package org.apache.synapse.transport.nhttp.config;

import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamException;
import org.apache.axiom.om.OMAttribute;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.description.Parameter;
import org.apache.axis2.description.TransportOutDescription;
import org.apache.axis2.transport.base.ParamUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.params.HttpParams;
import org.apache.synapse.commons.crypto.CryptoConstants;
import org.apache.synapse.transport.certificatevalidation.RevocationVerificationManager;
import org.apache.synapse.transport.exceptions.InvalidConfigurationException;
import org.apache.synapse.transport.http.conn.ClientConnFactory;
import org.apache.synapse.transport.http.conn.ClientSSLSetupHandler;
import org.apache.synapse.transport.http.conn.SSLContextDetails;
import org.apache.synapse.transport.nhttp.NhttpConstants;
import org.apache.synapse.transport.nhttp.NoValidateCertTrustManager;
import org.apache.synapse.transport.nhttp.util.SecureVaultValueReader;
import org.apache.ws.security.WSConstants;
import org.wso2.securevault.SecretResolver;
import org.wso2.securevault.SecretResolverFactory;
import org.wso2.securevault.SecureVaultException;

/* loaded from: input_file:WEB-INF/lib/synapse-nhttp-transport-2.1.7-wso2v101.jar:org/apache/synapse/transport/nhttp/config/ClientConnFactoryBuilder.class */
public class ClientConnFactoryBuilder {
    private static final Log log = LogFactory.getLog(ClientConnFactoryBuilder.class);
    private final TransportOutDescription transportOut;
    private final String name;
    private SSLContextDetails ssl;
    private Map<String, SSLContext> sslByHostMap;
    private ConfigurationContext configurationContext;

    public ClientConnFactoryBuilder(TransportOutDescription transportOutDescription, ConfigurationContext configurationContext) {
        this(transportOutDescription);
        this.configurationContext = configurationContext;
    }

    public ClientConnFactoryBuilder(TransportOutDescription transportOutDescription) {
        this.ssl = null;
        this.sslByHostMap = null;
        this.transportOut = transportOutDescription;
        this.name = transportOutDescription.getName().toUpperCase(Locale.US);
    }

    public ClientConnFactoryBuilder parseSSL() throws AxisFault {
        Parameter parameter = this.transportOut.getParameter("keystore");
        Parameter parameter2 = this.transportOut.getParameter("truststore");
        Parameter parameter3 = this.transportOut.getParameter("HttpsProtocols");
        Parameter parameter4 = this.transportOut.getParameter(NhttpConstants.PREFERRED_CIPHERS);
        OMElement oMElement = null;
        OMElement firstElement = parameter != null ? parameter.getParameterElement().getFirstElement() : null;
        boolean optionalParamBoolean = ParamUtils.getOptionalParamBoolean(this.transportOut, "novalidatecert", false);
        if (parameter2 != null) {
            if (optionalParamBoolean && log.isWarnEnabled()) {
                log.warn(this.name + " Ignoring novalidatecert parameter since a truststore has been specified");
            }
            oMElement = parameter2.getParameterElement().getFirstElement();
        }
        SSLContext createSSLContext = createSSLContext(firstElement, oMElement, optionalParamBoolean);
        Parameter parameter5 = this.transportOut.getParameter("HostnameVerifier");
        String obj = parameter5 != null ? parameter5.getValue().toString() : null;
        X509HostnameVerifier x509HostnameVerifier = "Strict".equalsIgnoreCase(obj) ? ClientSSLSetupHandler.STRICT : "AllowAll".equalsIgnoreCase(obj) ? ClientSSLSetupHandler.ALLOW_ALL : "DefaultAndLocalhost".equalsIgnoreCase(obj) ? ClientSSLSetupHandler.DEFAULT_AND_LOCALHOST : ClientSSLSetupHandler.DEFAULT;
        Parameter parameter6 = this.transportOut.getParameter("CertificateRevocationVerifier");
        RevocationVerificationManager revocationVerificationManager = null;
        if ("true".equalsIgnoreCase(parameter6 != null ? parameter6.getParameterElement().getAttribute(new QName("enable")).getAttributeValue() : null)) {
            String text = parameter6.getParameterElement().getFirstChildWithName(new QName("CacheSize")).getText();
            String text2 = parameter6.getParameterElement().getFirstChildWithName(new QName("CacheDelay")).getText();
            Integer num = null;
            Integer num2 = null;
            try {
                num = new Integer(text);
                num2 = new Integer(text2);
            } catch (NumberFormatException e) {
            }
            revocationVerificationManager = new RevocationVerificationManager(num, num2);
        }
        OMElement parameterElement = parameter3 != null ? parameter3.getParameterElement() : null;
        String[] strArr = null;
        String text3 = parameterElement != null ? parameterElement.getText() : null;
        if (text3 != null && text3.trim().length() != 0) {
            String[] split = text3.trim().split(",");
            ArrayList arrayList = new ArrayList(split.length);
            for (String str : split) {
                if (!str.trim().isEmpty()) {
                    arrayList.add(str.trim());
                }
            }
            strArr = (String[]) arrayList.toArray(new String[arrayList.size()]);
        }
        ClientSSLSetupHandler clientSSLSetupHandler = new ClientSSLSetupHandler(x509HostnameVerifier, revocationVerificationManager);
        if (null != strArr) {
            clientSSLSetupHandler.setHttpsProtocols(strArr);
        }
        OMElement parameterElement2 = parameter4 != null ? parameter4.getParameterElement() : null;
        String text4 = parameterElement2 != null ? parameterElement2.getText() : null;
        if (text4 != null && text4.trim().length() != 0) {
            String[] split2 = text4.trim().split(",");
            ArrayList arrayList2 = new ArrayList(split2.length);
            for (String str2 : split2) {
                String trim = str2.trim();
                if (!trim.isEmpty()) {
                    arrayList2.add(trim);
                }
            }
            clientSSLSetupHandler.setPreferredCiphers((String[]) arrayList2.toArray(new String[arrayList2.size()]));
        }
        this.ssl = new SSLContextDetails(createSSLContext, clientSSLSetupHandler);
        this.sslByHostMap = getCustomSSLContexts(this.transportOut);
        return this;
    }

    private Map<String, SSLContext> getCustomSSLContexts(TransportOutDescription transportOutDescription) throws AxisFault {
        Parameter parameter = loadDynamicSSLConfig(transportOutDescription).getParameter("customSSLProfiles");
        if (parameter == null) {
            return null;
        }
        if (log.isInfoEnabled()) {
            log.info(this.name + " Loading custom SSL profiles for the HTTPS sender");
        }
        OMElement parameterElement = parameter.getParameterElement();
        SecretResolver create = SecretResolverFactory.create(parameterElement, true);
        Iterator childrenWithName = parameterElement.getChildrenWithName(new QName("profile"));
        HashMap hashMap = new HashMap();
        while (childrenWithName.hasNext()) {
            OMElement oMElement = (OMElement) childrenWithName.next();
            OMElement firstChildWithName = oMElement.getFirstChildWithName(new QName("servers"));
            if (firstChildWithName == null || firstChildWithName.getText() == null) {
                log.error(this.name + " Each custom SSL profile must define at least one host:port pair under the servers element");
                throw new AxisFault("Each custom SSL profile must define at least one host:port pair under the servers element");
            }
            String[] split = firstChildWithName.getText().split(",");
            try {
                SSLContext createSSLContext = createSSLContext(oMElement.getFirstChildWithName(new QName("KeyStore")), oMElement.getFirstChildWithName(new QName("TrustStore")), "true".equals(oMElement.getAttributeValue(new QName("novalidatecert"))), create);
                for (String str : split) {
                    String trim = str.trim();
                    if (!hashMap.containsKey(trim)) {
                        hashMap.put(trim, createSSLContext);
                    } else if (log.isWarnEnabled()) {
                        log.warn(this.name + " Multiple SSL profiles were found for the server : " + trim + ". Ignoring the excessive profiles.");
                    }
                }
            } catch (AxisFault e) {
                throw new InvalidConfigurationException("Error occurred while creating SSL context for the servers " + firstChildWithName.getText(), e);
            }
        }
        if (hashMap.size() <= 0) {
            return null;
        }
        if (log.isInfoEnabled()) {
            log.info(this.name + " Custom SSL profiles initialized for " + hashMap.size() + " servers");
        }
        return hashMap;
    }

    /* JADX WARN: Finally extract failed */
    private SSLContext createSSLContext(OMElement oMElement, OMElement oMElement2, boolean z) throws AxisFault {
        KeyManager[] keyManagerArr = null;
        TrustManager[] trustManagerArr = null;
        SecretResolver create = (this.configurationContext == null || this.configurationContext.getAxisConfiguration() == null) ? SecretResolverFactory.create(oMElement, false) : this.configurationContext.getAxisConfiguration().getSecretResolver();
        if (oMElement != null) {
            String text = oMElement.getFirstChildWithName(new QName("Location")).getText();
            String text2 = oMElement.getFirstChildWithName(new QName("Type")).getText();
            OMElement firstChildWithName = oMElement.getFirstChildWithName(new QName(WSConstants.PASSWORD_LN));
            OMElement firstChildWithName2 = oMElement.getFirstChildWithName(new QName("KeyPassword"));
            if (firstChildWithName == null) {
                throw new AxisFault("Cannot proceed because Password element is missing in KeyStore");
            }
            if (firstChildWithName2 == null) {
                throw new AxisFault("Cannot proceed because KeyPassword element is missing in KeyStore");
            }
            String secureVaultValue = SecureVaultValueReader.getSecureVaultValue(create, firstChildWithName);
            String secureVaultValue2 = SecureVaultValueReader.getSecureVaultValue(create, firstChildWithName2);
            FileInputStream fileInputStream = null;
            try {
                try {
                    try {
                        KeyStore keyStore = KeyStore.getInstance(text2);
                        fileInputStream = new FileInputStream(text);
                        if (log.isDebugEnabled()) {
                            log.debug(this.name + " Loading Identity Keystore from : " + text);
                        }
                        keyStore.load(fileInputStream, secureVaultValue.toCharArray());
                        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                        keyManagerFactory.init(keyStore, secureVaultValue2.toCharArray());
                        keyManagerArr = keyManagerFactory.getKeyManagers();
                        if (fileInputStream != null) {
                            try {
                                fileInputStream.close();
                            } catch (IOException e) {
                            }
                        }
                    } catch (IOException e2) {
                        log.error(this.name + " Error opening Keystore : " + text, e2);
                        throw new AxisFault("Error opening Keystore : " + text, e2);
                    }
                } catch (Throwable th) {
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e3) {
                        }
                    }
                    throw th;
                }
            } catch (GeneralSecurityException e4) {
                log.error(this.name + " Error loading Keystore : " + text, e4);
                throw new AxisFault("Error loading Keystore : " + text, e4);
            }
        }
        if (oMElement2 != null) {
            if (z && log.isWarnEnabled()) {
                log.warn(this.name + " Ignoring novalidatecert parameter since a truststore has been specified");
            }
            String text3 = oMElement2.getFirstChildWithName(new QName("Location")).getText();
            String text4 = oMElement2.getFirstChildWithName(new QName("Type")).getText();
            OMElement firstChildWithName3 = oMElement2.getFirstChildWithName(new QName(WSConstants.PASSWORD_LN));
            if (firstChildWithName3 == null) {
                throw new AxisFault("Cannot proceed because Password element is missing in TrustStore");
            }
            String secureVaultValue3 = SecureVaultValueReader.getSecureVaultValue(create, firstChildWithName3);
            FileInputStream fileInputStream2 = null;
            try {
                try {
                    try {
                        KeyStore keyStore2 = KeyStore.getInstance(text4);
                        fileInputStream2 = new FileInputStream(text3);
                        if (log.isDebugEnabled()) {
                            log.debug(this.name + " Loading Trust Keystore from : " + text3);
                        }
                        keyStore2.load(fileInputStream2, secureVaultValue3.toCharArray());
                        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                        trustManagerFactory.init(keyStore2);
                        trustManagerArr = trustManagerFactory.getTrustManagers();
                        if (fileInputStream2 != null) {
                            try {
                                fileInputStream2.close();
                            } catch (IOException e5) {
                            }
                        }
                    } catch (GeneralSecurityException e6) {
                        log.error(this.name + " Error loading Key store : " + text3, e6);
                        throw new AxisFault("Error loading Key store : " + text3, e6);
                    }
                } catch (Throwable th2) {
                    if (fileInputStream2 != null) {
                        try {
                            fileInputStream2.close();
                        } catch (IOException e7) {
                        }
                    }
                    throw th2;
                }
            } catch (IOException e8) {
                log.error(this.name + " Error opening Key store : " + text3, e8);
                throw new AxisFault("Error opening Key store : " + text3, e8);
            }
        } else if (z) {
            if (log.isWarnEnabled()) {
                log.warn(this.name + " Server certificate validation (trust) has been disabled. DO NOT USE IN PRODUCTION!");
            }
            trustManagerArr = new TrustManager[]{new NoValidateCertTrustManager()};
        }
        try {
            Parameter parameter = this.transportOut.getParameter("SSLProtocol");
            SSLContext sSLContext = SSLContext.getInstance(parameter != null ? parameter.getValue().toString() : "TLS");
            sSLContext.init(keyManagerArr, trustManagerArr, null);
            return sSLContext;
        } catch (GeneralSecurityException e9) {
            log.error(this.name + " Unable to create SSL context with the given configuration", e9);
            throw new AxisFault("Unable to create SSL context with the given configuration", e9);
        }
    }

    private SSLContext createSSLContext(OMElement oMElement, OMElement oMElement2, boolean z, SecretResolver secretResolver) throws AxisFault {
        FileInputStream fileInputStream;
        KeyManager[] keyManagerArr = null;
        TrustManager[] trustManagerArr = null;
        if (oMElement != null) {
            String text = oMElement.getFirstChildWithName(new QName("Location")).getText();
            String text2 = oMElement.getFirstChildWithName(new QName("Type")).getText();
            String secureVaultValue = SecureVaultValueReader.getSecureVaultValue(secretResolver, oMElement.getFirstChildWithName(new QName(WSConstants.PASSWORD_LN)));
            String secureVaultValue2 = SecureVaultValueReader.getSecureVaultValue(secretResolver, oMElement.getFirstChildWithName(new QName("KeyPassword")));
            try {
                fileInputStream = new FileInputStream(text);
                Throwable th = null;
                try {
                    try {
                        KeyStore keyStore = KeyStore.getInstance(text2);
                        if (log.isDebugEnabled()) {
                            log.debug(this.name + " Loading Identity Keystore from : " + text);
                        }
                        keyStore.load(fileInputStream, secureVaultValue.toCharArray());
                        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                        keyManagerFactory.init(keyStore, secureVaultValue2.toCharArray());
                        keyManagerArr = keyManagerFactory.getKeyManagers();
                        if (fileInputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            } catch (IOException e) {
                log.error(this.name + " Error opening Keystore : " + text, e);
                throw new AxisFault("Error opening Keystore : " + text, e);
            } catch (GeneralSecurityException e2) {
                log.error(this.name + " Error loading Keystore : " + text, e2);
                throw new AxisFault("Error loading Keystore : " + text, e2);
            }
        }
        if (oMElement2 != null) {
            if (z && log.isWarnEnabled()) {
                log.warn(this.name + " Ignoring novalidatecert parameter since a truststore has been specified");
            }
            String text3 = oMElement2.getFirstChildWithName(new QName("Location")).getText();
            String text4 = oMElement2.getFirstChildWithName(new QName("Type")).getText();
            String secureVaultValue3 = getSecureVaultValue(secretResolver, oMElement2.getFirstChildWithName(new QName(WSConstants.PASSWORD_LN)));
            try {
                fileInputStream = new FileInputStream(text3);
                Throwable th3 = null;
                try {
                    try {
                        KeyStore keyStore2 = KeyStore.getInstance(text4);
                        if (log.isDebugEnabled()) {
                            log.debug(this.name + " Loading Trust Keystore from : " + text3);
                        }
                        keyStore2.load(fileInputStream, secureVaultValue3.toCharArray());
                        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                        trustManagerFactory.init(keyStore2);
                        trustManagerArr = trustManagerFactory.getTrustManagers();
                        if (fileInputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th4) {
                                    th3.addSuppressed(th4);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                    if (fileInputStream != null) {
                        if (th3 != null) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th5) {
                                th3.addSuppressed(th5);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                }
            } catch (IOException e3) {
                log.error(this.name + " Error opening Key store : " + text3, e3);
                throw new AxisFault("Error opening Key store : " + text3, e3);
            } catch (GeneralSecurityException e4) {
                log.error(this.name + " Error loading Key store : " + text3, e4);
                throw new AxisFault("Error loading Key store : " + text3, e4);
            }
        } else if (z) {
            if (log.isWarnEnabled()) {
                log.warn(this.name + " Server certificate validation (trust) has been disabled. DO NOT USE IN PRODUCTION!");
            }
            trustManagerArr = new TrustManager[]{new NoValidateCertTrustManager()};
        }
        try {
            Parameter parameter = this.transportOut.getParameter("SSLProtocol");
            SSLContext sSLContext = SSLContext.getInstance(parameter != null ? parameter.getValue().toString() : "TLS");
            sSLContext.init(keyManagerArr, trustManagerArr, null);
            return sSLContext;
        } catch (GeneralSecurityException e5) {
            log.error(this.name + " Unable to create SSL context with the given configuration", e5);
            throw new AxisFault("Unable to create SSL context with the given configuration", e5);
        }
    }

    public ClientConnFactory createConnFactory(HttpParams httpParams) {
        return this.ssl != null ? new ClientConnFactory(this.ssl, this.sslByHostMap, httpParams) : new ClientConnFactory(httpParams);
    }

    public TransportOutDescription loadDynamicSSLConfig(TransportOutDescription transportOutDescription) {
        Parameter parameter = transportOutDescription.getParameter("dynamicSSLProfilesConfig");
        if (parameter == null) {
            return transportOutDescription;
        }
        String text = parameter.getParameterElement().getFirstChildWithName(new QName("filePath")).getText();
        if (text == null) {
            return null;
        }
        try {
            String str = System.getProperty("user.dir") + (text.startsWith(System.getProperty("file.separator")) ? "" : System.getProperty("file.separator")) + text;
            OMElement documentElement = new StAXOMBuilder(str).getDocumentElement();
            Parameter parameter2 = new Parameter();
            parameter2.setParameterElement(documentElement);
            parameter2.setName("customSSLProfiles");
            parameter2.setValue(documentElement);
            transportOutDescription.addParameter(parameter2);
            log.info("customSSLProfiles configuration is loaded from path: " + str);
            return transportOutDescription;
        } catch (FileNotFoundException e) {
            log.error("FileNotFoundException - Could not load customSSLProfiles from file path: " + text, e);
            return null;
        } catch (XMLStreamException e2) {
            log.error("XMLStreamException - Could not load customSSLProfiles from file path: " + text, e2);
            return null;
        } catch (Exception e3) {
            log.error("Exception - Could not load customSSLProfiles from file path: " + text, e3);
            return null;
        } catch (AxisFault e4) {
            log.error("AxisFault - Could not load customSSLProfiles from file path: " + text, e4);
            return null;
        }
    }

    private String getSecureVaultValue(SecretResolver secretResolver, OMElement oMElement) {
        String str = null;
        if (oMElement != null) {
            OMAttribute attribute = oMElement.getAttribute(new QName(CryptoConstants.SECUREVAULT_NAMESPACE, "secretAlias"));
            if (attribute == null || attribute.getAttributeValue() == null || attribute.getAttributeValue().isEmpty()) {
                str = oMElement.getText();
            } else {
                if (secretResolver == null) {
                    throw new SecureVaultException("Cannot resolve secret password because axis2 secret resolver is null");
                }
                if (secretResolver.isTokenProtected(attribute.getAttributeValue())) {
                    str = secretResolver.resolve(attribute.getAttributeValue());
                }
            }
        }
        return str;
    }
}
