package eu.unicore.security.wsutil.client;

import eu.emi.security.authn.x509.X509CertChainValidator;
import eu.emi.security.authn.x509.X509Credential;
import eu.emi.security.authn.x509.impl.CertificateUtils;
import eu.emi.security.authn.x509.impl.FormatMode;
import eu.emi.security.authn.x509.impl.SocketFactoryCreator;
import eu.unicore.security.canl.LoggingX509TrustManager;
import eu.unicore.util.Log;
import eu.unicore.util.httpclient.HostnameMismatchCallbackImpl;
import eu.unicore.util.httpclient.IClientConfiguration;
import eu.unicore.util.httpclient.NoAuthKeyManager;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import org.apache.http.params.HttpConnectionParams;
import org.apache.http.params.HttpParams;
import org.apache.log4j.Logger;

/* loaded from: input_file:eu/unicore/security/wsutil/client/MySSLSocketFactory.class */
public class MySSLSocketFactory extends SSLSocketFactory {
    private static final Logger log = Log.getLogger(Log.SECURITY, MySSLSocketFactory.class);
    private SSLContext sslcontext = null;
    private IClientConfiguration sec;

    public MySSLSocketFactory(IClientConfiguration iClientConfiguration) {
        this.sec = iClientConfiguration;
    }

    private synchronized SSLContext createSSLContext() {
        X509KeyManager noAuthKeyManager;
        try {
            if (this.sec.doSSLAuthn()) {
                noAuthKeyManager = this.sec.getCredential().getKeyManager();
                if (log.isTraceEnabled()) {
                    debugKS(this.sec.getCredential());
                }
            } else {
                noAuthKeyManager = new NoAuthKeyManager();
                log.trace("Not authenticating client");
            }
            LoggingX509TrustManager loggingX509TrustManager = new LoggingX509TrustManager(SocketFactoryCreator.getSSLTrustManager(this.sec.getValidator()), "ssl");
            if (log.isTraceEnabled()) {
                debugTS(this.sec.getValidator());
            }
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(new KeyManager[]{noAuthKeyManager}, new TrustManager[]{loggingX509TrustManager}, null);
            return sSLContext;
        } catch (Exception e) {
            log.fatal(e.getMessage(), e);
            throw new RuntimeException(e);
        }
    }

    private void debugTS(X509CertChainValidator x509CertChainValidator) {
        for (X509Certificate x509Certificate : x509CertChainValidator.getTrustedIssuers()) {
            log.trace("Currently(!) trusted certificate:\n" + CertificateUtils.format(x509Certificate, FormatMode.FULL));
        }
    }

    private void debugKS(X509Credential x509Credential) {
        log.trace("Client's certificate chain:" + CertificateUtils.format(CertificateUtils.convertToX509Chain(x509Credential.getCertificateChain()), FormatMode.FULL));
    }

    private SSLContext getSSLContext() {
        if (this.sslcontext == null) {
            this.sslcontext = createSSLContext();
        }
        return this.sslcontext;
    }

    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2, HttpParams httpParams) throws IOException, UnknownHostException {
        if (httpParams == null) {
            throw new IllegalArgumentException("Parameters may not be null");
        }
        int connectionTimeout = HttpConnectionParams.getConnectionTimeout(httpParams);
        SSLSocketFactory socketFactory = getSSLContext().getSocketFactory();
        if (connectionTimeout == 0) {
            Socket createSocket = socketFactory.createSocket(str, i, inetAddress, i2);
            checkHostname((SSLSocket) createSocket);
            return createSocket;
        }
        Socket createSocket2 = socketFactory.createSocket();
        InetSocketAddress inetSocketAddress = new InetSocketAddress(inetAddress, i2);
        InetSocketAddress inetSocketAddress2 = new InetSocketAddress(str, i);
        createSocket2.bind(inetSocketAddress);
        createSocket2.connect(inetSocketAddress2, connectionTimeout);
        checkHostname((SSLSocket) createSocket2);
        return createSocket2;
    }

    private void checkHostname(SSLSocket sSLSocket) throws IOException {
        SocketFactoryCreator.connectWithHostnameChecking(sSLSocket, new HostnameMismatchCallbackImpl(this.sec.getServerHostnameCheckingMode()));
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException, UnknownHostException {
        Socket createSocket = getSSLContext().getSocketFactory().createSocket(str, i, inetAddress, i2);
        checkHostname((SSLSocket) createSocket);
        return createSocket;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i) throws IOException, UnknownHostException {
        Socket createSocket = getSSLContext().getSocketFactory().createSocket(str, i);
        checkHostname((SSLSocket) createSocket);
        return createSocket;
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException, UnknownHostException {
        Socket createSocket = getSSLContext().getSocketFactory().createSocket(socket, str, i, z);
        checkHostname((SSLSocket) createSocket);
        return createSocket;
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getDefaultCipherSuites() {
        return createSSLContext().getSupportedSSLParameters().getCipherSuites();
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getSupportedCipherSuites() {
        return createSSLContext().getSupportedSSLParameters().getCipherSuites();
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
        Socket createSocket = getSSLContext().getSocketFactory().createSocket(inetAddress, i);
        checkHostname((SSLSocket) createSocket);
        return createSocket;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
        Socket createSocket = getSSLContext().getSocketFactory().createSocket(inetAddress, i, inetAddress2, i2);
        checkHostname((SSLSocket) createSocket);
        return createSocket;
    }
}
