package com.microsoft.aad.msal4j;

import com.sun.jna.platform.win32.COM.tlb.imp.TlbConst;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.Proxy;
import java.net.URL;
import java.net.URLConnection;
import java.security.KeyManagementException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;

/* loaded from: input_file:applicationinsights-agent-3.5.4.jar:inst/com/microsoft/aad/msal4j/DefaultHttpClientManagedIdentity.classdata */
class DefaultHttpClientManagedIdentity extends DefaultHttpClient {
    public static final HostnameVerifier ALL_HOSTS_ACCEPT_HOSTNAME_VERIFIER = new HostnameVerifier() { // from class: com.microsoft.aad.msal4j.DefaultHttpClientManagedIdentity.1
        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            return true;
        }
    };

    /* JADX INFO: Access modifiers changed from: package-private */
    public DefaultHttpClientManagedIdentity(Proxy proxy, SSLSocketFactory sSLSocketFactory, Integer num, Integer num2) {
        super(proxy, sSLSocketFactory, num, num2);
    }

    @Override // com.microsoft.aad.msal4j.DefaultHttpClient
    HttpURLConnection openConnection(URL url) throws IOException {
        URLConnection openConnection = this.proxy != null ? url.openConnection(this.proxy) : url.openConnection();
        openConnection.setConnectTimeout(this.connectTimeout);
        openConnection.setReadTimeout(this.readTimeout);
        if (openConnection instanceof HttpURLConnection) {
            return (HttpURLConnection) openConnection;
        }
        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) openConnection;
        if (this.sslSocketFactory != null) {
            httpsURLConnection.setSSLSocketFactory(this.sslSocketFactory);
        }
        if (System.getenv(Constants.IDENTITY_SERVER_THUMBPRINT) != null) {
            addTrustedCertificateThumbprint(httpsURLConnection, System.getenv(Constants.IDENTITY_SERVER_THUMBPRINT));
        }
        return httpsURLConnection;
    }

    public static void addTrustedCertificateThumbprint(HttpsURLConnection httpsURLConnection, final String str) {
        if (httpsURLConnection.getHostnameVerifier() != ALL_HOSTS_ACCEPT_HOSTNAME_VERIFIER) {
            httpsURLConnection.setHostnameVerifier(ALL_HOSTS_ACCEPT_HOSTNAME_VERIFIER);
        }
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: com.microsoft.aad.msal4j.DefaultHttpClientManagedIdentity.2
            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
                throw new CertificateException("No client side certificate configured.");
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
                if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                    throw new CertificateException("Did not receive any certificate from the server.");
                }
                for (X509Certificate x509Certificate : x509CertificateArr) {
                    if (str.equalsIgnoreCase(DefaultHttpClientManagedIdentity.extractCertificateThumbprint(x509Certificate))) {
                        return;
                    }
                }
                throw new RuntimeException("Thumbprint of certificates received did not match the expected thumbprint.");
            }
        }};
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, trustManagerArr, null);
            SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
            if (httpsURLConnection.getSSLSocketFactory() != socketFactory) {
                httpsURLConnection.setSSLSocketFactory(socketFactory);
            }
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new RuntimeException("Error Creating SSL Context", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String extractCertificateThumbprint(Certificate certificate) {
        try {
            StringBuilder sb = new StringBuilder();
            try {
                for (byte b : MessageDigest.getInstance(MessageDigestAlgorithms.SHA_1).digest(certificate.getEncoded())) {
                    int i = b & 255;
                    if (i < 16) {
                        sb.append(TlbConst.TYPELIB_MINOR_VERSION_SHELL);
                    }
                    sb.append(Integer.toHexString(i));
                }
                return sb.toString();
            } catch (CertificateEncodingException e) {
                throw new RuntimeException(e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new MsalClientException("NoSuchAlgorithmException when extracting certificate thumbprint: ", e2.getMessage());
        }
    }
}
