package org.openhealthtools.ihe.atna.nodeauth.handlers;

import java.io.IOException;
import java.io.InputStream;
import java.net.ConnectException;
import java.net.MalformedURLException;
import java.net.Socket;
import java.net.SocketException;
import java.net.URI;
import java.net.URLConnection;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import org.openhealthtools.ihe.atna.nodeauth.NoSecurityDomainException;
import org.openhealthtools.ihe.atna.nodeauth.SecurityDomain;
import org.openhealthtools.ihe.atna.nodeauth.SecurityDomainManager;
import org.openhealthtools.ihe.atna.nodeauth.context.NodeAuthModuleContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/openhealthtools/ihe/atna/nodeauth/handlers/TLSEnabledSocketHandler.class */
public class TLSEnabledSocketHandler extends AbstractSecureSocketHandler {
    private static final Logger logger = LoggerFactory.getLogger(TLSEnabledSocketHandler.class);

    public TLSEnabledSocketHandler(NodeAuthModuleContext nodeAuthModuleContext) {
        super(nodeAuthModuleContext);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.openhealthtools.ihe.atna.nodeauth.handlers.AbstractSecureSocketHandler
    public SSLSocket createSecureSocket(String str, int i, SecurityDomain securityDomain, Socket socket) throws NoSecurityDomainException, NoSuchAlgorithmException, KeyManagementException, UnknownHostException, IOException {
        if (!this.CONTEXT.isTLSEnabled()) {
            throw new NoSuchAlgorithmException("TLS has been disabled for ATNA connections via " + SecurityDomainManager.class.getName() + ".setSetTLSEnabled(false)");
        }
        try {
            SSLContext sSLContext = SSLContext.getInstance(securityDomain.getJdkTlsClientProtocols()[0]);
            try {
                sSLContext.init(securityDomain.getKeyManagers(), securityDomain.getTrustManagers(), null);
                SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
                SSLSocket sSLSocket = null;
                if (logger.isDebugEnabled()) {
                    String[] supportedCipherSuites = socketFactory.getSupportedCipherSuites();
                    logger.debug("\n\nSupported cipher suites are:");
                    for (String str2 : supportedCipherSuites) {
                        logger.debug("\t" + str2);
                    }
                }
                int i2 = 0;
                IOException iOException = null;
                while (i2 < this.CONTEXT.m5getConfig().getSocketRetries()) {
                    try {
                        if (logger.isDebugEnabled()) {
                            logger.debug("Connecting to " + str + " on port " + i + " (timeout: " + this.CONTEXT.m5getConfig().getConnectTimeout() + " ms) using factory " + socketFactory.getClass().getName());
                        }
                        sSLSocket = socket instanceof Socket ? (SSLSocket) socketFactory.createSocket(socket, str, i, true) : (SSLSocket) socketFactory.createSocket(str, i);
                        sSLSocket.setSoTimeout(this.CONTEXT.m5getConfig().getSocketTimeout());
                        sSLSocket.setKeepAlive(true);
                        sSLSocket.setEnabledProtocols(securityDomain.getJdkTlsClientProtocols());
                        sSLSocket.setEnabledCipherSuites(securityDomain.getCipherSuites());
                        if (logger.isDebugEnabled()) {
                            logger.debug("\n\nEnabled Cipher suites for connection are: ");
                            for (String str3 : sSLSocket.getEnabledCipherSuites()) {
                                logger.debug("\t" + str3);
                            }
                        }
                        sSLSocket.startHandshake();
                        break;
                    } catch (SocketException e) {
                        logger.error("Error connecting to " + str + " on port " + i + ". Will retry in " + (this.CONTEXT.m5getConfig().getSocketRetryWait() / 1000) + " seconds.", e);
                        i2++;
                        iOException = e;
                        try {
                            Thread.sleep(this.CONTEXT.m5getConfig().getSocketRetryWait());
                        } catch (InterruptedException e2) {
                            if (logger.isDebugEnabled()) {
                                logger.debug("Sleep awoken early");
                            }
                        }
                    } catch (UnknownHostException e3) {
                        logger.error("Unable to establish connection to " + str + " on port " + i + " reason " + e3.getLocalizedMessage(), e3);
                        throw e3;
                    } catch (SSLHandshakeException e4) {
                        logger.error("Handshake failed with server " + str + " on port " + i + " reason " + e4.getLocalizedMessage(), e4);
                        try {
                            sSLSocket.close();
                        } catch (IOException e5) {
                            logger.error("Error trying to close socket for " + str + " on port " + i + " reason " + e5.getLocalizedMessage(), e5);
                        }
                        throw e4;
                    } catch (IOException e6) {
                        logger.error("Error connecting to " + str + " on port " + i + ". Will retry in " + (this.CONTEXT.m5getConfig().getSocketRetryWait() / 1000) + " seconds. reason " + e6.getLocalizedMessage(), e6);
                        i2++;
                        iOException = e6;
                        try {
                            Thread.sleep(this.CONTEXT.m5getConfig().getSocketRetryWait());
                        } catch (InterruptedException e7) {
                            if (logger.isDebugEnabled()) {
                                logger.debug("Sleep awoken early");
                            }
                        }
                    }
                }
                if (i2 < this.CONTEXT.m5getConfig().getSocketRetries()) {
                    return sSLSocket;
                }
                logger.error("Secure Socket Connect Retries Exhausted.", iOException);
                throw new ConnectException("Secure socket retries exhausted");
            } catch (KeyManagementException e8) {
                throw e8;
            }
        } catch (NoSuchAlgorithmException e9) {
            securityDomain.restoreSystemEnvironment();
            throw e9;
        }
    }

    @Override // org.openhealthtools.ihe.atna.nodeauth.SocketHandler
    public InputStream getInputStream(URI uri, SecurityDomain securityDomain) throws NoSecurityDomainException, MalformedURLException, IOException, NoSuchAlgorithmException {
        NodeAuthModuleContext context = NodeAuthModuleContext.getContext();
        if (!context.isTLSEnabled() && !context.isNonTLSConnectionsPermitted()) {
            throw new NoSuchAlgorithmException("TLS has been disabled for ATNA connections");
        }
        boolean z = (uri.getScheme().equalsIgnoreCase("https") && context.isTLSEnabled()) || !context.isNonTLSConnectionsPermitted();
        if (z && null == securityDomain) {
            throw new NoSecurityDomainException(uri, "Security domain provided is null");
        }
        if (z) {
            securityDomain.setDomainEnvironment();
        }
        try {
            URLConnection openConnection = uri.toURL().openConnection();
            if (z && !securityDomain.doDomainSpoofCheck()) {
                ((HttpsURLConnection) openConnection).setHostnameVerifier((str, sSLSession) -> {
                    return true;
                });
            }
            InputStream inputStream = openConnection.getInputStream();
            if (z) {
                logger.info("Secure connection successfully made using TLS to " + uri.toString());
            } else {
                logger.info("Unsecure connection successfully made to " + uri.toString());
            }
            if (z) {
                securityDomain.restoreSystemEnvironment();
            }
            return inputStream;
        } catch (IOException e) {
            if (z) {
                securityDomain.restoreSystemEnvironment();
            }
            throw e;
        }
    }

    @Override // org.openhealthtools.ihe.atna.nodeauth.SocketHandler
    public InputStream getInputStream(URI uri) throws Exception {
        SecurityDomain securityDomain = null;
        if (uri.getScheme().equalsIgnoreCase("https")) {
            securityDomain = NodeAuthModuleContext.getContext().getSecurityDomainManager().getSecurityDomain(uri);
        }
        return getInputStream(uri, securityDomain);
    }
}
