package org.apache.commons.ssl;

import com.resolution.atlasplugins.samlsso.confluence.ConfluenceDefaults;
import java.io.File;
import java.io.IOException;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Properties;
import java.util.SortedSet;
import java.util.TreeSet;
import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;

/* loaded from: input_file:org/apache/commons/ssl/SSL.class */
public class SSL {
    private static final String[] KNOWN_PROTOCOLS = {"TLSv1.2", "TLSv1.1", "TLSv1", "SSLv3", "SSLv2", "SSLv2Hello"};
    private static final String[] SUPPORTED_CIPHERS;
    public static final SortedSet KNOWN_PROTOCOLS_SET;
    public static final SortedSet SUPPORTED_CIPHERS_SET;
    private X509Certificate[] currentServerChain;
    private X509Certificate[] currentClientChain;
    private Map dnsOverride;
    protected final boolean usingSystemProperties;
    private Object sslContext = null;
    private int initCount = 0;
    private SSLSocketFactory socketFactory = null;
    private SSLServerSocketFactory serverSocketFactory = null;
    private HostnameVerifier hostnameVerifier = HostnameVerifier.DEFAULT;
    private boolean isSecure = true;
    private boolean checkHostname = true;
    private boolean checkCRL = true;
    private boolean checkExpiry = true;
    private boolean useClientMode = false;
    private boolean useClientModeDefault = true;
    private int soTimeout = 86400000;
    private int connectTimeout = 3600000;
    private TrustChain trustChain = null;
    private KeyMaterial keyMaterial = null;
    private String[] enabledCiphers = null;
    private String[] enabledProtocols = null;
    private String defaultProtocol = "TLS";
    private boolean wantClientAuth = true;
    private boolean needClientAuth = false;
    private SSLWrapperFactory sslWrapperFactory = SSLWrapperFactory.NO_WRAP;

    public SSL() throws GeneralSecurityException, IOException {
        TrustMaterial trustMaterial;
        boolean z = false;
        Properties properties = System.getProperties();
        boolean containsKey = properties.containsKey("javax.net.ssl.keyStore");
        boolean containsKey2 = properties.containsKey("javax.net.ssl.trustStore");
        if (containsKey) {
            String property = System.getProperty("javax.net.ssl.keyStore");
            String property2 = System.getProperty("javax.net.ssl.keyStorePassword");
            String str = property2 != null ? property2 : ConfluenceDefaults.ENFORCE_SSO_URLS;
            if (new File(property).exists()) {
                setKeyMaterial(new KeyMaterial(property, str.toCharArray()));
                z = true;
            }
        }
        boolean z2 = false;
        if (containsKey2) {
            String property3 = System.getProperty("javax.net.ssl.trustStore");
            String property4 = System.getProperty("javax.net.ssl.trustStorePassword");
            boolean z3 = property4 == null;
            String str2 = z3 ? ConfluenceDefaults.ENFORCE_SSO_URLS : property4;
            if (new File(property3).exists()) {
                try {
                    trustMaterial = new TrustMaterial(property3, str2.toCharArray());
                } catch (GeneralSecurityException e) {
                    if (!z3) {
                        throw e;
                    }
                    trustMaterial = new TrustMaterial(property3);
                }
                setTrustMaterial(trustMaterial);
                z = true;
                z2 = true;
            }
        }
        if (!z2) {
            setTrustMaterial(TrustMaterial.DEFAULT);
        }
        this.usingSystemProperties = z;
        dirtyAndReloadIfYoung();
    }

    private void dirty() {
        this.sslContext = null;
        this.socketFactory = null;
        this.serverSocketFactory = null;
    }

    private void dirtyAndReloadIfYoung() throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException, CertificateException {
        dirty();
        if (this.initCount < 0 || this.initCount > 5) {
            return;
        }
        init();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String dnsOverride(String str) {
        String str2;
        return (this.dnsOverride == null || !this.dnsOverride.containsKey(str) || (str2 = (String) this.dnsOverride.get(str)) == null || ConfluenceDefaults.ENFORCE_SSO_URLS.equals(str2.trim())) ? str : str2;
    }

    public void setDnsOverride(Map map) {
        this.dnsOverride = map;
    }

    public void setIsSecure(boolean z) {
        this.isSecure = z;
    }

    public boolean isSecure() {
        return this.isSecure;
    }

    public SSLContext getSSLContext() throws GeneralSecurityException, IOException {
        Object sSLContextAsObject = getSSLContextAsObject();
        if (!JavaImpl.isJava13()) {
            return (SSLContext) sSLContextAsObject;
        }
        try {
            return (SSLContext) sSLContextAsObject;
        } catch (ClassCastException e) {
            throw new ClassCastException("When using Java13 SSL, you must call SSL.getSSLContextAsObject() - " + e);
        }
    }

    public Object getSSLContextAsObject() throws GeneralSecurityException, IOException {
        if (this.sslContext == null) {
            init();
        }
        return this.sslContext;
    }

    public void addTrustMaterial(TrustChain trustChain) throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException, CertificateException {
        if (this.trustChain == null || trustChain == TrustMaterial.TRUST_ALL) {
            this.trustChain = trustChain;
        } else {
            this.trustChain.addTrustMaterial(trustChain);
        }
        dirtyAndReloadIfYoung();
    }

    public void setTrustMaterial(TrustChain trustChain) throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException, CertificateException {
        this.trustChain = trustChain;
        dirtyAndReloadIfYoung();
    }

    public void setKeyMaterial(KeyMaterial keyMaterial) throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException, CertificateException {
        this.keyMaterial = keyMaterial;
        dirtyAndReloadIfYoung();
    }

    public X509Certificate[] getAssociatedCertificateChain() {
        if (this.keyMaterial != null) {
            return (X509Certificate[]) this.keyMaterial.getAssociatedCertificateChains().get(0);
        }
        return null;
    }

    public String[] getEnabledCiphers() {
        return this.enabledCiphers != null ? this.enabledCiphers : getDefaultCipherSuites();
    }

    public void setEnabledCiphers(String[] strArr) {
        HashSet hashSet = new HashSet(Arrays.asList(strArr));
        hashSet.removeAll(SUPPORTED_CIPHERS_SET);
        if (!hashSet.isEmpty()) {
            throw new IllegalArgumentException("following ciphers not supported: " + hashSet);
        }
        this.enabledCiphers = strArr;
    }

    public String[] getEnabledProtocols() {
        return this.enabledProtocols;
    }

    public void setEnabledProtocols(String[] strArr) {
        this.enabledProtocols = strArr;
    }

    public String getDefaultProtocol() {
        return this.defaultProtocol;
    }

    public void setDefaultProtocol(String str) {
        this.defaultProtocol = str;
        dirty();
    }

    public boolean getCheckHostname() {
        return this.checkHostname;
    }

    public void setCheckHostname(boolean z) {
        this.checkHostname = z;
    }

    public void setHostnameVerifier(HostnameVerifier hostnameVerifier) {
        if (hostnameVerifier == null) {
            hostnameVerifier = HostnameVerifier.DEFAULT;
        }
        this.hostnameVerifier = hostnameVerifier;
    }

    public HostnameVerifier getHostnameVerifier() {
        return this.hostnameVerifier;
    }

    public boolean getCheckCRL() {
        return this.checkCRL;
    }

    public void setCheckCRL(boolean z) {
        this.checkCRL = z;
    }

    public boolean getCheckExpiry() {
        return this.checkExpiry;
    }

    public void setCheckExpiry(boolean z) {
        this.checkExpiry = z;
    }

    public void setSoTimeout(int i) {
        if (i < 0) {
            throw new IllegalArgumentException("soTimeout must not be negative");
        }
        this.soTimeout = i;
    }

    public int getSoTimeout() {
        return this.soTimeout;
    }

    public void setConnectTimeout(int i) {
        if (i < 0) {
            throw new IllegalArgumentException("connectTimeout must not be negative");
        }
        this.connectTimeout = i;
    }

    public void setUseClientMode(boolean z) {
        this.useClientModeDefault = false;
        this.useClientMode = z;
    }

    public boolean getUseClientModeDefault() {
        return this.useClientModeDefault;
    }

    public boolean getUseClientMode() {
        return this.useClientMode;
    }

    public void setWantClientAuth(boolean z) {
        this.wantClientAuth = z;
    }

    public void setNeedClientAuth(boolean z) {
        this.needClientAuth = z;
    }

    public boolean getWantClientAuth() {
        return this.wantClientAuth;
    }

    public boolean getNeedClientAuth() {
        return this.needClientAuth;
    }

    public SSLWrapperFactory getSSLWrapperFactory() {
        return this.sslWrapperFactory;
    }

    public void setSSLWrapperFactory(SSLWrapperFactory sSLWrapperFactory) {
        this.sslWrapperFactory = sSLWrapperFactory;
    }

    private void initThrowRuntime() {
        try {
            init();
        } catch (IOException e) {
            throw JavaImpl.newRuntimeException(e);
        } catch (GeneralSecurityException e2) {
            throw JavaImpl.newRuntimeException(e2);
        }
    }

    private void init() throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException, CertificateException {
        this.socketFactory = null;
        this.serverSocketFactory = null;
        this.sslContext = JavaImpl.init(this, this.trustChain, this.keyMaterial);
        this.initCount++;
    }

    public void doPreConnectSocketStuff(Socket socket) throws IOException {
        if ((socket instanceof SSLSocket) && !this.useClientModeDefault) {
            ((SSLSocket) socket).setUseClientMode(this.useClientMode);
        }
        if (this.soTimeout > 0) {
            socket.setSoTimeout(this.soTimeout);
        }
        if (socket instanceof SSLSocket) {
            if (this.enabledProtocols != null) {
                JavaImpl.setEnabledProtocols(socket, this.enabledProtocols);
            }
            if (this.enabledCiphers != null) {
                ((SSLSocket) socket).setEnabledCipherSuites(this.enabledCiphers);
            }
        }
    }

    public void doPostConnectSocketStuff(Socket socket, String str) throws IOException {
        if (this.checkHostname && (socket instanceof SSLSocket)) {
            this.hostnameVerifier.check(str, (SSLSocket) socket);
        }
    }

    public Socket createSocket() throws IOException {
        if (this.isSecure) {
            return this.sslWrapperFactory.wrap(JavaImpl.createSocket(this));
        }
        Socket createSocket = SocketFactory.getDefault().createSocket();
        doPreConnectSocketStuff(createSocket);
        return createSocket;
    }

    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2, int i3) throws IOException {
        int connectTimeout = i3 == 0 ? getConnectTimeout() : i3;
        return this.sslWrapperFactory.wrap(this.isSecure ? JavaImpl.createSocket(this, str, i, inetAddress, i2, connectTimeout) : JavaImpl.createPlainSocket(this, str, i, inetAddress, i2, connectTimeout));
    }

    public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException {
        Socket createSocket = getSSLSocketFactory().createSocket(socket, str, i, z);
        doPreConnectSocketStuff(createSocket);
        doPostConnectSocketStuff(createSocket, str);
        return this.sslWrapperFactory.wrap(createSocket);
    }

    public ServerSocket createServerSocket() throws IOException {
        return getSSLWrapperFactory().wrap(JavaImpl.createServerSocket(this), this);
    }

    public ServerSocket createServerSocket(int i, int i2, InetAddress inetAddress) throws IOException {
        SSLServerSocket sSLServerSocket = (SSLServerSocket) getSSLServerSocketFactory().createServerSocket(i, i2, inetAddress);
        doPreConnectServerSocketStuff(sSLServerSocket);
        return getSSLWrapperFactory().wrap(sSLServerSocket, this);
    }

    public void doPreConnectServerSocketStuff(SSLServerSocket sSLServerSocket) throws IOException {
        if (this.soTimeout > 0) {
            sSLServerSocket.setSoTimeout(this.soTimeout);
        }
        if (this.enabledProtocols != null) {
            JavaImpl.setEnabledProtocols(sSLServerSocket, this.enabledProtocols);
        }
        if (this.enabledCiphers != null) {
            sSLServerSocket.setEnabledCipherSuites(this.enabledCiphers);
        }
        if (!this.wantClientAuth) {
            JavaImpl.setWantClientAuth(sSLServerSocket, false);
        }
        if (!this.needClientAuth) {
            sSLServerSocket.setNeedClientAuth(false);
        }
        if (this.wantClientAuth) {
            JavaImpl.setWantClientAuth(sSLServerSocket, true);
        }
        if (this.needClientAuth) {
            sSLServerSocket.setNeedClientAuth(true);
        }
    }

    public SSLSocketFactory getSSLSocketFactory() {
        if (this.sslContext == null) {
            initThrowRuntime();
        }
        if (this.socketFactory == null) {
            this.socketFactory = JavaImpl.getSSLSocketFactory(this.sslContext);
        }
        return this.socketFactory;
    }

    public SSLServerSocketFactory getSSLServerSocketFactory() {
        if (this.sslContext == null) {
            initThrowRuntime();
        }
        if (this.serverSocketFactory == null) {
            this.serverSocketFactory = JavaImpl.getSSLServerSocketFactory(this.sslContext);
        }
        return this.serverSocketFactory;
    }

    public int getConnectTimeout() {
        return this.connectTimeout;
    }

    public String[] getDefaultCipherSuites() {
        return getSSLSocketFactory().getDefaultCipherSuites();
    }

    public String[] getSupportedCipherSuites() {
        String[] strArr = new String[SUPPORTED_CIPHERS.length];
        System.arraycopy(SUPPORTED_CIPHERS, 0, strArr, 0, strArr.length);
        return strArr;
    }

    public TrustChain getTrustChain() {
        return this.trustChain;
    }

    public void setCurrentServerChain(X509Certificate[] x509CertificateArr) {
        this.currentServerChain = x509CertificateArr;
    }

    public void setCurrentClientChain(X509Certificate[] x509CertificateArr) {
        this.currentClientChain = x509CertificateArr;
    }

    public X509Certificate[] getCurrentServerChain() {
        return this.currentServerChain;
    }

    public X509Certificate[] getCurrentClientChain() {
        return this.currentClientChain;
    }

    static {
        TreeSet treeSet = new TreeSet(Collections.reverseOrder());
        treeSet.addAll(Arrays.asList(KNOWN_PROTOCOLS));
        KNOWN_PROTOCOLS_SET = Collections.unmodifiableSortedSet(treeSet);
        SSLSocketFactory sSLSocketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
        TreeSet treeSet2 = new TreeSet();
        SUPPORTED_CIPHERS = sSLSocketFactory.getSupportedCipherSuites();
        Arrays.sort(SUPPORTED_CIPHERS);
        treeSet2.addAll(Arrays.asList(SUPPORTED_CIPHERS));
        SUPPORTED_CIPHERS_SET = Collections.unmodifiableSortedSet(treeSet2);
    }
}
