package org.apache.geode.internal.net;

import java.io.Console;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.BindException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.SocketException;
import java.net.SocketTimeoutException;
import java.net.UnknownHostException;
import java.nio.ByteBuffer;
import java.nio.channels.SocketChannel;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.ConcurrentHashMap;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLProtocolException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.validator.routines.InetAddressValidator;
import org.apache.geode.GemFireConfigException;
import org.apache.geode.SystemConnectException;
import org.apache.geode.SystemFailure;
import org.apache.geode.annotations.VisibleForTesting;
import org.apache.geode.annotations.internal.MakeNotStatic;
import org.apache.geode.cache.wan.GatewaySender;
import org.apache.geode.cache.wan.GatewayTransportFilter;
import org.apache.geode.distributed.ClientSocketFactory;
import org.apache.geode.distributed.internal.DistributionConfig;
import org.apache.geode.distributed.internal.DistributionConfigImpl;
import org.apache.geode.distributed.internal.tcpserver.ConnectionWatcher;
import org.apache.geode.distributed.internal.tcpserver.TcpSocketCreatorImpl;
import org.apache.geode.internal.ClassPathLoader;
import org.apache.geode.internal.admin.SSLConfig;
import org.apache.geode.internal.cache.wan.TransportFilterServerSocket;
import org.apache.geode.internal.cache.wan.TransportFilterSocketFactory;
import org.apache.geode.internal.inet.LocalHostUtil;
import org.apache.geode.internal.tcp.TCPConduit;
import org.apache.geode.internal.util.ArgumentRedactor;
import org.apache.geode.internal.util.PasswordUtil;
import org.apache.geode.logging.internal.log4j.api.LogService;
import org.apache.geode.management.internal.SSLUtil;
import org.apache.geode.net.SSLParameterExtension;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:org/apache/geode/internal/net/SocketCreator.class */
public class SocketCreator extends TcpSocketCreatorImpl {
    private boolean configShown = false;
    private boolean hostnameValidationDisabledLogShown = false;
    private SSLContext sslContext;
    private final SSLConfig sslConfig;
    private ClientSocketFactory clientSocketFactory;
    private static final Logger logger = LogService.getLogger();

    @MakeNotStatic
    private static final ConcurrentHashMap<InetAddress, String> hostNames = new ConcurrentHashMap<>();
    public static final boolean FORCE_DNS_USE = Boolean.getBoolean("gemfire.forceDnsUse");

    @MakeNotStatic
    public static volatile boolean resolve_dns = true;

    @MakeNotStatic
    public static volatile boolean use_client_host_name = true;
    public static final boolean ENABLE_TCP_KEEP_ALIVE = TcpSocketCreatorImpl.ENABLE_TCP_KEEP_ALIVE;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/geode/internal/net/SocketCreator$ExtendedAliasKeyManager.class */
    public static class ExtendedAliasKeyManager extends X509ExtendedKeyManager {
        private final X509ExtendedKeyManager delegate;
        private final String keyAlias;

        ExtendedAliasKeyManager(KeyManager keyManager, String str) {
            this.delegate = (X509ExtendedKeyManager) keyManager;
            this.keyAlias = str;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return this.delegate.getClientAliases(str, principalArr);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return !StringUtils.isEmpty(this.keyAlias) ? this.keyAlias : this.delegate.chooseClientAlias(strArr, principalArr, socket);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            return this.delegate.getServerAliases(str, principalArr);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            return !StringUtils.isEmpty(this.keyAlias) ? getKeyAlias(str, this.delegate.getPrivateKey(this.keyAlias)) : this.delegate.chooseServerAlias(str, principalArr, socket);
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return !StringUtils.isEmpty(this.keyAlias) ? this.delegate.getCertificateChain(this.keyAlias) : this.delegate.getCertificateChain(str);
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return this.delegate.getPrivateKey(str);
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
            return this.delegate.chooseEngineClientAlias(strArr, principalArr, sSLEngine);
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
            return !StringUtils.isEmpty(this.keyAlias) ? getKeyAlias(str, this.delegate.getPrivateKey(this.keyAlias)) : this.delegate.chooseEngineServerAlias(str, principalArr, sSLEngine);
        }

        private String getKeyAlias(String str, PrivateKey privateKey) {
            if (privateKey == null || !privateKey.getAlgorithm().equals(str)) {
                return null;
            }
            return this.keyAlias;
        }
    }

    public SocketCreator(SSLConfig sSLConfig) {
        this.sslConfig = sSLConfig;
        initialize();
    }

    @VisibleForTesting
    SocketCreator(SSLConfig sSLConfig, SSLContext sSLContext) {
        this.sslConfig = sSLConfig;
        this.sslContext = sSLContext;
    }

    public static InetAddress getLocalHost() throws UnknownHostException {
        return LocalHostUtil.getLocalHost();
    }

    public static String getHostName(InetAddress inetAddress) {
        String str = hostNames.get(inetAddress);
        if (str == null) {
            str = inetAddress.getHostName();
            hostNames.put(inetAddress, str);
        }
        return str;
    }

    public static String getCanonicalHostName(InetAddress inetAddress, String str) {
        String str2 = hostNames.get(inetAddress);
        if (str2 != null) {
            return str2;
        }
        hostNames.put(inetAddress, str);
        return str;
    }

    public static void resetHostNameCache() {
        hostNames.clear();
    }

    private void initialize() {
        try {
            try {
                if (this.sslConfig.isEnabled() && this.sslContext == null) {
                    this.sslContext = createAndConfigureSSLContext();
                }
                TCPConduit.init();
                initializeClientSocketFactory();
            } catch (Exception e) {
                throw new GemFireConfigException("Error configuring GemFire ssl ", e);
            }
        } catch (Error e2) {
            SystemFailure.checkFailure();
            e2.printStackTrace();
            throw e2;
        } catch (RuntimeException e3) {
            e3.printStackTrace();
            throw e3;
        } catch (VirtualMachineError e4) {
            SystemFailure.initiateFailure(e4);
            throw e4;
        }
    }

    private SSLContext createAndConfigureSSLContext() throws GeneralSecurityException, IOException {
        if (this.sslConfig.useDefaultSSLContext()) {
            return SSLContext.getDefault();
        }
        SSLContext sSLContextInstance = SSLUtil.getSSLContextInstance(this.sslConfig);
        sSLContextInstance.init(getKeyManagers(), getTrustManagers(), null);
        return sSLContextInstance;
    }

    public static void readSSLProperties(Map<String, String> map) {
        readSSLProperties(map, false);
    }

    public static void readSSLProperties(Map<String, String> map, boolean z) {
        Properties properties = new Properties();
        DistributionConfigImpl.loadGemFireProperties(properties, z);
        for (Map.Entry entry : properties.entrySet()) {
            String str = (String) entry.getKey();
            if (str.startsWith(DistributionConfig.SSL_SYSTEM_PROPS_NAME) || str.startsWith(DistributionConfig.SYS_PROP_NAME)) {
                if (str.startsWith(DistributionConfig.SYS_PROP_NAME)) {
                    str = str.substring(DistributionConfig.SYS_PROP_NAME.length());
                }
                String str2 = (String) entry.getValue();
                if (str2 == null || str2.trim().equals("")) {
                    Console console = System.console();
                    if (console == null) {
                        throw new GemFireConfigException("SSL properties are empty, but a console is not available");
                    }
                    map.put(str, console.readLine("Please enter " + str + ": ", new Object[0]));
                }
            }
        }
    }

    private TrustManager[] getTrustManagers() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        String truststoreType = this.sslConfig.getTruststoreType();
        if (StringUtils.isEmpty(truststoreType)) {
            truststoreType = KeyStore.getDefaultType();
        }
        KeyStore keyStore = KeyStore.getInstance(truststoreType);
        FileInputStream fileInputStream = new FileInputStream(this.sslConfig.getTruststore());
        String truststorePassword = this.sslConfig.getTruststorePassword();
        char[] cArr = null;
        if (truststorePassword != null) {
            if (!truststorePassword.trim().equals("")) {
                cArr = truststorePassword.toCharArray();
            } else if (!StringUtils.isEmpty(truststorePassword)) {
                cArr = PasswordUtil.decrypt("encrypted(" + truststorePassword + ")").toCharArray();
            }
        }
        keyStore.load(fileInputStream, cArr);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (cArr != null) {
            Arrays.fill(cArr, ' ');
        }
        return trustManagers;
    }

    private KeyManager[] getKeyManagers() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
        if (this.sslConfig.getKeystore() == null) {
            return null;
        }
        String keystoreType = this.sslConfig.getKeystoreType();
        if (StringUtils.isEmpty(keystoreType)) {
            keystoreType = KeyStore.getDefaultType();
        }
        KeyStore keyStore = KeyStore.getInstance(keystoreType);
        String keystore = this.sslConfig.getKeystore();
        if (StringUtils.isEmpty(keystore)) {
            keystore = System.getProperty("user.home") + System.getProperty("file.separator") + ".keystore";
        }
        FileInputStream fileInputStream = new FileInputStream(keystore);
        String keystorePassword = this.sslConfig.getKeystorePassword();
        char[] cArr = null;
        if (keystorePassword != null) {
            if (keystorePassword.trim().equals("")) {
                String str = System.getenv(SSLConfigurationFactory.JAVAX_KEYSTORE_PASSWORD);
                if (!StringUtils.isEmpty(str)) {
                    cArr = PasswordUtil.decrypt("encrypted(" + str + ")").toCharArray();
                }
            } else {
                cArr = keystorePassword.toCharArray();
            }
        }
        keyStore.load(fileInputStream, cArr);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, cArr);
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        if (cArr != null) {
            Arrays.fill(cArr, ' ');
        }
        KeyManager[] keyManagerArr = new KeyManager[keyManagers.length];
        for (int i = 0; i < keyManagers.length; i++) {
            keyManagerArr[i] = new ExtendedAliasKeyManager(keyManagers[i], this.sslConfig.getAlias());
        }
        return keyManagerArr;
    }

    public SSLContext getSslContext() {
        return this.sslContext;
    }

    public boolean useSSL() {
        return this.sslConfig.isEnabled();
    }

    public ServerSocket createServerSocket(int i, int i2, InetAddress inetAddress, List<GatewayTransportFilter> list, int i3) throws IOException {
        if (list.isEmpty()) {
            return createServerSocket(i, i2, inetAddress, i3);
        }
        printConfig();
        TransportFilterServerSocket transportFilterServerSocket = new TransportFilterServerSocket(list);
        transportFilterServerSocket.setReuseAddress(true);
        transportFilterServerSocket.setReceiveBufferSize(i3);
        try {
            transportFilterServerSocket.bind(new InetSocketAddress(inetAddress, i), i2);
            return transportFilterServerSocket;
        } catch (BindException e) {
            BindException bindException = new BindException(String.format("Failed to create server socket on %s[%s]", inetAddress, Integer.valueOf(i)));
            bindException.initCause(e);
            throw bindException;
        }
    }

    public ServerSocket createServerSocket(int i, int i2, InetAddress inetAddress, int i3) throws IOException {
        return createServerSocket(i, i2, inetAddress, i3, this.sslConfig.isEnabled());
    }

    protected ServerSocket createServerSocket(int i, int i2, InetAddress inetAddress, int i3, boolean z) throws IOException {
        printConfig();
        if (!z) {
            return super.createServerSocket(i, i2, inetAddress, i3, z);
        }
        if (this.sslContext == null) {
            throw new GemFireConfigException("SSL not configured correctly, Please look at previous error");
        }
        SSLServerSocket sSLServerSocket = (SSLServerSocket) this.sslContext.getServerSocketFactory().createServerSocket();
        sSLServerSocket.setReuseAddress(true);
        if (i3 != -1) {
            sSLServerSocket.setReceiveBufferSize(i3);
        }
        sSLServerSocket.bind(new InetSocketAddress(inetAddress, i), i2);
        finishServerSocket(sSLServerSocket);
        return sSLServerSocket;
    }

    public ServerSocket createServerSocketUsingPortRange(InetAddress inetAddress, int i, boolean z, boolean z2, int i2, int[] iArr) throws IOException {
        return createServerSocketUsingPortRange(inetAddress, i, z, z2, i2, iArr, this.sslConfig.isEnabled());
    }

    protected RuntimeException problemCreatingSocketInPortRangeException(String str, IOException iOException) {
        return new GemFireConfigException(str, iOException);
    }

    protected RuntimeException noFreePortException(String str) {
        return new SystemConnectException(str);
    }

    public Socket connectForClient(String str, int i, int i2) throws IOException {
        return connect(InetAddress.getByName(str), i, i2, null, true, -1);
    }

    public Socket connectForClient(String str, int i, int i2, int i3) throws IOException {
        return connect(InetAddress.getByName(str), i, i2, null, true, i3);
    }

    public Socket connectForServer(InetAddress inetAddress, int i) throws IOException {
        return connect(inetAddress, i, 0, null, false, -1);
    }

    public Socket connect(InetAddress inetAddress, int i, int i2, ConnectionWatcher connectionWatcher, boolean z, int i3) throws IOException {
        return connect(inetAddress, i, i2, connectionWatcher, z, i3, this.sslConfig.isEnabled());
    }

    public Socket connect(InetAddress inetAddress, int i, int i2, ConnectionWatcher connectionWatcher, boolean z, int i3, boolean z2) throws IOException {
        printConfig();
        if (!z2) {
            return super.connect(inetAddress, i, i2, connectionWatcher, z, i3, z2);
        }
        InetSocketAddress inetSocketAddress = new InetSocketAddress(inetAddress, i);
        if (this.sslContext == null) {
            throw new GemFireConfigException("SSL not configured correctly, Please look at previous error");
        }
        Socket createSocket = this.sslContext.getSocketFactory().createSocket();
        createSocket.setKeepAlive(ENABLE_TCP_KEEP_ALIVE);
        if (i3 != -1) {
            createSocket.setReceiveBufferSize(i3);
        }
        if (connectionWatcher != null) {
            try {
                connectionWatcher.beforeConnect(createSocket);
            } catch (Throwable th) {
                if (connectionWatcher != null) {
                    connectionWatcher.afterConnect(createSocket);
                }
                throw th;
            }
        }
        createSocket.connect(inetSocketAddress, Math.max(i2, 0));
        configureClientSSLSocket(createSocket, inetAddress.getHostName(), i2);
        if (connectionWatcher != null) {
            connectionWatcher.afterConnect(createSocket);
        }
        return createSocket;
    }

    protected Socket createCustomClientSocket(InetAddress inetAddress, int i) throws IOException {
        if (this.clientSocketFactory != null) {
            return this.clientSocketFactory.createSocket(inetAddress, i);
        }
        return null;
    }

    public SSLEngine createSSLEngine(String str, int i, boolean z) {
        SSLEngine createSSLEngine = getSslContext().createSSLEngine(str, i);
        configureSSLEngine(createSSLEngine, str, i, z);
        return createSSLEngine;
    }

    @VisibleForTesting
    void configureSSLEngine(SSLEngine sSLEngine, String str, int i, boolean z) {
        SSLParameters sSLParameters = sSLEngine.getSSLParameters();
        boolean z2 = false;
        if (this.sslConfig.doEndpointIdentification() && setServerNames(sSLParameters, str)) {
            z2 = true;
        }
        sSLEngine.setUseClientMode(z);
        if (!z) {
            sSLEngine.setNeedClientAuth(this.sslConfig.isRequireAuth());
        }
        if (z && checkAndEnableHostnameValidation(sSLParameters)) {
            z2 = true;
        }
        String[] protocolsAsStringArray = this.sslConfig.getProtocolsAsStringArray();
        if (protocolsAsStringArray != null && !"any".equalsIgnoreCase(protocolsAsStringArray[0])) {
            sSLEngine.setEnabledProtocols(protocolsAsStringArray);
        }
        String[] ciphersAsStringArray = this.sslConfig.getCiphersAsStringArray();
        if (ciphersAsStringArray != null && !"any".equalsIgnoreCase(ciphersAsStringArray[0])) {
            sSLEngine.setEnabledCipherSuites(ciphersAsStringArray);
        }
        if (z2) {
            sSLEngine.setSSLParameters(sSLParameters);
        }
    }

    private boolean setServerNames(SSLParameters sSLParameters, String str) {
        List<SNIServerName> serverNames = sSLParameters.getServerNames();
        ArrayList arrayList = new ArrayList(serverNames == null ? Collections.emptyList() : serverNames);
        if (arrayList.stream().mapToInt((v0) -> {
            return v0.getType();
        }).anyMatch(i -> {
            return i == 0;
        })) {
            return false;
        }
        if (this.sslConfig.doEndpointIdentification() && InetAddressValidator.getInstance().isValid(str)) {
            try {
                str = InetAddress.getByName(str).getCanonicalHostName();
            } catch (UnknownHostException e) {
            }
        }
        arrayList.add(new SNIHostName(str));
        sSLParameters.setServerNames(arrayList);
        return true;
    }

    public NioSslEngine handshakeSSLSocketChannel(SocketChannel socketChannel, SSLEngine sSLEngine, int i, boolean z, ByteBuffer byteBuffer, BufferPool bufferPool) throws IOException {
        sSLEngine.setUseClientMode(z);
        if (!z) {
            sSLEngine.setNeedClientAuth(this.sslConfig.isRequireAuth());
        }
        while (!socketChannel.finishConnect()) {
            try {
                Thread.sleep(50L);
            } catch (InterruptedException e) {
                if (!socketChannel.socket().isClosed()) {
                    socketChannel.close();
                }
                throw new IOException("Interrupted while performing handshake", e);
            }
        }
        NioSslEngine nioSslEngine = new NioSslEngine(sSLEngine, bufferPool);
        boolean isBlocking = socketChannel.isBlocking();
        if (isBlocking) {
            socketChannel.configureBlocking(false);
        }
        try {
            try {
                try {
                    nioSslEngine.handshake(socketChannel, i, byteBuffer);
                    if (isBlocking) {
                        try {
                            socketChannel.configureBlocking(true);
                        } catch (IOException e2) {
                        }
                    }
                    return nioSslEngine;
                } catch (InterruptedException e3) {
                    if (!socketChannel.socket().isClosed()) {
                        socketChannel.close();
                    }
                    throw new IOException("SSL handshake interrupted");
                }
            } catch (SSLException e4) {
                if (!socketChannel.socket().isClosed()) {
                    socketChannel.close();
                }
                logger.warn("SSL handshake exception", e4);
                throw e4;
            }
        } catch (Throwable th) {
            if (isBlocking) {
                try {
                    socketChannel.configureBlocking(true);
                } catch (IOException e5) {
                }
            }
            throw th;
        }
    }

    private boolean checkAndEnableHostnameValidation(SSLParameters sSLParameters) {
        if (this.sslConfig.doEndpointIdentification()) {
            sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
            return true;
        }
        if (this.hostnameValidationDisabledLogShown) {
            return false;
        }
        logger.info("Your SSL configuration disables hostname validation. ssl-endpoint-identification-enabled should be set to true when SSL is enabled. Please refer to the Apache GEODE SSL Documentation for SSL Property: ssl‑endpoint‑identification‑enabled");
        this.hostnameValidationDisabledLogShown = true;
        return false;
    }

    public void handshakeIfSocketIsSSL(Socket socket, int i) throws IOException {
        if (socket instanceof SSLSocket) {
            int soTimeout = socket.getSoTimeout();
            socket.setSoTimeout(i);
            try {
                try {
                    try {
                        ((SSLSocket) socket).startHandshake();
                    } catch (SSLProtocolException e) {
                        if (!(e.getCause() instanceof SocketTimeoutException)) {
                            throw e;
                        }
                        throw ((SocketTimeoutException) e.getCause());
                    }
                } catch (SSLPeerUnverifiedException e2) {
                    if (this.sslConfig.isRequireAuth()) {
                        logger.fatal(String.format("SSL Error in authenticating peer %s[%s].", socket.getInetAddress(), Integer.valueOf(socket.getPort())), e2);
                        throw e2;
                    }
                    try {
                        socket.setSoTimeout(soTimeout);
                    } catch (SocketException e3) {
                    }
                }
            } finally {
                try {
                    socket.setSoTimeout(soTimeout);
                } catch (SocketException e4) {
                }
            }
        }
    }

    private void finishServerSocket(SSLServerSocket sSLServerSocket) {
        sSLServerSocket.setUseClientMode(false);
        if (this.sslConfig.isRequireAuth()) {
            sSLServerSocket.setNeedClientAuth(true);
        }
        sSLServerSocket.setEnableSessionCreation(true);
        String[] protocolsAsStringArray = this.sslConfig.getProtocolsAsStringArray();
        if (!"any".equalsIgnoreCase(protocolsAsStringArray[0])) {
            sSLServerSocket.setEnabledProtocols(protocolsAsStringArray);
        }
        String[] ciphersAsStringArray = this.sslConfig.getCiphersAsStringArray();
        if (!"any".equalsIgnoreCase(ciphersAsStringArray[0])) {
            sSLServerSocket.setEnabledCipherSuites(ciphersAsStringArray);
        }
        SSLParameterExtension sSLParameterExtension = this.sslConfig.getSSLParameterExtension();
        if (sSLParameterExtension != null) {
            sSLServerSocket.setSSLParameters(sSLParameterExtension.modifySSLServerSocketParameters(sSLServerSocket.getSSLParameters()));
        }
    }

    private void configureClientSSLSocket(Socket socket, String str, int i) throws IOException {
        if (socket instanceof SSLSocket) {
            SSLSocket sSLSocket = (SSLSocket) socket;
            sSLSocket.setUseClientMode(true);
            sSLSocket.setEnableSessionCreation(true);
            SSLParameters sSLParameters = sSLSocket.getSSLParameters();
            boolean checkAndEnableHostnameValidation = checkAndEnableHostnameValidation(sSLParameters);
            if (setServerNames(sSLParameters, str)) {
                checkAndEnableHostnameValidation = true;
            }
            SSLParameterExtension sSLParameterExtension = this.sslConfig.getSSLParameterExtension();
            if (sSLParameterExtension != null) {
                sSLParameters = sSLParameterExtension.modifySSLClientSocketParameters(sSLParameters);
            }
            if (checkAndEnableHostnameValidation) {
                sSLSocket.setSSLParameters(sSLParameters);
            }
            String[] protocolsAsStringArray = this.sslConfig.getProtocolsAsStringArray();
            if (protocolsAsStringArray != null && !"any".equalsIgnoreCase(protocolsAsStringArray[0])) {
                sSLSocket.setEnabledProtocols(protocolsAsStringArray);
            }
            String[] ciphersAsStringArray = this.sslConfig.getCiphersAsStringArray();
            if (ciphersAsStringArray != null && !"any".equalsIgnoreCase(ciphersAsStringArray[0])) {
                sSLSocket.setEnabledCipherSuites(ciphersAsStringArray);
            }
            if (i > 0) {
                try {
                    sSLSocket.setSoTimeout(i);
                } catch (SSLHandshakeException e) {
                    logger.fatal(String.format("Problem forming SSL connection to %s[%s].", socket.getInetAddress(), Integer.valueOf(socket.getPort())), e);
                    throw e;
                } catch (SSLPeerUnverifiedException e2) {
                    if (this.sslConfig.isRequireAuth()) {
                        logger.fatal("SSL authentication exception.", e2);
                        throw e2;
                    }
                    return;
                } catch (SSLProtocolException e3) {
                    if (!(e3.getCause() instanceof SocketTimeoutException)) {
                        throw e3;
                    }
                    throw ((SocketTimeoutException) e3.getCause());
                }
            }
            sSLSocket.startHandshake();
        }
    }

    private void printConfig() {
        if (this.configShown || !logger.isDebugEnabled()) {
            return;
        }
        this.configShown = true;
        StringBuilder sb = new StringBuilder();
        sb.append("SSL Configuration: \n");
        sb.append("  ssl-enabled = ").append(this.sslConfig.isEnabled()).append("\n");
        for (String str : System.getProperties().stringPropertyNames()) {
            if (str.startsWith(DistributionConfig.SSL_SYSTEM_PROPS_NAME)) {
                sb.append("  ").append(str).append(" = ").append(ArgumentRedactor.redactArgumentIfNecessary(str, System.getProperty(str))).append("\n");
            }
        }
        logger.debug(sb.toString());
    }

    protected void initializeClientSocketFactory() {
        this.clientSocketFactory = null;
        String property = System.getProperty("gemfire.clientSocketFactory");
        if (property != null) {
            try {
                Object newInstance = ClassPathLoader.getLatest().forName(property).newInstance();
                if (!(newInstance instanceof ClientSocketFactory)) {
                    throw new IllegalArgumentException("Class \"" + property + "\" is not a ClientSocketFactory");
                }
                this.clientSocketFactory = (ClientSocketFactory) newInstance;
            } catch (Exception e) {
                throw new IllegalArgumentException("An unexpected exception occurred while instantiating a " + property + ": " + e);
            }
        }
    }

    public void initializeTransportFilterClientSocketFactory(GatewaySender gatewaySender) {
        this.clientSocketFactory = new TransportFilterSocketFactory().setGatewayTransportFilters(gatewaySender.getGatewayTransportFilters());
    }
}
