package org.apache.nifi.toolkit.tls.service.client;

import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import org.apache.http.HttpHost;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.protocol.HttpContext;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;

/* loaded from: input_file:org/apache/nifi/toolkit/tls/service/client/TlsCertificateAuthorityClientSocketFactory.class */
public class TlsCertificateAuthorityClientSocketFactory extends SSLConnectionSocketFactory {
    private final String caHostname;
    private final List<X509Certificate> certificates;

    public TlsCertificateAuthorityClientSocketFactory(SSLContext sSLContext, String str, List<X509Certificate> list) {
        super(sSLContext);
        this.caHostname = str;
        this.certificates = list;
    }

    public synchronized Socket connectSocket(int i, Socket socket, HttpHost httpHost, InetSocketAddress inetSocketAddress, InetSocketAddress inetSocketAddress2, HttpContext httpContext) throws IOException {
        Socket connectSocket = super.connectSocket(i, socket, httpHost, inetSocketAddress, inetSocketAddress2, httpContext);
        if (!SSLSocket.class.isInstance(connectSocket)) {
            throw new IOException("Expected tls socket");
        }
        Certificate[] peerCertificates = ((SSLSocket) connectSocket).getSession().getPeerCertificates();
        if (peerCertificates.length != 1) {
            throw new IOException("Expected root ca cert");
        }
        if (!X509Certificate.class.isInstance(peerCertificates[0])) {
            throw new IOException("Expected root ca cert in X509 format");
        }
        try {
            X509Certificate x509Certificate = (X509Certificate) peerCertificates[0];
            String valueToString = IETFUtils.valueToString(new JcaX509CertificateHolder(x509Certificate).getSubject().getRDNs(BCStyle.CN)[0].getFirst().getValue());
            this.certificates.add(x509Certificate);
            if (this.caHostname.equals(valueToString)) {
                return connectSocket;
            }
            throw new IOException("Expected cn of " + this.caHostname + " but got " + valueToString);
        } catch (Exception e) {
            throw new IOException(e);
        }
    }
}
