package org.opensaml.ws.soap.client.http;

import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import net.jcip.annotations.ThreadSafe;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/openws-1.5.4.jar:org/opensaml/ws/soap/client/http/TLSProtocolSocketFactory.class
 */
@ThreadSafe
/* loaded from: input_file:WEB-INF/lib/opensaml-2.6.4.wso2v5.jar:org/opensaml/ws/soap/client/http/TLSProtocolSocketFactory.class */
public class TLSProtocolSocketFactory implements SecureProtocolSocketFactory {
    private X509KeyManager[] keyManagers;
    private X509TrustManager[] trustManagers;
    private SecureRandom secureRandom;
    private HostnameVerifier hostnameVerifier;
    private SSLContext sslContext;

    public TLSProtocolSocketFactory(X509KeyManager x509KeyManager, X509TrustManager x509TrustManager) throws IllegalArgumentException {
        this(x509KeyManager, x509TrustManager, null);
    }

    public TLSProtocolSocketFactory(X509KeyManager x509KeyManager, X509TrustManager x509TrustManager, HostnameVerifier hostnameVerifier) throws IllegalArgumentException {
        this.keyManagers = new X509KeyManager[]{x509KeyManager};
        if (x509TrustManager != null) {
            this.trustManagers = new X509TrustManager[]{x509TrustManager};
        } else {
            this.trustManagers = null;
        }
        this.hostnameVerifier = hostnameVerifier;
        this.secureRandom = null;
        init();
    }

    public TLSProtocolSocketFactory(X509KeyManager[] x509KeyManagerArr, X509TrustManager[] x509TrustManagerArr, HostnameVerifier hostnameVerifier, SecureRandom secureRandom) throws IllegalArgumentException {
        this.keyManagers = x509KeyManagerArr;
        this.trustManagers = x509TrustManagerArr;
        this.hostnameVerifier = hostnameVerifier;
        this.secureRandom = secureRandom;
        init();
    }

    protected void init() throws IllegalArgumentException {
        try {
            this.sslContext = SSLContext.getInstance("SSL");
            this.sslContext.init(this.keyManagers, this.trustManagers, this.secureRandom);
        } catch (GeneralSecurityException e) {
            throw new IllegalArgumentException("Error create SSL context", e);
        }
    }

    @Override // org.apache.commons.httpclient.protocol.ProtocolSocketFactory
    public Socket createSocket(String str, int i) throws IOException {
        Socket createSocket = this.sslContext.getSocketFactory().createSocket(str, i);
        verifyHostname(createSocket);
        return createSocket;
    }

    @Override // org.apache.commons.httpclient.protocol.ProtocolSocketFactory
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException {
        Socket createSocket = this.sslContext.getSocketFactory().createSocket(str, i, inetAddress, i2);
        verifyHostname(createSocket);
        return createSocket;
    }

    @Override // org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory
    public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException {
        Socket createSocket = this.sslContext.getSocketFactory().createSocket(socket, str, i, z);
        verifyHostname(socket);
        return createSocket;
    }

    @Override // org.apache.commons.httpclient.protocol.ProtocolSocketFactory
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2, HttpConnectionParams httpConnectionParams) throws IOException {
        if (httpConnectionParams == null) {
            throw new IllegalArgumentException("Parameters may not be null");
        }
        int connectionTimeout = httpConnectionParams.getConnectionTimeout();
        SSLSocketFactory socketFactory = this.sslContext.getSocketFactory();
        if (connectionTimeout == 0) {
            Socket createSocket = socketFactory.createSocket(str, i, inetAddress, i2);
            verifyHostname(createSocket);
            return createSocket;
        }
        Socket createSocket2 = socketFactory.createSocket();
        InetSocketAddress inetSocketAddress = new InetSocketAddress(inetAddress, i2);
        InetSocketAddress inetSocketAddress2 = new InetSocketAddress(str, i);
        createSocket2.bind(inetSocketAddress);
        createSocket2.connect(inetSocketAddress2, connectionTimeout);
        verifyHostname(createSocket2);
        return createSocket2;
    }

    public boolean equals(Object obj) {
        return obj != null && obj.getClass().equals(getClass());
    }

    public int hashCode() {
        return getClass().hashCode();
    }

    protected void verifyHostname(Socket socket) throws SSLException {
        if (this.hostnameVerifier != null && (socket instanceof SSLSocket)) {
            SSLSocket sSLSocket = (SSLSocket) socket;
            try {
                SSLSession session = sSLSocket.getSession();
                String peerHost = session.getPeerHost();
                if (this.hostnameVerifier.verify(peerHost, session)) {
                } else {
                    throw new SSLPeerUnverifiedException("SSL peer failed hostname validation for name: " + peerHost);
                }
            } catch (SSLException e) {
                cleanUpFailedSocket(sSLSocket);
                throw e;
            } catch (Throwable th) {
                cleanUpFailedSocket(sSLSocket);
                throw new SSLException("Error in hostname verification", th);
            }
        }
    }

    protected void cleanUpFailedSocket(SSLSocket sSLSocket) {
        try {
            sSLSocket.close();
        } catch (IOException e) {
        }
    }
}
