package jptools.net.ssl;

import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.SocketException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import jptools.logger.Level;
import jptools.logger.LogInformation;
import jptools.logger.Logger;
import jptools.model.oo.base.IConstraint;
import jptools.net.ProxyInfo;
import jptools.net.ProxyManager;
import jptools.net.ssl.keymanager.JPToolsKeyManager;
import jptools.net.ssl.trustmanager.JPToolsTrustManager;
import jptools.security.cert.PKIUtil;
import jptools.util.ClassInstance;
import jptools.util.RandomGenerator;
import jptools.util.StringHelper;

/* loaded from: input_file:jptools/net/ssl/SSLManager.class */
public class SSLManager {
    private static Logger log = Logger.getLogger(SSLManager.class);
    private LogInformation logInfo;
    private SSLConfig config;
    private SSLContext context;
    private boolean logHandshake;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:jptools/net/ssl/SSLManager$ShakedListener.class */
    public class ShakedListener implements HandshakeCompletedListener {
        private PKIUtil pkiUtil = new PKIUtil();

        public ShakedListener() {
        }

        @Override // javax.net.ssl.HandshakeCompletedListener
        public void handshakeCompleted(HandshakeCompletedEvent handshakeCompletedEvent) {
            LogInformation logInformation = SSLManager.this.getLogInformation();
            Logger logger = SSLManager.this.getLogger();
            if (logger.isDebugEnabled()) {
                logger.debug(logInformation, "Hands Shaked.");
            }
            try {
                Certificate[] peerCertificates = handshakeCompletedEvent.getPeerCertificates();
                if (logger.isDebugEnabled()) {
                    logger.debug(logInformation, "Peer certificates:");
                    logger.increaseHierarchyLevel(logInformation);
                    this.pkiUtil.logCertificate(Level.DEBUG, logInformation, (X509Certificate[]) peerCertificates);
                    logger.decreaseHierarchyLevel(logInformation);
                }
            } catch (SSLPeerUnverifiedException e) {
                logger.error(logInformation, "Error occured during the handshake!", e);
            }
        }
    }

    public SSLManager() {
        this.logHandshake = false;
        this.logInfo = null;
        this.context = null;
        this.config = new SSLConfig();
    }

    public SSLManager(SSLConfig sSLConfig) {
        this();
        this.config = sSLConfig;
    }

    public LogInformation getLogInformation() {
        return this.logInfo;
    }

    public void setLogInformation(LogInformation logInformation) {
        this.context = null;
        this.logInfo = logInformation;
    }

    public SSLConfig getSSLConfig() {
        return this.config;
    }

    public void setSSLConfig(SSLConfig sSLConfig) {
        this.config = sSLConfig;
        this.context = null;
    }

    public SSLContext getSSLContext() throws IOException {
        if (this.context != null) {
            return this.context;
        }
        if (log.isDebugEnabled()) {
            log.debug(getLogInformation(), "Create new SSL context.");
        }
        String property = this.config.getProperty(SSLConfig.PROTOCOL, SSLConfig.DEFAULT_PROTOCOL);
        String str = null;
        if (this.config.exist(SSLConfig.PROVIDER)) {
            str = this.config.getProperty(SSLConfig.PROVIDER);
        }
        if (str != null) {
            try {
                if (str.trim().length() > 0) {
                    this.context = SSLContext.getInstance(property, str);
                    return initializeSSLContect(this.context);
                }
            } catch (KeyManagementException e) {
                log.error(getLogInformation(), "Could not create SSL context, a key management error occured!", e);
                throw new IOException(e.getMessage());
            } catch (KeyStoreException e2) {
                log.error(getLogInformation(), "Could not create SSL context, a key store error occured!", e2);
                throw new IOException(e2.getMessage());
            } catch (NoSuchAlgorithmException e3) {
                log.error(getLogInformation(), "Could not create SSL context, algorithm " + property + " not found for provider " + str + "!", e3);
                throw new IOException(e3.getMessage());
            } catch (NoSuchProviderException e4) {
                log.error(getLogInformation(), "Could not create SSL context, beacuse no provider found with name: " + str + "!", e4);
                throw new IOException(e4.getMessage());
            } catch (UnrecoverableKeyException e5) {
                log.error(getLogInformation(), "Could not create SSL context!", e5);
                throw new IOException(e5.getMessage());
            }
        }
        this.context = SSLContext.getInstance(property);
        return initializeSSLContect(this.context);
    }

    public SSLSessionContext getClientSessionContext() throws IOException {
        return getSSLContext().getClientSessionContext();
    }

    public SSLSessionContext getServerSessionContext() throws IOException {
        return getSSLContext().getServerSessionContext();
    }

    public SSLSocket getSSLSocket(String str, String str2) throws IOException {
        return getSSLSocket(str, str2, getPort(this.config), this.config);
    }

    public SSLSocket getSSLSocket(String str, String str2, int i) throws IOException {
        return i >= 0 ? getSSLSocket(str, str2, i, this.config) : getSSLSocket(str, str2, getPort(this.config), this.config);
    }

    public SSLServerSocket getSSLServerSocket() throws IOException {
        return getServerSocket(null, null);
    }

    public SSLServerSocket getSSLServerSocket(SSLConfig sSLConfig) throws IOException {
        return getServerSocket(null, sSLConfig);
    }

    public SSLServerSocket getServerSocket(InetAddress inetAddress, SSLConfig sSLConfig) throws IOException {
        SSLServerSocket sSLServerSocket;
        if (log.isDebugEnabled()) {
            log.debug(getLogInformation(), "Create new SSL server socket.");
        }
        SSLServerSocketFactory serverSocketFactory = getSSLContext().getServerSocketFactory();
        if (sSLConfig.exist(SSLConfig.BACKLOG)) {
            int integer = getInteger(sSLConfig, SSLConfig.BACKLOG);
            sSLServerSocket = inetAddress == null ? (SSLServerSocket) serverSocketFactory.createServerSocket(getPort(sSLConfig), integer) : (SSLServerSocket) serverSocketFactory.createServerSocket(getPort(sSLConfig), integer, inetAddress);
        } else {
            sSLServerSocket = (SSLServerSocket) serverSocketFactory.createServerSocket(getPort(sSLConfig));
        }
        return initializeSocket(sSLServerSocket, sSLConfig);
    }

    protected SSLSocket getSSLSocket(String str, String str2, int i, SSLConfig sSLConfig) throws IOException {
        SSLSocket sSLSocket;
        if (log.isDebugEnabled()) {
            log.debug(getLogInformation(), "Create new SSL socket.");
        }
        SSLSocketFactory socketFactory = getSSLContext().getSocketFactory();
        String property = System.getProperty(str + ".proxyHost");
        if (property == null || property.trim().length() <= 0) {
            sSLSocket = (SSLSocket) socketFactory.createSocket(str2, i);
        } else {
            int i2 = 80;
            String property2 = System.getProperty(str + ".proxyPort");
            if (property2 != null && property2.trim().length() > 0) {
                i2 = Integer.parseInt(property2);
            }
            Socket createProxySocket = ProxyManager.createProxySocket(this.logInfo, new ProxyInfo(property, i2), str2, i);
            log.debug(getLogInformation(), "Create real socket...");
            sSLSocket = (SSLSocket) socketFactory.createSocket(createProxySocket, str2, i, true);
        }
        SSLSocket initializeSocket = initializeSocket(sSLSocket, sSLConfig);
        if (getBoolean(sSLConfig, SSLConfig.VERIFY_HOSTNAME)) {
            sSLConfig.setProperty(SSLConfig.HOST_TO_VERIFY, str2);
        }
        if (this.logHandshake) {
            initializeSocket.addHandshakeCompletedListener(new ShakedListener());
        }
        initializeSocket.addHandshakeCompletedListener(new HandshakeCompletedListener() { // from class: jptools.net.ssl.SSLManager.1
            @Override // javax.net.ssl.HandshakeCompletedListener
            public void handshakeCompleted(HandshakeCompletedEvent handshakeCompletedEvent) {
                SSLManager.this.getLogger().debug(SSLManager.this.getLogInformation(), "Handshake finished!\n  CipherSuite:" + handshakeCompletedEvent.getCipherSuite() + "\n  SessionId " + handshakeCompletedEvent.getSession() + "\n  PeerHost " + handshakeCompletedEvent.getSession().getPeerHost());
            }
        });
        initializeSocket.startHandshake();
        return initializeSocket;
    }

    private SSLContext initializeSSLContect(SSLContext sSLContext) throws KeyManagementException, KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        KeyManager[] jPToolsKeyManager;
        TrustManager[] jPToolsTrustManager;
        SecureRandom secureRandom = RandomGenerator.getInstance().getSecureRandom();
        if (!this.config.getPropertyAsBoolean(SSLConfig.USE_KEYSTORE, "false")) {
            jPToolsKeyManager = getJPToolsKeyManager();
            jPToolsTrustManager = getJPToolsTrustManager();
        } else {
            if (!this.config.exist(SSLConfig.KEYSTORE_PASSWORD)) {
                throw new KeyManagementException("Could not found password in configuration!");
            }
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(this.config.getProperty(SSLConfig.KEYMANAGER_FACTORY_PROVIDER, "SunX509"));
            KeyStore keyStore = KeyStore.getInstance(this.config.getProperty(SSLConfig.KEYSTORE_NAME, SSLConfig.DEFAULT_KEYSTORE_NAME));
            keyManagerFactory.init(keyStore, this.config.getProperty(SSLConfig.KEYSTORE_PASSWORD).toCharArray());
            jPToolsKeyManager = keyManagerFactory.getKeyManagers();
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(this.config.getProperty(SSLConfig.TRUSTMANAGER_FACTORY_PROVIDER, "SunX509"));
            trustManagerFactory.init(keyStore);
            jPToolsTrustManager = trustManagerFactory.getTrustManagers();
        }
        sSLContext.init(jPToolsKeyManager, jPToolsTrustManager, secureRandom);
        return sSLContext;
    }

    private TrustManager[] getJPToolsTrustManager() {
        boolean z = getBoolean(this.config, SSLConfig.CHECK_SERVER_CERTIFICATE);
        String property = this.config.getProperty(SSLConfig.TRUSTMANAGER, SSLConfig.DEFAULT_TRUSTMANAGER);
        log.debug(getLogInformation(), "Trust manager settings\n  check server certficate: " + z + "\n  TrustManager           : " + property);
        TrustManager[] trustManagerArr = null;
        try {
            JPToolsTrustManager jPToolsTrustManager = (JPToolsTrustManager) ClassInstance.getInstance(property);
            jPToolsTrustManager.setLogInformation(getLogInformation());
            jPToolsTrustManager.setSSLConfig(getSSLConfig());
            trustManagerArr = new TrustManager[]{jPToolsTrustManager};
        } catch (Exception e) {
            log.error(getLogInformation(), "Could not initialize the trustmanager: " + property + "!", e);
        }
        return trustManagerArr;
    }

    private KeyManager[] getJPToolsKeyManager() {
        String property = this.config.getProperty(SSLConfig.KEYMANAGER, SSLConfig.DEFAULT_KEYMANAGER);
        log.debug(getLogInformation(), "Key manager settings\n  KeyManager             : " + property);
        KeyManager[] keyManagerArr = null;
        try {
            JPToolsKeyManager jPToolsKeyManager = (JPToolsKeyManager) ClassInstance.getInstance(property);
            jPToolsKeyManager.setLogInformation(getLogInformation());
            jPToolsKeyManager.setSSLConfig(getSSLConfig());
            keyManagerArr = new KeyManager[]{jPToolsKeyManager};
        } catch (Exception e) {
            log.error(getLogInformation(), "Could not initialize the keymanager: " + property + "!", e);
        }
        return keyManagerArr;
    }

    private SSLSocket initializeSocket(SSLSocket sSLSocket, SSLConfig sSLConfig) throws SocketException {
        int integer;
        int integer2;
        int integer3;
        if (sSLConfig.exist(SSLConfig.TCP_NO_DELAY)) {
            sSLSocket.setTcpNoDelay(getBoolean(sSLConfig, SSLConfig.TCP_NO_DELAY));
        }
        if (sSLConfig.exist(SSLConfig.KEEP_ALIVE)) {
            sSLSocket.setKeepAlive(getBoolean(sSLConfig, SSLConfig.KEEP_ALIVE));
        }
        if (sSLConfig.exist(SSLConfig.NEED_CLIENT_AUTH)) {
            sSLSocket.setNeedClientAuth(getBoolean(sSLConfig, SSLConfig.NEED_CLIENT_AUTH));
        }
        if (sSLConfig.exist(SSLConfig.USE_CLIENT_MODE)) {
            sSLSocket.setUseClientMode(getBoolean(sSLConfig, SSLConfig.USE_CLIENT_MODE));
        }
        if (sSLConfig.exist(SSLConfig.WANT_CLIENT_AUTH)) {
            sSLSocket.setWantClientAuth(getBoolean(sSLConfig, SSLConfig.WANT_CLIENT_AUTH));
        }
        if (sSLConfig.exist(SSLConfig.REUSE_ADDRESS)) {
            sSLSocket.setReuseAddress(getBoolean(sSLConfig, SSLConfig.REUSE_ADDRESS));
        }
        if (sSLConfig.exist(SSLConfig.TIMEOUT) && (integer3 = getInteger(sSLConfig, SSLConfig.TIMEOUT)) > 0) {
            sSLSocket.setSoTimeout(integer3);
        }
        if (sSLConfig.exist(SSLConfig.RECEIVE_BUFFER_SIZE) && (integer2 = getInteger(sSLConfig, SSLConfig.RECEIVE_BUFFER_SIZE)) > 0) {
            sSLSocket.setReceiveBufferSize(integer2);
        }
        if (sSLConfig.exist(SSLConfig.SEND_BUFFER_SIZE) && (integer = getInteger(sSLConfig, SSLConfig.SEND_BUFFER_SIZE)) > 0) {
            sSLSocket.setSendBufferSize(integer);
        }
        if (sSLConfig.exist(SSLConfig.TRAFFIC_CLASS)) {
            sSLSocket.setTrafficClass(getInteger(sSLConfig, SSLConfig.TRAFFIC_CLASS));
        }
        if (sSLConfig.exist(SSLConfig.ENABLED_CIPHER_SUITES)) {
            sSLSocket.setEnabledCipherSuites(getStringArray(sSLConfig, SSLConfig.ENABLED_CIPHER_SUITES));
        }
        if (sSLConfig.exist(SSLConfig.ENABLED_CIPHER_PROTOCOLS)) {
            sSLSocket.setEnabledProtocols(getStringArray(sSLConfig, SSLConfig.ENABLED_CIPHER_PROTOCOLS));
        }
        return sSLSocket;
    }

    private SSLServerSocket initializeSocket(SSLServerSocket sSLServerSocket, SSLConfig sSLConfig) throws SocketException {
        int integer;
        int integer2;
        if (sSLConfig.exist(SSLConfig.ENABLED_SESSION_CREATION)) {
            sSLServerSocket.setEnableSessionCreation(getBoolean(sSLConfig, SSLConfig.ENABLED_SESSION_CREATION));
        }
        if (sSLConfig.exist(SSLConfig.NEED_CLIENT_AUTH)) {
            sSLServerSocket.setNeedClientAuth(getBoolean(sSLConfig, SSLConfig.NEED_CLIENT_AUTH));
        }
        if (sSLConfig.exist(SSLConfig.USE_CLIENT_MODE)) {
            sSLServerSocket.setUseClientMode(getBoolean(sSLConfig, SSLConfig.USE_CLIENT_MODE));
        }
        if (sSLConfig.exist(SSLConfig.WANT_CLIENT_AUTH)) {
            sSLServerSocket.setWantClientAuth(getBoolean(sSLConfig, SSLConfig.WANT_CLIENT_AUTH));
        }
        if (sSLConfig.exist(SSLConfig.REUSE_ADDRESS)) {
            sSLServerSocket.setReuseAddress(getBoolean(sSLConfig, SSLConfig.REUSE_ADDRESS));
        }
        if (sSLConfig.exist(SSLConfig.TIMEOUT) && (integer2 = getInteger(sSLConfig, SSLConfig.TIMEOUT)) > 0) {
            sSLServerSocket.setSoTimeout(integer2);
        }
        if (sSLConfig.exist(SSLConfig.RECEIVE_BUFFER_SIZE) && (integer = getInteger(sSLConfig, SSLConfig.RECEIVE_BUFFER_SIZE)) > 0) {
            sSLServerSocket.setReceiveBufferSize(integer);
        }
        if (sSLConfig.exist(SSLConfig.ENABLED_CIPHER_SUITES)) {
            sSLServerSocket.setEnabledCipherSuites(getStringArray(sSLConfig, SSLConfig.ENABLED_CIPHER_SUITES));
        }
        if (sSLConfig.exist(SSLConfig.ENABLED_CIPHER_PROTOCOLS)) {
            sSLServerSocket.setEnabledProtocols(getStringArray(sSLConfig, SSLConfig.ENABLED_CIPHER_PROTOCOLS));
        }
        return sSLServerSocket;
    }

    private int getPort(SSLConfig sSLConfig) {
        return sSLConfig.getPropertyAsInteger(SSLConfig.PORT, SSLConfig.DEFAULT_PORT);
    }

    private boolean getBoolean(SSLConfig sSLConfig, String str) {
        return sSLConfig.getPropertyAsBoolean(str);
    }

    private int getInteger(SSLConfig sSLConfig, String str) {
        return sSLConfig.getPropertyAsInteger(str);
    }

    private String[] getStringArray(SSLConfig sSLConfig, String str) {
        return StringHelper.splitAsArray(str.replaceAll(" ", ""), IConstraint.CONSTRAINT_STATEMENT_SEPARATOR);
    }

    Logger getLogger() {
        return log;
    }
}
