManagerAlgorithm;
    private URL truststoreUrl;
    private String truststorePassword;
    private String truststoreType;
    private String trustManagerAlgorithm;
    private SSLContext sslContext;
    private boolean ignoreCertificateExpiredException;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/ibis-adapterframework-core-7.1-B1.jar:nl/nn/adapterframework/http/AuthSSLConnectionSocket$AuthSslTrustManager.class */
    public class AuthSslTrustManager implements X509TrustManager {
        private X509TrustManager trustManager;

        AuthSslTrustManager(KeyStore keyStore, TrustManager[] trustManagerArr) throws NoSuchAlgorithmException, KeyStoreException {
            this.trustManager = null;
            if (trustManagerArr == null || trustManagerArr.length == 0) {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            }
            if (trustManagerArr.length != 1) {
                throw new NoSuchAlgorithmException("Only works with X509 trustmanagers");
            }
            this.trustManager = (X509TrustManager) trustManagerArr[0];
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.trustManager.checkClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (x509CertificateArr != null) {
                for (X509Certificate x509Certificate : x509CertificateArr) {
                    try {
                        x509Certificate.checkValidity();
                    } catch (CertificateException e) {
                        if (!AuthSSLConnectionSocket.this.ignoreCertificateExpiredException) {
                            throw e;
                        }
                        AuthSSLConnectionSocket.log.warn("error occurred during checking trusted server: " + e.getMessage());
                        return;
                    }
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.trustManager.getAcceptedIssuers();
        }
    }

    public static SSLContext createSSLContext(URL url, String str, String str2, String str3, URL url2, String str4, String str5, String str6, boolean z, boolean z2, boolean z3) throws GeneralSecurityException, IOException {
        return new AuthSSLConnectionSocket(url, str, str2, str3, url2, str4, str5, str6, z, z3, (String) null).getSSLContext();
    }

    public static SSLContext createSSLContext(URL url, String str, String str2, String str3, URL url2, String str4, String str5, String str6, boolean z, boolean z2, boolean z3, String str7) throws GeneralSecurityException, IOException {
        return new AuthSSLConnectionSocket(url, str, str2, str3, url2, str4, str5, str6, z, z3, str7).getSSLContext();
    }

    public AuthSSLConnectionSocket(URL url, String str, String str2, String str3, URL url2, String str4, String str5, String str6, boolean z, boolean z2, boolean z3) {
        this(url, str, str2, str3, url2, str4, str5, str6, z, z3, (String) null);
    }

    public AuthSSLConnectionSocket(URL url, String str, String str2, String str3, URL url2, String str4, String str5, String str6, boolean z, boolean z2, String str7) {
        this.protocol = "SSL";
        this.allowSelfSignedCertificates = false;
        this.keystoreUrl = null;
        this.keystorePassword = null;
        this.keystoreType = "null";
        this.keyManagerAlgorithm = null;
        this.truststoreUrl = null;
        this.truststorePassword = null;
        this.truststoreType = "null";
        this.trustManagerAlgorithm = null;
        this.sslContext = null;
        this.ignoreCertificateExpiredException = false;
        this.keystoreUrl = url;
        this.keystorePassword = str;
        this.keystoreType = str2;
        this.keyManagerAlgorithm = str3;
        this.truststoreUrl = url2;
        this.truststorePassword = str4;
        this.truststoreType = str5;
        this.trustManagerAlgorithm = str6;
        this.allowSelfSignedCertificates = z;
        this.ignoreCertificateExpiredException = z2;
        if (StringUtils.isNotEmpty(str7)) {
            this.protocol = str7;
        }
    }

    private static KeyManager[] createKeyManagers(KeyStore keyStore, String str, String str2) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        if (keyStore == null) {
            throw new IllegalArgumentException("Keystore may not be null");
        }
        log.debug("Initializing key manager");
        if (StringUtils.isEmpty(str2)) {
            str2 = KeyManagerFactory.getDefaultAlgorithm();
            log.debug("using default KeyManager algorithm [" + str2 + "]");
        } else {
            log.debug("using configured KeyManager algorithm [" + str2 + "]");
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str2);
        keyManagerFactory.init(keyStore, str != null ? str.toCharArray() : null);
        return keyManagerFactory.getKeyManagers();
    }

    private static TrustManager[] createTrustManagers(KeyStore keyStore, String str) throws KeyStoreException, NoSuchAlgorithmException {
        if (keyStore == null) {
            throw new IllegalArgumentException("Keystore may not be null");
        }
        log.debug("Initializing trust manager");
        if (StringUtils.isEmpty(str)) {
            str = TrustManagerFactory.getDefaultAlgorithm();
            log.debug("using default TrustManager algorithm [" + str + "]");
        } else {
            log.debug("using configured TrustManager algorithm [" + str + "]");
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str);
        trustManagerFactory.init(keyStore);
        return trustManagerFactory.getTrustManagers();
    }

    private SSLContext createSSLContext() throws GeneralSecurityException, IOException {
        KeyManager[] keyManagerArr = null;
        TrustManager[] trustManagerArr = null;
        if (this.keystoreUrl != null) {
            keyManagerArr = createKeyManagers(createKeyStore(this.keystoreUrl, this.keystorePassword, this.keystoreType, "Certificate chain"), this.keystorePassword, this.keyManagerAlgorithm);
        }
        if (this.truststoreUrl != null) {
            KeyStore createKeyStore = createKeyStore(this.truststoreUrl, this.truststorePassword, this.truststoreType, "Trusted Certificate");
            trustManagerArr = createTrustManagers(createKeyStore, this.trustManagerAlgorithm);
            if (this.allowSelfSignedCertificates) {
                trustManagerArr = new TrustManager[]{new AuthSslTrustManager(createKeyStore, trustManagerArr)};
            }
        } else if (this.allowSelfSignedCertificates) {
            trustManagerArr = new TrustManager[]{new AuthSslTrustManager(null, null)};
        }
        SSLContext sSLContext = SSLContext.getInstance(this.protocol);
        sSLContext.init(keyManagerArr, trustManagerArr, null);
        return sSLContext;
    }

    public SSLContext getSSLContext() throws GeneralSecurityException, IOException {
        if (this.sslContext == null) {
            this.sslContext = createSSLContext();
        }
        return this.sslContext;
    }

    private static KeyStore createKeyStore(URL url, String str, String str2, String str3) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        if (url == null) {
            throw new IllegalArgumentException("Keystore url for " + str3 + " may not be null");
        }
        log.info("Initializing keystore for " + str3 + " from " + url.toString());
        KeyStore keyStore = KeyStore.getInstance(str2);
        keyStore.load(url.openStream(), str != null ? str.toCharArray() : null);
        if (log.isInfoEnabled()) {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                log.info(str3 + " '" + nextElement + "':");
                Certificate certificate = keyStore.getCertificate(nextElement);
                if (certificate != null && (certificate instanceof X509Certificate)) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    log.info("  Subject DN: " + x509Certificate.getSubjectDN());
                    log.info("  Signature Algorithm: " + x509Certificate.getSigAlgName());
                    log.info("  Valid from: " + x509Certificate.getNotBefore());
                    log.info("  Valid until: " + x509Certificate.getNotAfter());
                    log.info("  Issuer: " + x509Certificate.getIssuerDN());
                }
            }
        }
        return keyStore;
    }
}
