package org.appwork.utils.net.httpconnection;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.appwork.utils.JVMVersion;
import org.appwork.utils.Regex;
import org.appwork.utils.StringUtils;
import org.appwork.utils.swing.dialog.HomeFolder;

/* loaded from: input_file:org/appwork/utils/net/httpconnection/JavaSSLSocketStreamFactory.class */
public class JavaSSLSocketStreamFactory implements SSLSocketStreamFactory {
    private static final String TLS13_ENABLED = "JSSE_TLS1.3_ENABLED";
    private static final JavaSSLSocketStreamFactory INSTANCE = new JavaSSLSocketStreamFactory();
    protected static final TrustManager[] trustAllCerts = {new X509TrustManager() { // from class: org.appwork.utils.net.httpconnection.JavaSSLSocketStreamFactory.1
        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }};

    /* loaded from: input_file:org/appwork/utils/net/httpconnection/JavaSSLSocketStreamFactory$JSSESSLSocketStreamInterface.class */
    public interface JSSESSLSocketStreamInterface extends SSLSocketStreamInterface {
        SSLContext getSSLContext();

        SSLSocketFactory getSSLSocketFactory();
    }

    /* loaded from: input_file:org/appwork/utils/net/httpconnection/JavaSSLSocketStreamFactory$TLS.class */
    public enum TLS {
        TLS_1_3("TLSv1.3"),
        TLS_1_2("TLSv1.2"),
        TLS_1_1("TLSv1.1"),
        TLS_1_0("TLSv1");

        protected final String id;

        TLS(String str) {
            this.id = str;
        }
    }

    public static final JavaSSLSocketStreamFactory getInstance() {
        return INSTANCE;
    }

    public SSLSocketFactory getSSLSocketFactory(SSLSocketStreamOptions sSLSocketStreamOptions) throws IOException {
        return getSSLSocketFactory(getSSLContext(sSLSocketStreamOptions), sSLSocketStreamOptions, null);
    }

    public void isCipherSuiteSupported(String... strArr) throws SSLException {
        try {
            List asList = Arrays.asList(getSSLContext(null).getSupportedSSLParameters().getCipherSuites());
            for (String str : strArr) {
                if (!asList.contains(str)) {
                    throw new SSLException(str + " is unsupported!");
                }
            }
        } catch (IOException e) {
            throw new SSLException(e);
        } catch (RuntimeException e2) {
            throw new SSLException(e2);
        }
    }

    protected SSLContext getSSLContext(SSLSocketStreamOptions sSLSocketStreamOptions) throws IOException {
        SSLContext sSLContext;
        if (sSLSocketStreamOptions != null) {
            try {
                if (sSLSocketStreamOptions.getCustomFactorySettings().contains(TLS13_ENABLED)) {
                    sSLContext = SSLContext.getInstance(TLS.TLS_1_3.id);
                    if (sSLSocketStreamOptions != null || sSLSocketStreamOptions.isTrustAll()) {
                        sSLContext.init(null, trustAllCerts, new SecureRandom());
                    } else {
                        sSLContext.init(null, null, new SecureRandom());
                    }
                    return sSLContext;
                }
            } catch (KeyManagementException e) {
                throw new IOException(e);
            } catch (NoSuchAlgorithmException e2) {
                throw new IOException(e2);
            }
        }
        sSLContext = SSLContext.getInstance("SSL");
        if (sSLSocketStreamOptions != null) {
        }
        sSLContext.init(null, trustAllCerts, new SecureRandom());
        return sSLContext;
    }

    protected String[] filterEnabledSupportedProtocols(SSLSocketStreamOptions sSLSocketStreamOptions, SSLContext sSLContext, String... strArr) {
        List asList = Arrays.asList(sSLContext.getSupportedSSLParameters().getProtocols());
        ArrayList arrayList = strArr.length == 0 ? new ArrayList(asList) : new ArrayList(Arrays.asList(strArr));
        arrayList.retainAll(asList);
        if (sSLSocketStreamOptions != null && !sSLSocketStreamOptions.getCustomFactorySettings().contains(TLS13_ENABLED)) {
            arrayList.remove(TLS.TLS_1_3.id);
        }
        return (String[]) arrayList.toArray(new String[0]);
    }

    protected SSLSocket modifyProtocols(SSLSocket sSLSocket, SSLSocketFactory sSLSocketFactory, SSLContext sSLContext, SSLSocketStreamOptions sSLSocketStreamOptions) {
        if (sSLContext != null) {
            if (isTLSSupported(TLS.TLS_1_3, sSLSocketStreamOptions, sSLContext)) {
                sSLSocket.setEnabledProtocols(filterEnabledSupportedProtocols(sSLSocketStreamOptions, sSLContext, TLS.TLS_1_0.id, TLS.TLS_1_1.id, TLS.TLS_1_2.id, TLS.TLS_1_3.id));
            } else if (JVMVersion.isMinimum(18000000L)) {
                sSLSocket.setEnabledProtocols(filterEnabledSupportedProtocols(sSLSocketStreamOptions, sSLContext, TLS.TLS_1_0.id, TLS.TLS_1_1.id, TLS.TLS_1_2.id));
            } else if (JVMVersion.isMinimum(17000000L)) {
                sSLSocket.setEnabledProtocols(filterEnabledSupportedProtocols(sSLSocketStreamOptions, sSLContext, TLS.TLS_1_0.id, TLS.TLS_1_1.id, TLS.TLS_1_2.id));
            } else if (JVMVersion.isMinimum(16000000121000L)) {
                sSLSocket.setEnabledProtocols(filterEnabledSupportedProtocols(sSLSocketStreamOptions, sSLContext, TLS.TLS_1_0.id, TLS.TLS_1_1.id, TLS.TLS_1_2.id));
            } else if (JVMVersion.isMinimum(16000000111000L)) {
                sSLSocket.setEnabledProtocols(filterEnabledSupportedProtocols(sSLSocketStreamOptions, sSLContext, TLS.TLS_1_0.id, TLS.TLS_1_1.id));
            } else {
                sSLSocket.setEnabledProtocols(filterEnabledSupportedProtocols(sSLSocketStreamOptions, sSLContext, TLS.TLS_1_0.id));
            }
        }
        return sSLSocket;
    }

    public boolean isTLSSupported(TLS tls, SSLSocketStreamOptions sSLSocketStreamOptions, SSLContext sSLContext) {
        if (sSLContext == null) {
            try {
                sSLContext = getSSLContext(sSLSocketStreamOptions);
            } catch (Exception e) {
                return false;
            }
        }
        if (tls != null) {
            if (Arrays.asList(sSLContext.getSupportedSSLParameters().getProtocols()).contains(tls.id)) {
                return true;
            }
        }
        return false;
    }

    protected SSLSocket modifyCipherSuites(SSLSocket sSLSocket, SSLSocketStreamOptions sSLSocketStreamOptions) {
        if (sSLSocket != null) {
            sSLSocket.setEnabledCipherSuites(modifyCipherSuites(sSLSocket.getEnabledCipherSuites(), sSLSocketStreamOptions));
            if (JVMVersion.isMinimum(18000000L) && sSLSocketStreamOptions != null && sSLSocketStreamOptions.hasCipherSuitesPreferences()) {
                SSLParameters sSLParameters = sSLSocket.getSSLParameters();
                sSLParameters.setUseCipherSuitesOrder(true);
                sSLSocket.setSSLParameters(sSLParameters);
            }
        }
        return sSLSocket;
    }

    protected String[] modifyCipherSuites(String[] strArr, SSLSocketStreamOptions sSLSocketStreamOptions) {
        if (strArr == null || sSLSocketStreamOptions == null) {
            return strArr;
        }
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        ArrayList arrayList4 = new ArrayList(Arrays.asList(strArr));
        if (sSLSocketStreamOptions.getDisabledCipherSuites().size() > 0) {
            for (String str : sSLSocketStreamOptions.getDisabledCipherSuites()) {
                Iterator it = arrayList4.iterator();
                while (it.hasNext()) {
                    String str2 = (String) it.next();
                    if (StringUtils.containsIgnoreCase(str2, str)) {
                        Iterator<String> it2 = sSLSocketStreamOptions.getEnabledCipherSuites().iterator();
                        while (true) {
                            if (!it2.hasNext()) {
                                it.remove();
                                arrayList3.add(str2);
                                break;
                            }
                            if (StringUtils.containsIgnoreCase(str2, it2.next())) {
                                break;
                            }
                        }
                    }
                }
            }
        }
        if (sSLSocketStreamOptions.getAvoidedCipherSuites().size() > 0) {
            for (String str3 : sSLSocketStreamOptions.getAvoidedCipherSuites()) {
                Iterator it3 = arrayList4.iterator();
                while (it3.hasNext()) {
                    String str4 = (String) it3.next();
                    if (StringUtils.containsIgnoreCase(str4, str3)) {
                        it3.remove();
                        arrayList.add(str4);
                    }
                }
            }
        }
        if (sSLSocketStreamOptions.getPreferredCipherSuites().size() > 0) {
            for (String str5 : sSLSocketStreamOptions.getPreferredCipherSuites()) {
                Iterator it4 = arrayList4.iterator();
                while (it4.hasNext()) {
                    String str6 = (String) it4.next();
                    if (StringUtils.containsIgnoreCase(str6, str5)) {
                        it4.remove();
                        arrayList2.add(str6);
                    }
                }
                Iterator it5 = arrayList.iterator();
                while (it5.hasNext()) {
                    String str7 = (String) it5.next();
                    if (StringUtils.containsIgnoreCase(str7, str5)) {
                        it5.remove();
                        arrayList2.add(str7);
                    }
                }
            }
        }
        if (arrayList3.size() > 0 || arrayList2.size() > 0 || arrayList.size() > 0) {
            if (arrayList2.size() > 0) {
                arrayList4.addAll(0, arrayList2);
            }
            if (arrayList.size() > 0) {
                arrayList4.addAll(arrayList);
            }
            strArr = (String[]) arrayList4.toArray(new String[0]);
        }
        return sSLSocketStreamOptions.sortCipherSuites(strArr);
    }

    protected SSLSocket modify(SSLSocket sSLSocket, SSLSocketFactory sSLSocketFactory, SSLContext sSLContext, SSLSocketStreamOptions sSLSocketStreamOptions, Boolean bool) {
        SSLSocket modifyCipherSuites = modifyCipherSuites(modifyProtocols(sSLSocket, sSLSocketFactory, sSLContext, sSLSocketStreamOptions), sSLSocketStreamOptions);
        if (((bool != null && !bool.booleanValue()) || (sSLSocketStreamOptions != null && !sSLSocketStreamOptions.isSNIEnabled())) && JVMVersion.isMinimum(18000000L)) {
            SSLParameters sSLParameters = modifyCipherSuites.getSSLParameters();
            sSLParameters.setServerNames(new ArrayList(0));
            modifyCipherSuites.setSSLParameters(sSLParameters);
        }
        return modifyCipherSuites;
    }

    protected SSLSocketFactory getSSLSocketFactory(final SSLContext sSLContext, final SSLSocketStreamOptions sSLSocketStreamOptions, final Boolean bool) throws IOException {
        final SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
        return new SSLSocketFactory() { // from class: org.appwork.utils.net.httpconnection.JavaSSLSocketStreamFactory.2
            @Override // javax.net.ssl.SSLSocketFactory
            public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException {
                return JavaSSLSocketStreamFactory.this.modify((SSLSocket) socketFactory.createSocket(socket, str, i, z), socketFactory, sSLContext, sSLSocketStreamOptions, bool);
            }

            @Override // javax.net.ssl.SSLSocketFactory
            public String[] getDefaultCipherSuites() {
                return JavaSSLSocketStreamFactory.this.modifyCipherSuites(socketFactory.getDefaultCipherSuites(), sSLSocketStreamOptions);
            }

            @Override // javax.net.ssl.SSLSocketFactory
            public String[] getSupportedCipherSuites() {
                return JavaSSLSocketStreamFactory.this.modifyCipherSuites(socketFactory.getSupportedCipherSuites(), sSLSocketStreamOptions);
            }

            @Override // javax.net.SocketFactory
            public Socket createSocket(String str, int i) throws IOException, UnknownHostException {
                return JavaSSLSocketStreamFactory.this.modify((SSLSocket) socketFactory.createSocket(str, i), socketFactory, sSLContext, sSLSocketStreamOptions, bool);
            }

            @Override // javax.net.SocketFactory
            public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
                return JavaSSLSocketStreamFactory.this.modify((SSLSocket) socketFactory.createSocket(inetAddress, i), socketFactory, sSLContext, sSLSocketStreamOptions, bool);
            }

            @Override // javax.net.SocketFactory
            public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException, UnknownHostException {
                return JavaSSLSocketStreamFactory.this.modify((SSLSocket) socketFactory.createSocket(str, i, inetAddress, i2), socketFactory, sSLContext, sSLSocketStreamOptions, bool);
            }

            @Override // javax.net.SocketFactory
            public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
                return JavaSSLSocketStreamFactory.this.modify((SSLSocket) socketFactory.createSocket(inetAddress, i, inetAddress2, i2), socketFactory, sSLContext, sSLSocketStreamOptions, bool);
            }
        };
    }

    protected void verifySSLHostname(SSLSocket sSLSocket, String str, boolean z) throws IOException {
        SSLSession session;
        if (z || (session = sSLSocket.getSession()) == null || session.getPeerCertificates().length <= 0) {
            return;
        }
        Certificate certificate = session.getPeerCertificates()[0];
        if (certificate instanceof X509Certificate) {
            String lowerCase = str.toLowerCase(Locale.ENGLISH);
            ArrayList arrayList = new ArrayList();
            X509Certificate x509Certificate = (X509Certificate) certificate;
            arrayList.add(new Regex(x509Certificate.getSubjectX500Principal().getName(), "CN=(.*?)(,| |$)").getMatch(0));
            try {
                Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
                if (subjectAlternativeNames != null) {
                    for (List<?> list : subjectAlternativeNames) {
                        switch (((Integer) list.get(0)).intValue()) {
                            case 1:
                            case 2:
                                arrayList.add(list.get(1).toString());
                                break;
                        }
                    }
                }
            } catch (CertificateParsingException e) {
                e.printStackTrace();
            }
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                String str2 = (String) it.next();
                if (str2 != null) {
                    String lowerCase2 = str2.toLowerCase(Locale.ENGLISH);
                    if (StringUtils.equals(lowerCase2, lowerCase)) {
                        return;
                    }
                    if (lowerCase2.startsWith("*.") && lowerCase.length() > lowerCase2.length() - 1 && lowerCase.endsWith(lowerCase2.substring(1)) && lowerCase.substring(0, (lowerCase.length() - lowerCase2.length()) + 1).indexOf(46) < 0) {
                        return;
                    }
                }
            }
            throw new SSLHandshakeException("HTTPS hostname wrong:  hostname is <" + lowerCase + ">");
        }
    }

    @Override // org.appwork.utils.net.httpconnection.SSLSocketStreamFactory
    public SSLSocketStreamInterface create(final SocketStreamInterface socketStreamInterface, String str, int i, boolean z, final SSLSocketStreamOptions sSLSocketStreamOptions) throws IOException {
        boolean z2 = !StringUtils.isEmpty(str) && (sSLSocketStreamOptions == null || sSLSocketStreamOptions.isSNIEnabled());
        final SSLContext sSLContext = getSSLContext(sSLSocketStreamOptions);
        final SSLSocketFactory sSLSocketFactory = getSSLSocketFactory(sSLContext, sSLSocketStreamOptions, Boolean.valueOf(z2));
        final SSLSocket sSLSocket = (SSLSocket) sSLSocketFactory.createSocket(socketStreamInterface.getSocket(), z2 ? str : HomeFolder.HOME_ROOT, i, z);
        return new JSSESSLSocketStreamInterface() { // from class: org.appwork.utils.net.httpconnection.JavaSSLSocketStreamFactory.3
            @Override // org.appwork.utils.net.httpconnection.SocketStreamInterface
            public SSLSocket getSocket() {
                return sSLSocket;
            }

            @Override // org.appwork.utils.net.httpconnection.SocketStreamInterface
            public OutputStream getOutputStream() throws IOException {
                return sSLSocket.getOutputStream();
            }

            @Override // org.appwork.utils.net.httpconnection.SocketStreamInterface
            public InputStream getInputStream() throws IOException {
                return sSLSocket.getInputStream();
            }

            @Override // org.appwork.utils.net.httpconnection.SocketStreamInterface, java.io.Closeable, java.lang.AutoCloseable
            public void close() throws IOException {
                sSLSocket.close();
            }

            @Override // org.appwork.utils.net.httpconnection.SSLSocketStreamInterface
            public SocketStreamInterface getParentSocketStream() {
                return socketStreamInterface;
            }

            @Override // org.appwork.utils.net.httpconnection.SSLSocketStreamInterface
            public String getCipherSuite() {
                SSLSession session = sSLSocket.getSession();
                return "JVM|Protocol:" + session.getProtocol() + "|CipherSuite:" + session.getCipherSuite();
            }

            @Override // org.appwork.utils.net.httpconnection.SSLSocketStreamInterface
            public SSLSocketStreamOptions getOptions() {
                return sSLSocketStreamOptions;
            }

            @Override // org.appwork.utils.net.httpconnection.JavaSSLSocketStreamFactory.JSSESSLSocketStreamInterface
            public SSLContext getSSLContext() {
                return sSLContext;
            }

            @Override // org.appwork.utils.net.httpconnection.JavaSSLSocketStreamFactory.JSSESSLSocketStreamInterface
            public SSLSocketFactory getSSLSocketFactory() {
                return sSLSocketFactory;
            }

            @Override // org.appwork.utils.net.httpconnection.SSLSocketStreamInterface
            public SSLSocketStreamFactory getSSLSocketStreamFactory() {
                return JavaSSLSocketStreamFactory.this;
            }
        };
    }

    @Override // org.appwork.utils.net.httpconnection.SSLSocketStreamFactory
    public String retry(SSLSocketStreamOptions sSLSocketStreamOptions, Exception exc) {
        if (!isTLSSupported(TLS.TLS_1_3, sSLSocketStreamOptions, null)) {
            return null;
        }
        if (!StringUtils.containsIgnoreCase(exc.getMessage(), "protocol_version") && !StringUtils.containsIgnoreCase(exc.getMessage(), "cipher suites are inappropriate") && !StringUtils.contains(exc.getMessage(), "No appropriate protocol")) {
            return null;
        }
        if (sSLSocketStreamOptions.getCustomFactorySettings().add(TLS13_ENABLED)) {
            return "enable TLS1.3";
        }
        String enableNextDisabledCipher = sSLSocketStreamOptions.enableNextDisabledCipher("GCM");
        if (enableNextDisabledCipher != null) {
            return "enable " + enableNextDisabledCipher + " for TLS1.3";
        }
        return null;
    }
}
