package org.apache.commons.httpclient.protocol;

import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
import java.util.NoSuchElementException;
import java.util.regex.Pattern;
import javax.naming.InvalidNameException;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import org.apache.axis2.description.java2wsdl.Java2WSDLConstants;
import org.apache.axis2.util.CommandLineOptionConstants;
import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import org.opensaml.common.xml.SAMLConstants;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/commons-httpclient-3.1.0.wso2v6.jar:org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.class
 */
/* loaded from: input_file:WEB-INF/lib/axis2-client-1.6.1-wso2v27.jar:org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.class */
public class SSLProtocolSocketFactory implements SecureProtocolSocketFactory {
    private static final SSLProtocolSocketFactory factory = new SSLProtocolSocketFactory();
    private static final String[] BAD_COUNTRY_2LDS = {SAMLConstants.SAML20AC_PREFIX, "co", "com", "ed", "edu", "go", "gouv", "gov", "info", "lg", "ne", "net", CommandLineOptionConstants.WSDL2JavaConstants.OVERRIDE_OPTION, "org"};
    private static final Pattern IPV4_PATTERN = Pattern.compile("^(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3}$");
    private static final Pattern IPV6_STD_PATTERN = Pattern.compile("^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$");
    private static final Pattern IPV6_HEX_COMPRESSED_PATTERN = Pattern.compile("^((?:[0-9A-Fa-f]{1,4}(?::[0-9A-Fa-f]{1,4})*)?)::((?:[0-9A-Fa-f]{1,4}(?::[0-9A-Fa-f]{1,4})*)?)$");

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SSLProtocolSocketFactory getSocketFactory() {
        return factory;
    }

    @Override // org.apache.commons.httpclient.protocol.ProtocolSocketFactory
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException, UnknownHostException {
        Socket createSocket = SSLSocketFactory.getDefault().createSocket(str, i, inetAddress, i2);
        verifyHostName(str, (SSLSocket) createSocket);
        return createSocket;
    }

    @Override // org.apache.commons.httpclient.protocol.ProtocolSocketFactory
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2, HttpConnectionParams httpConnectionParams) throws IOException, UnknownHostException, ConnectTimeoutException {
        if (httpConnectionParams == null) {
            throw new IllegalArgumentException("Parameters may not be null");
        }
        int connectionTimeout = httpConnectionParams.getConnectionTimeout();
        if (connectionTimeout == 0) {
            Socket createSocket = SSLSocketFactory.getDefault().createSocket(str, i, inetAddress, i2);
            createSocket.setSoTimeout(httpConnectionParams.getSoTimeout());
            verifyHostName(str, (SSLSocket) createSocket);
            return createSocket;
        }
        Socket createSocket2 = ReflectionSocketFactory.createSocket("javax.net.ssl.SSLSocketFactory", str, i, inetAddress, i2, connectionTimeout);
        if (createSocket2 == null) {
            createSocket2 = ControllerThreadSocketFactory.createSocket(this, str, i, inetAddress, i2, connectionTimeout);
        }
        createSocket2.setSoTimeout(httpConnectionParams.getSoTimeout());
        verifyHostName(str, (SSLSocket) createSocket2);
        return createSocket2;
    }

    @Override // org.apache.commons.httpclient.protocol.ProtocolSocketFactory
    public Socket createSocket(String str, int i) throws IOException, UnknownHostException {
        Socket createSocket = SSLSocketFactory.getDefault().createSocket(str, i);
        verifyHostName(str, (SSLSocket) createSocket);
        return createSocket;
    }

    @Override // org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory
    public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException, UnknownHostException {
        Socket createSocket = ((SSLSocketFactory) SSLSocketFactory.getDefault()).createSocket(socket, str, i, z);
        verifyHostName(str, (SSLSocket) createSocket);
        return createSocket;
    }

    private static void verifyHostName(String str, SSLSocket sSLSocket) throws IOException {
        if (str == null) {
            throw new IllegalArgumentException("host to verify was null");
        }
        SSLSession session = sSLSocket.getSession();
        if (session == null) {
            sSLSocket.getInputStream().available();
            session = sSLSocket.getSession();
            if (session == null) {
                sSLSocket.startHandshake();
                session = sSLSocket.getSession();
            }
        }
        verifyHostName(str.trim().toLowerCase(Locale.US), (X509Certificate) session.getPeerCertificates()[0]);
    }

    private static void verifyHostName(String str, X509Certificate x509Certificate) throws SSLException {
        String cn = getCN(x509Certificate);
        verifyHostName(str, cn.toLowerCase(Locale.US), getDNSSubjectAlts(x509Certificate));
    }

    private static String[] getDNSSubjectAlts(X509Certificate x509Certificate) {
        LinkedList linkedList = new LinkedList();
        Collection<List<?>> collection = null;
        try {
            collection = x509Certificate.getSubjectAlternativeNames();
        } catch (CertificateParsingException e) {
            e.printStackTrace();
        }
        if (collection != null) {
            for (List<?> list : collection) {
                if (((Integer) list.get(0)).intValue() == 2) {
                    linkedList.add((String) list.get(1));
                }
            }
        }
        if (linkedList.isEmpty()) {
            return new String[0];
        }
        String[] strArr = new String[linkedList.size()];
        linkedList.toArray(strArr);
        return strArr;
    }

    private static void verifyHostName(String str, String str2, String[] strArr) throws SSLException {
        StringBuffer stringBuffer = new StringBuffer();
        for (String str3 : strArr) {
            if (str3 != null) {
                String lowerCase = str3.toLowerCase();
                if (verifyHostName(str, lowerCase)) {
                    return;
                } else {
                    stringBuffer.append("/").append(lowerCase);
                }
            }
        }
        if (str2 == null || !verifyHostName(str, str2)) {
            stringBuffer.append("/").append(str2);
            throw new SSLException("hostname in certificate didn't match: <" + str + "> != <" + ((Object) stringBuffer) + ">");
        }
    }

    private static boolean verifyHostName(String str, String str2) {
        return (!doWildCard(str2) || isIPAddress(str)) ? str.equalsIgnoreCase(str2) : matchesWildCard(str2, str);
    }

    private static boolean doWildCard(String str) {
        String[] split = str.split("\\.");
        return split.length >= 3 && split[0].endsWith("*") && acceptableCountryWildcard(str) && !isIPAddress(str);
    }

    private static boolean isIPAddress(String str) {
        return str != null && (IPV4_PATTERN.matcher(str).matches() || IPV6_STD_PATTERN.matcher(str).matches() || IPV6_HEX_COMPRESSED_PATTERN.matcher(str).matches());
    }

    private static boolean acceptableCountryWildcard(String str) {
        String[] split = str.split("\\.");
        if (split.length > 3 || split[split.length - 1].length() != 2) {
            return true;
        }
        return Arrays.binarySearch(BAD_COUNTRY_2LDS, split[split.length - 2]) < 0;
    }

    private static boolean matchesWildCard(String str, String str2) {
        boolean endsWith;
        String str3 = str.split("\\.")[0];
        if (str3.length() > 1) {
            String substring = str3.substring(0, str3.length() - 1);
            endsWith = str2.startsWith(substring) && str2.substring(substring.length()).endsWith(str.substring(str3.length()));
        } else {
            endsWith = str2.endsWith(str.substring(1));
        }
        if (endsWith) {
            endsWith = countDots(str2) == countDots(str);
        }
        return endsWith;
    }

    private static int countDots(String str) {
        int i = 0;
        for (int i2 = 0; i2 < str.length(); i2++) {
            if (str.charAt(i2) == '.') {
                i++;
            }
        }
        return i;
    }

    private static String getCN(X509Certificate x509Certificate) {
        try {
            return extractCN(x509Certificate.getSubjectX500Principal().toString());
        } catch (SSLException e) {
            return null;
        }
    }

    private static String extractCN(String str) throws SSLException {
        if (str == null) {
            return null;
        }
        try {
            List rdns = new LdapName(str).getRdns();
            for (int size = rdns.size() - 1; size >= 0; size--) {
                Attribute attribute = ((Rdn) rdns.get(size)).toAttributes().get(Java2WSDLConstants.CLASSNAME_OPTION);
                if (attribute != null) {
                    try {
                        Object obj = attribute.get();
                        if (obj != null) {
                            return obj.toString();
                        }
                    } catch (NamingException e) {
                    } catch (NoSuchElementException e2) {
                    }
                }
            }
            return null;
        } catch (InvalidNameException e3) {
            throw new SSLException(str + " is not a valid X500 distinguished name");
        }
    }

    public boolean equals(Object obj) {
        return obj != null && obj.getClass().equals(getClass());
    }

    public int hashCode() {
        return getClass().hashCode();
    }
}
