package org.apache.qpid.server.util;

import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import org.apache.qpid.server.transport.TransportException;
import org.apache.qpid.server.transport.network.security.ssl.SSLUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/qpid/server/util/ConnectionBuilder.class */
public class ConnectionBuilder {
    private static final Logger LOGGER = LoggerFactory.getLogger(ConnectionBuilder.class);
    private final URL _url;
    private int _connectTimeout;
    private int _readTimeout;
    private TrustManager[] _trustMangers;
    private List<String> _tlsProtocolWhiteList;
    private List<String> _tlsProtocolBlackList;
    private List<String> _tlsCipherSuiteWhiteList;
    private List<String> _tlsCipherSuiteBlackList;

    public ConnectionBuilder(URL url) {
        this._url = url;
    }

    public ConnectionBuilder setConnectTimeout(int i) {
        this._connectTimeout = i;
        return this;
    }

    public ConnectionBuilder setReadTimeout(int i) {
        this._readTimeout = i;
        return this;
    }

    public ConnectionBuilder setTrustMangers(TrustManager[] trustManagerArr) {
        this._trustMangers = trustManagerArr;
        return this;
    }

    public ConnectionBuilder setTlsProtocolWhiteList(List<String> list) {
        this._tlsProtocolWhiteList = list;
        return this;
    }

    public ConnectionBuilder setTlsProtocolBlackList(List<String> list) {
        this._tlsProtocolBlackList = list;
        return this;
    }

    public ConnectionBuilder setTlsCipherSuiteWhiteList(List<String> list) {
        this._tlsCipherSuiteWhiteList = list;
        return this;
    }

    public ConnectionBuilder setTlsCipherSuiteBlackList(List<String> list) {
        this._tlsCipherSuiteBlackList = list;
        return this;
    }

    public HttpURLConnection build() throws IOException {
        HttpURLConnection httpURLConnection = (HttpURLConnection) this._url.openConnection();
        httpURLConnection.setConnectTimeout(this._connectTimeout);
        httpURLConnection.setReadTimeout(this._readTimeout);
        if (this._trustMangers != null && this._trustMangers.length > 0) {
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) httpURLConnection;
            try {
                SSLContext tryGetSSLContext = SSLUtil.tryGetSSLContext();
                tryGetSSLContext.init(null, this._trustMangers, null);
                httpsURLConnection.setSSLSocketFactory(tryGetSSLContext.getSocketFactory());
                httpsURLConnection.setHostnameVerifier(new HostnameVerifier() { // from class: org.apache.qpid.server.util.ConnectionBuilder.1
                    @Override // javax.net.ssl.HostnameVerifier
                    public boolean verify(String str, SSLSession sSLSession) {
                        try {
                            Certificate certificate = sSLSession.getPeerCertificates()[0];
                            if (certificate instanceof X509Certificate) {
                                SSLUtil.verifyHostname(str, (X509Certificate) certificate);
                                return true;
                            }
                            ConnectionBuilder.LOGGER.warn("Cannot verify peer's hostname as peer does not present a X509Certificate. Presented certificate : {}", certificate);
                            return false;
                        } catch (SSLPeerUnverifiedException | TransportException e) {
                            ConnectionBuilder.LOGGER.warn("Failed to verify peer's hostname (connecting to host {})", str, e);
                            return false;
                        }
                    }
                });
            } catch (GeneralSecurityException e) {
                throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
            }
        }
        if ((this._tlsProtocolWhiteList != null && !this._tlsProtocolWhiteList.isEmpty()) || ((this._tlsProtocolBlackList != null && !this._tlsProtocolBlackList.isEmpty()) || ((this._tlsCipherSuiteWhiteList != null && !this._tlsCipherSuiteWhiteList.isEmpty()) || (this._tlsCipherSuiteBlackList != null && !this._tlsCipherSuiteBlackList.isEmpty())))) {
            HttpsURLConnection httpsURLConnection2 = (HttpsURLConnection) httpURLConnection;
            httpsURLConnection2.setSSLSocketFactory(new CipherSuiteAndProtocolRestrictingSSLSocketFactory(httpsURLConnection2.getSSLSocketFactory(), this._tlsCipherSuiteWhiteList, this._tlsCipherSuiteBlackList, this._tlsProtocolWhiteList, this._tlsProtocolBlackList));
        }
        return httpURLConnection;
    }
}
