package be.iminds.ilabt.jfed.lowlevel.connection;

import be.iminds.ilabt.jfed.lowlevel.JFedException;
import be.iminds.ilabt.jfed.lowlevel.connection.JFedConnection;
import be.iminds.ilabt.jfed.util.KeyUtil;
import be.iminds.ilabt.jfed.util.SSLCertificateDownloader;
import be.iminds.ilabt.jfed.util.SocksProxyHelper;
import be.iminds.ilabt.jfed.util.SshServerProxyHelper;
import java.net.InetSocketAddress;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.List;
import javax.net.ssl.SSLException;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.ssl.AbstractVerifier;
import org.apache.http.conn.ssl.BrowserCompatHostnameVerifier;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.params.BasicHttpParams;
import org.apache.http.params.CoreConnectionPNames;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.xerces.impl.xs.SchemaSymbols;
import org.slf4j.Marker;
import org.testng.internal.Parameters;

/* loaded from: input_file:be/iminds/ilabt/jfed/lowlevel/connection/HttpsClientWithUserAuthenticationFactory.class */
public class HttpsClientWithUserAuthenticationFactory {
    private static final Logger LOG = LogManager.getLogger();
    private static int extraTrustCount = 7000;

    /* loaded from: input_file:be/iminds/ilabt/jfed/lowlevel/connection/HttpsClientWithUserAuthenticationFactory$INSECURE_TRUSTALL_HandleUntrustedCallback.class */
    public static class INSECURE_TRUSTALL_HandleUntrustedCallback implements HandleUntrustedCallback {
        public INSECURE_TRUSTALL_HandleUntrustedCallback() {
            HttpsClientWithUserAuthenticationFactory.LOG.warn("SECURITY WARNING: constructing INSECURE_TRUSTALL_HandleUntrustedCallback");
        }

        @Override // be.iminds.ilabt.jfed.lowlevel.connection.HandleUntrustedCallback
        public boolean trust(SSLCertificateDownloader.SSLCertificateJFedInfo sSLCertificateJFedInfo) {
            return true;
        }
    }

    public static DefaultHttpClient getHttpClient(JFedConnection.ProxyInfo proxyInfo, List<X509Certificate> list, PrivateKey privateKey, String str, KeyStore keyStore, Collection<String> collection, boolean z, HandleUntrustedCallback handleUntrustedCallback) throws JFedException {
        DefaultHttpClient defaultHttpClient;
        SSLSocketFactory sSLSocketFactory;
        if (list == null) {
            throw new RuntimeException("clientCertificateChain == null");
        }
        if (list.size() == 0) {
            throw new RuntimeException("clientCertificateChain is empty");
        }
        if (privateKey == null) {
            throw new RuntimeException("privateKey == null");
        }
        if (str == null) {
            throw new RuntimeException("serverUrlStr == null");
        }
        final ArrayList arrayList = new ArrayList(collection);
        try {
            URL url = new URL(str);
            try {
                KeyStore keyStore2 = KeyStore.getInstance("JKS", "SUN");
                keyStore2.load(null, "somepass".toCharArray());
                Certificate[] certificateArr = new Certificate[list.size()];
                for (int i = 0; i < list.size(); i++) {
                    X509Certificate x509Certificate = list.get(i);
                    certificateArr[i] = x509Certificate;
                    try {
                        x509Certificate.checkValidity(new Date());
                    } catch (CertificateExpiredException e) {
                        throw new JFedException("Certificate " + i + " (of " + list.size() + ") in the user certificate chain has expired. NotAfter=" + x509Certificate.getNotAfter() + " now=" + new Date());
                    } catch (CertificateNotYetValidException e2) {
                        throw new JFedException("Certificate " + i + " (of " + list.size() + ") in the user certificate chain is not yet valid. NotBefore=" + x509Certificate.getNotBefore() + " now=" + new Date());
                    }
                }
                keyStore2.setKeyEntry("authority", privateKey, "someotherpass".toCharArray(), certificateArr);
                for (int i2 = 0; i2 < list.size(); i2++) {
                    keyStore.setCertificateEntry("clientCertificate" + i2, list.get(i2));
                }
                BasicHttpParams basicHttpParams = new BasicHttpParams();
                basicHttpParams.setParameter(CoreConnectionPNames.SO_TIMEOUT, 240000);
                basicHttpParams.setParameter(CoreConnectionPNames.CONNECTION_TIMEOUT, 10000);
                if (System.getProperty("proxySet") == null || !System.getProperty("proxySet").equals(SchemaSymbols.ATTVAL_TRUE) || System.getProperty("socksProxyHost") == null) {
                    defaultHttpClient = new DefaultHttpClient(basicHttpParams);
                } else {
                    LOG.info("Using SOCKS proxy: " + System.getProperty("socksProxyHost"));
                    defaultHttpClient = SocksProxyHelper.getHttpClientOverSocksProxy(basicHttpParams);
                }
                SecureRandom secureRandom = new SecureRandom();
                AbstractVerifier abstractVerifier = new AbstractVerifier() { // from class: be.iminds.ilabt.jfed.lowlevel.connection.HttpsClientWithUserAuthenticationFactory.1
                    private BrowserCompatHostnameVerifier base = new BrowserCompatHostnameVerifier();

                    @Override // org.apache.http.conn.ssl.X509HostnameVerifier
                    public final void verify(String str2, String[] strArr, String[] strArr2) throws SSLException {
                        ArrayList arrayList2 = new ArrayList();
                        ArrayList arrayList3 = new ArrayList();
                        if (strArr2 != null) {
                            for (String str3 : strArr2) {
                                arrayList2.add(str3);
                            }
                        }
                        if (strArr != null) {
                            for (String str4 : strArr) {
                                arrayList3.add(str4);
                            }
                        }
                        for (String str5 : arrayList) {
                            if (arrayList3.contains(str5) || arrayList2.contains(str5) || str5.equals(Marker.ANY_MARKER)) {
                                arrayList2.clear();
                                arrayList3.clear();
                                arrayList2.add(str2);
                                arrayList3.add(str2);
                                break;
                            }
                        }
                        String[] strArr3 = new String[arrayList2.size()];
                        for (int i3 = 0; i3 < arrayList2.size(); i3++) {
                            strArr3[i3] = (String) arrayList2.get(i3);
                        }
                        String[] strArr4 = new String[arrayList3.size()];
                        for (int i4 = 0; i4 < arrayList3.size(); i4++) {
                            strArr4[i4] = (String) arrayList3.get(i4);
                        }
                        try {
                            this.base.verify(str2, strArr4, strArr3);
                        } catch (SSLException e3) {
                            HttpsClientWithUserAuthenticationFactory.LOG.warn("HttpsClientWithUserAuthenticationFactory hostnameVerifier host name verification failed:" + e3.getMessage() + "\nhost=" + str2 + "\ncns=" + (strArr == null ? Parameters.NULL_VALUE : Arrays.asList(strArr)) + "\nsubjectAlts=" + strArr2 + "\nnewCns=" + arrayList3 + "\nnewSubjectAlts=" + arrayList2 + "\nallowedCertificateHostnameAliases=" + arrayList, (Throwable) e3);
                            throw e3;
                        }
                    }
                };
                if (handleUntrustedCallback != null) {
                    SSLCertificateDownloader.SSLCertificateJFedInfo certificateInfo = SSLCertificateDownloader.getCertificateInfo(url);
                    if (certificateInfo != null && certificateInfo.isSelfSigned() != null && certificateInfo.isSelfSigned().booleanValue()) {
                        if (handleUntrustedCallback.trust(certificateInfo)) {
                            keyStore.setCertificateEntry("allTrustCert" + extraTrustCount, certificateInfo.getCert());
                            if (!certificateInfo.getSubjectMatchesHostname().booleanValue()) {
                                arrayList.add(certificateInfo.getSubject());
                            }
                        } else {
                            LOG.info("User does not trust certificate -> Not adding anything to trust store.");
                        }
                    }
                    sSLSocketFactory = new SSLSocketFactory("TLS", keyStore2, "someotherpass", keyStore, secureRandom, abstractVerifier);
                } else if (proxyInfo == null || !(proxyInfo instanceof JFedConnection.SshProxyInfo)) {
                    sSLSocketFactory = new SSLSocketFactory("TLS", keyStore2, "someotherpass", keyStore, secureRandom, abstractVerifier);
                } else {
                    JFedConnection.SshProxyInfo sshProxyInfo = (JFedConnection.SshProxyInfo) proxyInfo;
                    LOG.debug("Using SSH Proxy for connection: " + sshProxyInfo.getHostname());
                    sSLSocketFactory = new SshServerProxyHelper.SslOverSshProxySocketFactory(new SshServerProxyHelper.SshProxyInfo(new InetSocketAddress(sshProxyInfo.getHostname(), sshProxyInfo.getPort()), sshProxyInfo.getUsername(), sshProxyInfo.getHostKey(), new String(KeyUtil.privateKeyToAnyPem(sshProxyInfo.getSshKeyInfo().getPrivateKey()))), "TLS", keyStore2, "someotherpass", keyStore, secureRandom, abstractVerifier);
                }
                defaultHttpClient.getConnectionManager().getSchemeRegistry().register(new Scheme("https", 443, sSLSocketFactory));
                return defaultHttpClient;
            } catch (Exception e3) {
                throw new JFedException("Error creating SSL connection to " + str, e3);
            }
        } catch (MalformedURLException e4) {
            LOG.error("ERROR: MalformedURLException url=\"" + str + "\"", (Throwable) e4);
            return null;
        }
    }
}
