package at.gv.egovernment.moa.id.commons.utils;

import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException;
import at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moaspss.logging.Logger;
import iaik.pki.PKIException;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;

/* loaded from: input_file:at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.class */
public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory {
    private SSLSocketFactory sslfactory = null;
    private boolean verifyHostName;

    public MOAHttpProtocolSocketFactory(String str, boolean z, String str2, String str3, String str4, boolean z2, String[] strArr, boolean z3) throws MOAHttpProtocolSocketFactoryException {
        this.verifyHostName = true;
        internalInitialize(str, z, null, str2, str3, str4, z2, strArr);
        this.verifyHostName = z3;
    }

    public MOAHttpProtocolSocketFactory(String str, boolean z, String str2, String str3, String str4, String str5, boolean z2, String[] strArr, boolean z3) throws MOAHttpProtocolSocketFactoryException {
        this.verifyHostName = true;
        internalInitialize(str, z, str2, str3, str4, str5, z2, strArr);
        this.verifyHostName = z3;
    }

    private void internalInitialize(String str, boolean z, String str2, String str3, String str4, String str5, boolean z2, String[] strArr) throws MOAHttpProtocolSocketFactoryException {
        try {
            this.sslfactory = SSLUtils.getSSLSocketFactory(str, z, str2, str3, str4, str5, z2, strArr, null, null, null);
        } catch (SSLConfigurationException e) {
            throw new MOAHttpProtocolSocketFactoryException("SSL Configuration loading FAILED.", e);
        } catch (IOException e2) {
            throw new MOAHttpProtocolSocketFactoryException("Initialize SSL Context FAILED", e2);
        } catch (PKIException e3) {
            throw new MOAHttpProtocolSocketFactoryException("Initialize SSL Context FAILED", e3);
        } catch (GeneralSecurityException e4) {
            throw new MOAHttpProtocolSocketFactoryException("Initialize SSL Context FAILED", e4);
        }
    }

    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException, UnknownHostException {
        return setSecurityRequirements(this.sslfactory.createSocket(str, i, inetAddress, i2));
    }

    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2, HttpConnectionParams httpConnectionParams) throws IOException, UnknownHostException, ConnectTimeoutException {
        return setSecurityRequirements(this.sslfactory.createSocket(str, i, inetAddress, i2));
    }

    public Socket createSocket(String str, int i) throws IOException, UnknownHostException {
        return setSecurityRequirements(this.sslfactory.createSocket(str, i));
    }

    public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException, UnknownHostException {
        return setSecurityRequirements(this.sslfactory.createSocket(socket, str, i, z));
    }

    private Socket setSecurityRequirements(Socket socket) throws SSLException {
        if (!(socket instanceof SSLSocket)) {
            return socket;
        }
        SSLSocket sSLSocket = (SSLSocket) socket;
        verifyHostName(sSLSocket);
        return sSLSocket;
    }

    private void verifyHostName(SSLSocket sSLSocket) throws SSLException {
        if (this.verifyHostName) {
            SSLSession session = sSLSocket.getSession();
            if ("SSL_NULL_WITH_NULL_NULL".equals(session.getCipherSuite())) {
                Logger.warn("SSL connection can NOT established.");
                throw new SSLException("SSL connection can NOT established.");
            }
            String peerHost = session.getPeerHost();
            Object[] objArr = null;
            try {
                Certificate[] peerCertificates = session.getPeerCertificates();
                if (peerCertificates == null || peerCertificates.length < 1) {
                    throw new SSLPeerUnverifiedException("No server certificates found!");
                }
                new DefaultHostnameVerifier().verify(peerHost, (X509Certificate) peerCertificates[0]);
            } catch (SSLPeerUnverifiedException e) {
                Logger.error("Host:" + peerHost + " sends no certificates for validation.", e);
                throw e;
            } catch (SSLException e2) {
                Logger.error("Hostname validation FAILED:" + peerHost + " validation ", e2);
                if (Logger.isDebugEnabled() && 0 != 0) {
                    Logger.debug("Server certificate chain:");
                    for (int i = 0; i < objArr.length; i++) {
                        Logger.debug("X509Certificate[" + i + "]=" + objArr[i]);
                    }
                }
                throw e2;
            }
        }
    }

    private SSLSocket setEnabledSslCiphers(SSLSocket sSLSocket) {
        String property = System.getProperty("https.cipherSuites");
        if (MiscUtil.isNotEmpty(property)) {
            try {
                ArrayList arrayList = new ArrayList();
                List asList = Arrays.asList(sSLSocket.getSupportedCipherSuites());
                for (String str : property.split(",")) {
                    if (asList.contains(str)) {
                        arrayList.add(str);
                    } else {
                        Logger.debug("Ignore unsupported cipher: " + str);
                    }
                }
                sSLSocket.setEnabledCipherSuites((String[]) arrayList.toArray(new String[arrayList.size()]));
                try {
                    Logger.trace("Enabled SSL-Cipher: " + StringUtils.join(sSLSocket.getEnabledCipherSuites(), ","));
                } catch (Exception e) {
                    Logger.error(e);
                }
            } catch (IllegalArgumentException e2) {
                Logger.warn("Can not set allowed https.cipherSuites to httpClient. Use default set!");
            }
        }
        return sSLSocket;
    }
}
