package nl.nn.adapterframework.http;

import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.URL;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import org.apache.commons.httpclient.protocol.ControllerThreadSocketFactory;
import org.apache.commons.httpclient.protocol.ReflectionSocketFactory;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:WEB-INF/lib/ibis-adapterframework-core-7.1-B1.jar:nl/nn/adapterframework/http/AuthSSLProtocolSocketFactory.class */
public class AuthSSLProtocolSocketFactory extends AuthSSLProtocolSocketFactoryBase {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/ibis-adapterframework-core-7.1-B1.jar:nl/nn/adapterframework/http/AuthSSLProtocolSocketFactory$AuthSslTrustManager.class */
    public class AuthSslTrustManager implements X509TrustManager {
        private X509TrustManager trustManager;

        AuthSslTrustManager(KeyStore keyStore, TrustManager[] trustManagerArr) throws NoSuchAlgorithmException, KeyStoreException {
            this.trustManager = null;
            if (trustManagerArr == null || trustManagerArr.length == 0) {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            }
            if (trustManagerArr.length != 1) {
                throw new NoSuchAlgorithmException("Only works with X509 trustmanagers");
            }
            this.trustManager = (X509TrustManager) trustManagerArr[0];
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.trustManager.checkClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (x509CertificateArr != null) {
                for (X509Certificate x509Certificate : x509CertificateArr) {
                    try {
                        x509Certificate.checkValidity();
                    } catch (CertificateException e) {
                        if (!AuthSSLProtocolSocketFactory.this.ignoreCertificateExpiredException) {
                            throw e;
                        }
                        AuthSSLProtocolSocketFactoryBase.log.warn("error occurred during checking trusted server: " + e.getMessage());
                        return;
                    }
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.trustManager.getAcceptedIssuers();
        }
    }

    public AuthSSLProtocolSocketFactory(URL url, String str, String str2, String str3, URL url2, String str4, String str5, String str6, boolean z, boolean z2, boolean z3) {
        super(url, str, str2, str3, url2, str4, str5, str6, z, z2, z3);
    }

    private static KeyManager[] createKeyManagers(KeyStore keyStore, String str, String str2) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        if (keyStore == null) {
            throw new IllegalArgumentException("Keystore may not be null");
        }
        log.debug("Initializing key manager");
        if (StringUtils.isEmpty(str2)) {
            str2 = KeyManagerFactory.getDefaultAlgorithm();
            log.debug("using default KeyManager algorithm [" + str2 + "]");
        } else {
            log.debug("using configured KeyManager algorithm [" + str2 + "]");
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str2);
        keyManagerFactory.init(keyStore, str != null ? str.toCharArray() : null);
        return keyManagerFactory.getKeyManagers();
    }

    private static TrustManager[] createTrustManagers(KeyStore keyStore, String str) throws KeyStoreException, NoSuchAlgorithmException {
        if (keyStore == null) {
            throw new IllegalArgumentException("Keystore may not be null");
        }
        log.debug("Initializing trust manager");
        if (StringUtils.isEmpty(str)) {
            str = TrustManagerFactory.getDefaultAlgorithm();
            log.debug("using default TrustManager algorithm [" + str + "]");
        } else {
            log.debug("using configured TrustManager algorithm [" + str + "]");
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str);
        trustManagerFactory.init(keyStore);
        return trustManagerFactory.getTrustManagers();
    }

    private SSLContext createSSLContext() throws NoSuchAlgorithmException, KeyStoreException, GeneralSecurityException, IOException {
        KeyManager[] keyManagerArr = null;
        TrustManager[] trustManagerArr = null;
        if (this.keystoreUrl != null) {
            keyManagerArr = createKeyManagers(createKeyStore(this.keystoreUrl, this.keystorePassword, this.keystoreType, "Certificate chain"), this.keystorePassword, this.keyManagerAlgorithm);
        }
        if (this.truststoreUrl != null) {
            KeyStore createKeyStore = createKeyStore(this.truststoreUrl, this.truststorePassword, this.truststoreType, "Trusted Certificate");
            trustManagerArr = createTrustManagers(createKeyStore, this.trustManagerAlgorithm);
            if (this.allowSelfSignedCertificates) {
                trustManagerArr = new TrustManager[]{new AuthSslTrustManager(createKeyStore, trustManagerArr)};
            }
        } else if (this.allowSelfSignedCertificates) {
            trustManagerArr = new TrustManager[]{new AuthSslTrustManager(null, null)};
        }
        SSLContext sSLContext = SSLContext.getInstance(getProtocol());
        sSLContext.init(keyManagerArr, trustManagerArr, null);
        return sSLContext;
    }

    @Override // nl.nn.adapterframework.http.AuthSSLProtocolSocketFactoryBase
    public void initSSLContext() throws NoSuchAlgorithmException, KeyStoreException, GeneralSecurityException, IOException {
        if (this.sslContext == null) {
            this.sslContext = createSSLContext();
        }
    }

    private SSLContext getSSLContext() {
        if (this.sslContext == null) {
            initSSLContextNoExceptions();
        }
        return (SSLContext) this.sslContext;
    }

    @Override // org.apache.commons.net.SocketFactory, org.apache.commons.httpclient.protocol.ProtocolSocketFactory
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException, UnknownHostException {
        SSLSocket sSLSocket = (SSLSocket) getSSLContext().getSocketFactory().createSocket(str, i, inetAddress, i2);
        verifyHostname(sSLSocket);
        return sSLSocket;
    }

    @Override // org.apache.commons.net.SocketFactory, org.apache.commons.httpclient.protocol.ProtocolSocketFactory
    public Socket createSocket(String str, int i) throws IOException, UnknownHostException {
        SSLSocket sSLSocket = (SSLSocket) getSSLContext().getSocketFactory().createSocket(str, i);
        verifyHostname(sSLSocket);
        return sSLSocket;
    }

    @Override // org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory
    public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException, UnknownHostException {
        SSLSocket sSLSocket = (SSLSocket) getSSLContext().getSocketFactory().createSocket(socket, str, i, z);
        verifyHostname(sSLSocket);
        return sSLSocket;
    }

    @Override // nl.nn.adapterframework.http.AuthSSLProtocolSocketFactoryBase, org.apache.commons.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
        SSLSocket sSLSocket = (SSLSocket) getSSLContext().getSocketFactory().createSocket(inetAddress, i);
        verifyHostname(sSLSocket);
        return sSLSocket;
    }

    @Override // nl.nn.adapterframework.http.AuthSSLProtocolSocketFactoryBase, org.apache.commons.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
        SSLSocket sSLSocket = (SSLSocket) getSSLContext().getSocketFactory().createSocket(inetAddress, i, inetAddress2, i2);
        verifyHostname(sSLSocket);
        return sSLSocket;
    }

    @Override // org.apache.commons.httpclient.protocol.ProtocolSocketFactory
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2, HttpConnectionParams httpConnectionParams) throws IOException, UnknownHostException, ConnectTimeoutException {
        if (httpConnectionParams == null) {
            throw new IllegalArgumentException("Parameters may not be null");
        }
        int connectionTimeout = httpConnectionParams.getConnectionTimeout();
        if (connectionTimeout == 0) {
            return createSocket(str, i, inetAddress, i2);
        }
        Socket createSocket = ReflectionSocketFactory.createSocket("javax.net.ssl.SSLSocketFactory", str, i, inetAddress, i2, connectionTimeout);
        if (createSocket == null) {
            createSocket = ControllerThreadSocketFactory.createSocket(this, str, i, inetAddress, i2, connectionTimeout);
        }
        return createSocket;
    }
}
