package es.mityc.javasign.ts;

import es.mityc.javasign.ssl.ISSLErrorManager;
import es.mityc.javasign.ssl.ISSLManager;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.Vector;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.security.cert.CertificateEncodingException;
import javax.security.cert.X509Certificate;
import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.asn1.x509.X509Name;

/* loaded from: input_file:es/mityc/javasign/ts/OwnSSLProtocolSocketFactory.class */
public class OwnSSLProtocolSocketFactory implements SecureProtocolSocketFactory {
    private static final Log LOG = LogFactory.getLog(OwnSSLProtocolSocketFactory.class);
    private static final int SSL_TIME_OUT = 30;
    private ISSLManager sslManager;
    private SSLContext sslcontext;

    public OwnSSLProtocolSocketFactory(ISSLManager iSSLManager) {
        this.sslManager = null;
        this.sslcontext = null;
        this.sslManager = iSSLManager;
    }

    public OwnSSLProtocolSocketFactory() {
        this.sslManager = null;
        this.sslcontext = null;
    }

    private SSLContext createSSLContext() throws IOException {
        try {
            KeyManager[] keyManagerArr = null;
            TrustManager[] trustManagerArr = null;
            if (this.sslManager != null) {
                KeyManager keyManager = this.sslManager.getKeyManager();
                if (keyManager != null) {
                    keyManagerArr = new KeyManager[]{keyManager};
                }
                TrustManager trustManager = this.sslManager.getTrustManager();
                if (trustManager != null) {
                    trustManagerArr = new TrustManager[]{trustManager};
                }
            }
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(keyManagerArr, trustManagerArr, null);
            sSLContext.getClientSessionContext().setSessionTimeout(SSL_TIME_OUT);
            return sSLContext;
        } catch (KeyManagementException e) {
            LOG.error(e.getMessage(), e);
            throw new IOException(e.getMessage());
        } catch (NoSuchAlgorithmException e2) {
            LOG.error(e2.getMessage(), e2);
            throw new IOException(e2.getMessage());
        }
    }

    public SSLContext getSSLContext() throws IOException {
        if (this.sslcontext == null) {
            this.sslcontext = createSSLContext();
        }
        return this.sslcontext;
    }

    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2, HttpConnectionParams httpConnectionParams) throws IOException, UnknownHostException, ConnectTimeoutException {
        Socket createSocket;
        if (httpConnectionParams == null) {
            throw new IllegalArgumentException("Parameters may not be null");
        }
        int connectionTimeout = httpConnectionParams.getConnectionTimeout();
        SSLSocketFactory socketFactory = getSSLContext().getSocketFactory();
        if (connectionTimeout == 0) {
            createSocket = socketFactory.createSocket(str, i, inetAddress, i2);
        } else {
            createSocket = socketFactory.createSocket();
            InetSocketAddress inetSocketAddress = new InetSocketAddress(inetAddress, i2);
            InetSocketAddress inetSocketAddress2 = new InetSocketAddress(str, i);
            createSocket.bind(inetSocketAddress);
            createSocket.connect(inetSocketAddress2, connectionTimeout);
        }
        verifyHostname((SSLSocket) createSocket);
        return createSocket;
    }

    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException, UnknownHostException {
        SSLSocket sSLSocket = (SSLSocket) getSSLContext().getSocketFactory().createSocket(str, i, inetAddress, i2);
        verifyHostname(sSLSocket);
        return sSLSocket;
    }

    public Socket createSocket(String str, int i) throws IOException, UnknownHostException {
        SSLSocket sSLSocket = (SSLSocket) getSSLContext().getSocketFactory().createSocket(str, i);
        verifyHostname(sSLSocket);
        return sSLSocket;
    }

    public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException, UnknownHostException {
        SSLSocket sSLSocket = (SSLSocket) getSSLContext().getSocketFactory().createSocket(socket, str, i, z);
        verifyHostname(sSLSocket);
        return sSLSocket;
    }

    private void verifyHostname(SSLSocket sSLSocket) throws SSLPeerUnverifiedException, UnknownHostException {
        ISSLErrorManager sSLErrorManager;
        if (this.sslManager == null || (sSLErrorManager = this.sslManager.getSSLErrorManager()) == null) {
            return;
        }
        SSLSession session = sSLSocket.getSession();
        String peerHost = session.getPeerHost();
        try {
            InetAddress.getByName(peerHost);
            X509Certificate[] peerCertificateChain = session.getPeerCertificateChain();
            if (peerCertificateChain == null || peerCertificateChain.length == 0) {
                throw new SSLPeerUnverifiedException("No server certificates found!");
            }
            String name = peerCertificateChain[0].getSubjectDN().getName();
            if (LOG.isDebugEnabled()) {
                LOG.debug("Server certificate chain:");
                for (int i = 0; i < peerCertificateChain.length; i++) {
                    LOG.debug("X509Certificate[" + i + "]=" + peerCertificateChain[i]);
                }
            }
            String cn = getCN(name);
            if (peerHost.equalsIgnoreCase(cn)) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Target hostname valid: " + cn);
                    return;
                }
                return;
            }
            try {
                if (!sSLErrorManager.continueErrorPeer(peerHost, (java.security.cert.X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(peerCertificateChain[0].getEncoded())))) {
                    throw new SSLPeerUnverifiedException("HTTPS hostname invalid: expected '" + peerHost + "', received '" + cn + "'");
                }
            } catch (CertificateException e) {
                LOG.error(e.getMessage(), e);
                throw new SSLPeerUnverifiedException("Unexpected error checking HTTPS hostname: " + e.getMessage());
            } catch (CertificateEncodingException e2) {
                LOG.error(e2.getMessage(), e2);
                throw new SSLPeerUnverifiedException("Unexpected error checking HTTPS hostname: " + e2.getMessage());
            }
        } catch (UnknownHostException e3) {
            throw new UnknownHostException("Could not resolve SSL sessions server hostname: " + peerHost);
        }
    }

    private String getCN(String str) {
        Vector values = new X509Name(str).getValues(X509Name.CN);
        if (values == null || values.size() <= 0) {
            return null;
        }
        return (String) values.get(0);
    }

    public boolean equals(Object obj) {
        return obj != null && obj.getClass().equals(OwnSSLProtocolSocketFactory.class);
    }

    public int hashCode() {
        return OwnSSLProtocolSocketFactory.class.hashCode();
    }
}
