package edu.uiuc.ncsa.security.util.ssl;

import edu.uiuc.ncsa.security.core.Logable;
import edu.uiuc.ncsa.security.core.exceptions.GeneralException;
import edu.uiuc.ncsa.security.core.util.MyLoggingFacade;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.http.client.HttpClient;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.params.BasicHttpParams;
import org.apache.http.params.HttpConnectionParams;

/* loaded from: input_file:edu/uiuc/ncsa/security/util/ssl/VerifyingHTTPClientFactory.class */
public class VerifyingHTTPClientFactory implements Logable {
    boolean strictHostnames = true;
    public static int DEFAULT_CONNECTION_TIMEOUT = 10000;
    MyLoggingFacade logger;
    KeyStore keyStore;
    KeyManagerFactory keyManagerFactory;
    SSLConfiguration sslConfiguration;

    /* loaded from: input_file:edu/uiuc/ncsa/security/util/ssl/VerifyingHTTPClientFactory$X509TrustManagerFacade.class */
    public static class X509TrustManagerFacade implements X509TrustManager {
        static boolean stackTracesOn = false;
        List<X509TrustManager> trustManagers;

        public List<X509TrustManager> getTrustManagers() {
            if (this.trustManagers == null) {
                this.trustManagers = new ArrayList();
            }
            return this.trustManagers;
        }

        public void setTrustManagers(List<X509TrustManager> list) {
            this.trustManagers = list;
        }

        public void add(X509TrustManager x509TrustManager) {
            getTrustManagers().add(x509TrustManager);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            Iterator<X509TrustManager> it = getTrustManagers().iterator();
            while (it.hasNext()) {
                try {
                    it.next().checkClientTrusted(x509CertificateArr, str);
                    return;
                } catch (Throwable th) {
                    if (stackTracesOn) {
                        th.printStackTrace();
                    }
                }
            }
            throw new CertificateException("No trust manager accepted the client");
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            Iterator<X509TrustManager> it = getTrustManagers().iterator();
            while (it.hasNext()) {
                try {
                    it.next().checkServerTrusted(x509CertificateArr, str);
                    return;
                } catch (Throwable th) {
                    if (stackTracesOn) {
                        th.printStackTrace();
                    }
                }
            }
            throw new CertificateException("No trust manager accepted the server");
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    public VerifyingHTTPClientFactory(MyLoggingFacade myLoggingFacade, SSLConfiguration sSLConfiguration) {
        this.sslConfiguration = sSLConfiguration;
        this.logger = myLoggingFacade;
    }

    public boolean isStrictHostnames() {
        return this.strictHostnames;
    }

    public void setStrictHostnames(boolean z) {
        this.strictHostnames = z;
    }

    public void debug(String str) {
        getLogger().debug(str);
    }

    public boolean isDebugOn() {
        return getLogger().isDebugOn();
    }

    public void setDebugOn(boolean z) {
        getLogger().setDebugOn(z);
    }

    public void info(String str) {
        getLogger().info(str);
    }

    public void warn(String str) {
        getLogger().warn(str);
    }

    public void error(String str) {
        getLogger().error(str);
    }

    public MyLoggingFacade getLogger() {
        if (this.logger == null) {
            this.logger = new MyLoggingFacade(getClass().getName(), false);
        }
        return this.logger;
    }

    public HttpClient getClient(String str) throws IOException {
        return getClient(str, 0, 0);
    }

    public HttpClient getClient(String str, int i, int i2) throws IOException {
        MyTrustManager newMyTrustManager = newMyTrustManager();
        newMyTrustManager.setHost(str);
        debug("my trust manager: trust root path+" + newMyTrustManager.getTrustRootPath());
        newMyTrustManager.setTrustRootPath(getSSLConfiguration().getTrustrootPath());
        return getClient(newMyTrustManager, i, i2);
    }

    public HttpClient getClient(X509TrustManager x509TrustManager) {
        return getClient(x509TrustManager, 0, 0);
    }

    public HttpClient getClient(X509TrustManager x509TrustManager, int i, int i2) {
        DefaultHttpClient defaultHttpClient;
        try {
            if (0 >= i || 0 >= i2) {
                defaultHttpClient = new DefaultHttpClient();
            } else {
                BasicHttpParams basicHttpParams = new BasicHttpParams();
                HttpConnectionParams.setConnectionTimeout(basicHttpParams, i);
                HttpConnectionParams.setSoTimeout(basicHttpParams, i2);
                defaultHttpClient = new DefaultHttpClient(basicHttpParams);
            }
            defaultHttpClient.getConnectionManager().getSchemeRegistry().register(new Scheme("https", getSocketFactory(x509TrustManager), 443));
            debug("done creating https client = " + defaultHttpClient);
            return defaultHttpClient;
        } catch (Throwable th) {
            error("could not create https client.");
            th.printStackTrace();
            throw new GeneralException("Error creating client", th);
        }
    }

    protected SSLSocketFactory getSocketFactory(X509TrustManager x509TrustManager) throws IOException, GeneralSecurityException {
        debug("creating socket factory");
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        X509TrustManagerFacade x509TrustManagerFacade = new X509TrustManagerFacade();
        x509TrustManagerFacade.add(x509TrustManager);
        debug("added trust manager = " + x509TrustManager);
        X509TrustManager[] x509TrustManagerArr = {x509TrustManagerFacade};
        if (hasKeyStore()) {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(getSSLConfiguration().getKeyManagerFactory());
            trustManagerFactory.init(getKeyStore());
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    x509TrustManagerFacade.add((X509TrustManager) trustManager);
                }
            }
        }
        debug("Added other trust managers, #=" + x509TrustManagerFacade.getTrustManagers().size());
        sSLContext.init(getKeyManagers(), x509TrustManagerArr, new SecureRandom());
        SSLSocketFactory sSLSocketFactory = new SSLSocketFactory(sSLContext);
        if (isStrictHostnames()) {
            sSLSocketFactory.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
        } else {
            sSLSocketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        }
        debug("enabled strict hostname verification");
        return sSLSocketFactory;
    }

    public boolean hasKeyStore() {
        return getSSLConfiguration().getKeystore() != null;
    }

    public MyTrustManager newMyTrustManager() throws IOException {
        return new MyTrustManager(this.logger, getSSLConfiguration().getTrustrootPath());
    }

    protected KeyManagerFactory getKeyManagerFactory() throws IOException, GeneralSecurityException {
        if (this.keyManagerFactory == null) {
            this.keyManagerFactory = KeyManagerFactory.getInstance(getSSLConfiguration().getKeyManagerFactory());
            this.keyManagerFactory.init(getKeyStore(), getSSLConfiguration().getKeystorePasswordChars());
        }
        return this.keyManagerFactory;
    }

    protected KeyStore getKeyStore() throws IOException, GeneralSecurityException {
        if (this.keyStore == null) {
            if (getSSLConfiguration().getKeystore() == null) {
                warn("No keystore");
                return null;
            }
            this.keyStore = KeyStore.getInstance(getSSLConfiguration().getKeystoreType());
            File file = new File(getSSLConfiguration().getKeystore());
            if (!file.exists()) {
                throw new FileNotFoundException("Error: the keystore file \"" + file + "\" does not exist");
            }
            FileInputStream fileInputStream = new FileInputStream(file);
            this.keyStore.load(fileInputStream, getSSLConfiguration().getKeystorePasswordChars());
            fileInputStream.close();
        }
        return this.keyStore;
    }

    protected void setKeyStore(KeyStore keyStore) {
        this.keyStore = keyStore;
    }

    protected void setKeyManagerFactory(KeyManagerFactory keyManagerFactory) {
        this.keyManagerFactory = keyManagerFactory;
    }

    protected KeyManager[] getKeyManagers() throws IOException, GeneralSecurityException {
        if (!hasKeyStore() || getKeyManagerFactory() == null) {
            return null;
        }
        return getKeyManagerFactory().getKeyManagers();
    }

    public SSLConfiguration getSSLConfiguration() {
        return this.sslConfiguration;
    }

    public void setSSLConfiguration(SSLConfiguration sSLConfiguration) {
        this.sslConfiguration = sSLConfiguration;
    }
}
