package org.jsslutils.extra.apachehttpclient;

import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.StringTokenizer;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;

/* loaded from: input_file:org/jsslutils/extra/apachehttpclient/SslContextedSecureProtocolSocketFactory.class */
public class SslContextedSecureProtocolSocketFactory implements SecureProtocolSocketFactory {
    private SSLContext sslContext;
    private boolean verifyHostname;

    public SslContextedSecureProtocolSocketFactory(SSLContext sSLContext, boolean z) {
        this.verifyHostname = true;
        this.sslContext = sSLContext;
        this.verifyHostname = z;
    }

    public SslContextedSecureProtocolSocketFactory(SSLContext sSLContext) {
        this(sSLContext, true);
    }

    public SslContextedSecureProtocolSocketFactory(boolean z) {
        this(null, z);
    }

    public SslContextedSecureProtocolSocketFactory() {
        this(null, true);
    }

    public synchronized void setHostnameVerification(boolean z) {
        this.verifyHostname = z;
    }

    public synchronized boolean getHostnameVerification() {
        return this.verifyHostname;
    }

    @Override // org.apache.commons.httpclient.protocol.ProtocolSocketFactory
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException, UnknownHostException {
        SSLSocket sSLSocket = (SSLSocket) getSslSocketFactory().createSocket(str, i, inetAddress, i2);
        verifyHostname(sSLSocket);
        return sSLSocket;
    }

    @Override // org.apache.commons.httpclient.protocol.ProtocolSocketFactory
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2, HttpConnectionParams httpConnectionParams) throws IOException, UnknownHostException, ConnectTimeoutException {
        Socket createSocket;
        if (httpConnectionParams == null) {
            throw new IllegalArgumentException("Parameters may not be null");
        }
        int connectionTimeout = httpConnectionParams.getConnectionTimeout();
        SSLSocketFactory sslSocketFactory = getSslSocketFactory();
        if (connectionTimeout == 0) {
            createSocket = sslSocketFactory.createSocket(str, i, inetAddress, i2);
        } else {
            createSocket = sslSocketFactory.createSocket();
            InetSocketAddress inetSocketAddress = new InetSocketAddress(inetAddress, i2);
            InetSocketAddress inetSocketAddress2 = new InetSocketAddress(str, i);
            createSocket.bind(inetSocketAddress);
            createSocket.connect(inetSocketAddress2, connectionTimeout);
        }
        verifyHostname((SSLSocket) createSocket);
        return createSocket;
    }

    @Override // org.apache.commons.httpclient.protocol.ProtocolSocketFactory
    public Socket createSocket(String str, int i) throws IOException, UnknownHostException {
        SSLSocket sSLSocket = (SSLSocket) getSslSocketFactory().createSocket(str, i);
        verifyHostname(sSLSocket);
        return sSLSocket;
    }

    @Override // org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory
    public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException, UnknownHostException {
        SSLSocket sSLSocket = (SSLSocket) getSslSocketFactory().createSocket(socket, str, i, z);
        verifyHostname(sSLSocket);
        return sSLSocket;
    }

    private void verifyHostname(SSLSocket sSLSocket) throws SSLPeerUnverifiedException, UnknownHostException {
        synchronized (this) {
            if (this.verifyHostname) {
                SSLSession session = sSLSocket.getSession();
                String peerHost = session.getPeerHost();
                try {
                    InetAddress.getByName(peerHost);
                    X509Certificate[] x509CertificateArr = (X509Certificate[]) session.getPeerCertificates();
                    if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                        throw new SSLPeerUnverifiedException("No server certificates found!");
                    }
                    List<String> cNs = getCNs(x509CertificateArr[0].getSubjectX500Principal());
                    boolean z = false;
                    Iterator<String> it2 = cNs.iterator();
                    while (true) {
                        if (!it2.hasNext()) {
                            break;
                        } else if (peerHost.equalsIgnoreCase(it2.next())) {
                            z = true;
                            break;
                        }
                    }
                    if (!z) {
                        throw new SSLPeerUnverifiedException("HTTPS hostname invalid: expected '" + peerHost + "', received '" + cNs + "'");
                    }
                } catch (UnknownHostException e) {
                    throw new UnknownHostException("Could not resolve SSL sessions server hostname: " + peerHost);
                }
            }
        }
    }

    private List<String> getCNs(X500Principal x500Principal) {
        ArrayList arrayList = new ArrayList();
        StringTokenizer stringTokenizer = new StringTokenizer(x500Principal.getName(), ",");
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            if (nextToken.startsWith("CN=")) {
                arrayList.add(nextToken.substring(3));
            }
        }
        return arrayList;
    }

    protected SSLSocketFactory getSslSocketFactory() {
        SSLSocketFactory sSLSocketFactory = null;
        synchronized (this) {
            if (this.sslContext != null) {
                sSLSocketFactory = this.sslContext.getSocketFactory();
            }
        }
        if (sSLSocketFactory == null) {
            sSLSocketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
        }
        return sSLSocketFactory;
    }

    public synchronized void setSSLContext(SSLContext sSLContext) {
        this.sslContext = sSLContext;
    }
}
