package be.iminds.ilabt.jfed.lowlevel.connection;

import be.iminds.ilabt.jfed.lowlevel.JFedException;
import be.iminds.ilabt.jfed.lowlevel.connection.ConnectionConfig;
import be.iminds.ilabt.jfed.lowlevel.connection.JFedConnection;
import be.iminds.ilabt.jfed.util.JFedPasswordManager;
import be.iminds.ilabt.jfed.util.JFedTrustStore;
import be.iminds.ilabt.jfed.util.KeyUtil;
import be.iminds.ilabt.jfed.util.SSLCertificateDownloader;
import be.iminds.ilabt.jfed.util.SocksProxyHelper;
import be.iminds.ilabt.jfed.util.SshServerProxyHelper;
import java.net.InetSocketAddress;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import javanet.staxutils.Indentation;
import javax.net.ssl.SSLException;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.protocol.ClientContext;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.ssl.AbstractVerifier;
import org.apache.http.conn.ssl.BrowserCompatHostnameVerifier;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.TrustStrategy;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.impl.auth.BasicScheme;
import org.apache.http.impl.client.BasicAuthCache;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.params.BasicHttpParams;
import org.apache.http.params.CoreConnectionPNames;
import org.apache.http.protocol.BasicHttpContext;
import org.apache.http.protocol.HttpContext;
import org.apache.xmlrpc.XmlRpcClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.Marker;
import org.testng.internal.Parameters;

/* loaded from: input_file:be/iminds/ilabt/jfed/lowlevel/connection/BasicConnectionBuilder.class */
public class BasicConnectionBuilder implements ConnectionBuilder {
    private URL serverUrl;
    private String serverUrlString;
    private JFedConnection.DebugInfo debugInfo;
    private JFedConnection.ProxyInfo proxyInfo;
    private ConnectionConfig.Authentication authentication;
    private JFedPasswordManager.LoginInfo login;
    private List<X509Certificate> clientCertChain;
    private PrivateKey privateKey;
    private ConnectionConfig.Protocol protocol;
    private JFedTrustStore conTrustStore;
    private HandleUntrustedCallback handleUntrustedCallback;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) BasicConnectionBuilder.class);
    private static int extraTrustCount = 7000;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:be/iminds/ilabt/jfed/lowlevel/connection/BasicConnectionBuilder$HttpConParts.class */
    public class HttpConParts {
        final DefaultHttpClient defaultHttpClient;
        final HttpContext httpContext;
        final HttpContext preemptiveAuthHttpContext;
        final TrustStrategy trustStrategy;

        public HttpConParts(DefaultHttpClient defaultHttpClient, HttpContext httpContext, HttpContext httpContext2, TrustStrategy trustStrategy) {
            this.defaultHttpClient = defaultHttpClient;
            this.httpContext = httpContext;
            this.preemptiveAuthHttpContext = httpContext2;
            this.trustStrategy = trustStrategy;
        }
    }

    /* loaded from: input_file:be/iminds/ilabt/jfed/lowlevel/connection/BasicConnectionBuilder$INSECURE_TRUSTALL_HandleUntrustedCallback.class */
    public static class INSECURE_TRUSTALL_HandleUntrustedCallback implements HandleUntrustedCallback {
        public INSECURE_TRUSTALL_HandleUntrustedCallback() {
            BasicConnectionBuilder.LOG.warn("SECURITY WARNING: constructing INSECURE_TRUSTALL_HandleUntrustedCallback");
        }

        @Override // be.iminds.ilabt.jfed.lowlevel.connection.HandleUntrustedCallback
        public boolean trust(SSLCertificateDownloader.SSLCertificateJFedInfo sSLCertificateJFedInfo) {
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:be/iminds/ilabt/jfed/lowlevel/connection/BasicConnectionBuilder$SpyingTrustStrategy.class */
    public static class SpyingTrustStrategy implements TrustStrategy {
        private final TrustStrategy orig;
        public X509Certificate[] chain;
        private JFedConnection connection;

        public SpyingTrustStrategy(TrustStrategy trustStrategy) {
            this.orig = trustStrategy;
        }

        @Override // org.apache.http.conn.ssl.TrustStrategy
        public boolean isTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (x509CertificateArr != null && x509CertificateArr.length > 0) {
                this.chain = x509CertificateArr;
                if (this.connection != null) {
                    this.connection.registerServerCertficates(this.chain);
                }
            }
            return this.orig.isTrusted(x509CertificateArr, str);
        }

        public void setConnection(JFedConnection jFedConnection) {
            BasicConnectionBuilder.LOG.debug("registering connection to SpyingTrustStrategy");
            this.connection = jFedConnection;
            if (this.chain != null) {
                jFedConnection.registerServerCertficates(this.chain);
            }
        }
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.connection.ConnectionBuilder
    public void setUrl(String str) throws MalformedURLException {
        this.serverUrlString = str;
        this.serverUrl = new URL(str);
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.connection.ConnectionBuilder
    public void setUrl(URL url) {
        this.serverUrl = url;
        this.serverUrlString = url.toExternalForm();
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.connection.ConnectionBuilder
    public void setDebugInfo(JFedConnection.DebugInfo debugInfo) {
        this.debugInfo = debugInfo;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.connection.ConnectionBuilder
    public void setProxy(JFedConnection.ProxyInfo proxyInfo) {
        this.proxyInfo = proxyInfo;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.connection.ConnectionBuilder
    public void useNoAuthentication() {
        this.authentication = ConnectionConfig.Authentication.NONE;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.connection.ConnectionBuilder
    public void useHttpBasicAuthentication(JFedPasswordManager.LoginInfo loginInfo) {
        this.authentication = ConnectionConfig.Authentication.HTTP_BASIC;
        this.login = loginInfo;
        if (loginInfo == null) {
            throw new IllegalArgumentException("Illegal argument: login == null");
        }
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.connection.ConnectionBuilder
    public void useSslClientAuthentication(List<X509Certificate> list, PrivateKey privateKey) {
        this.authentication = ConnectionConfig.Authentication.SSL_CLIENT_AUTH;
        this.clientCertChain = list;
        this.privateKey = privateKey;
        if (privateKey == null) {
            throw new IllegalArgumentException("Illegal argument: privateKey == null");
        }
        if (list == null) {
            throw new IllegalArgumentException("Illegal argument: clientCertificateChain == null");
        }
        if (list.isEmpty()) {
            throw new IllegalArgumentException("Illegal argument: clientCertChain is empty");
        }
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.connection.ConnectionBuilder
    public void useHttp() {
        this.protocol = ConnectionConfig.Protocol.HTTP;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.connection.ConnectionBuilder
    public void useHttps(JFedTrustStore jFedTrustStore, HandleUntrustedCallback handleUntrustedCallback) {
        this.protocol = ConnectionConfig.Protocol.HTTPS;
        this.conTrustStore = jFedTrustStore;
        this.handleUntrustedCallback = handleUntrustedCallback;
        if (jFedTrustStore == null) {
            throw new IllegalArgumentException("Illegal argument: conTrustStore == null");
        }
    }

    private void check() {
        if (this.debugInfo == null) {
            throw new RuntimeException("Configuration problem: must specify debugInfo");
        }
        if (this.serverUrlString == null || this.serverUrl == null) {
            throw new RuntimeException("Configuration problem: must specify URL");
        }
        if (this.authentication == null) {
            throw new RuntimeException("Configuration problem: must specify authentication");
        }
        if (this.protocol == null) {
            throw new RuntimeException("Configuration problem: must specify HTTP or HTTPS");
        }
        if (this.protocol != ConnectionConfig.Protocol.HTTPS && this.authentication == ConnectionConfig.Authentication.SSL_CLIENT_AUTH) {
            throw new RuntimeException("Configuration problem: incompatible options: cannot do SSL client authentication without HTTPS.");
        }
    }

    private HttpConParts getConnectionHttpClientAndContext() throws JFedException {
        SSLSocketFactory sSLSocketFactory;
        BasicHttpParams basicHttpParams = new BasicHttpParams();
        basicHttpParams.setParameter(CoreConnectionPNames.SO_TIMEOUT, 120000);
        basicHttpParams.setParameter(CoreConnectionPNames.CONNECTION_TIMEOUT, 10000);
        DefaultHttpClient defaultHttpClient = (System.getProperty("proxySet") == null || !System.getProperty("proxySet").equals("true") || System.getProperty("socksProxyHost") == null) ? new DefaultHttpClient(basicHttpParams) : SocksProxyHelper.getHttpClientOverSocksProxy(basicHttpParams);
        TrustStrategy trustStrategy = null;
        if (this.protocol == ConnectionConfig.Protocol.HTTPS) {
            try {
                KeyStore keyStore = null;
                final KeyStore trustStore = this.conTrustStore.getTrustStore();
                if (this.authentication == ConnectionConfig.Authentication.SSL_CLIENT_AUTH) {
                    keyStore = KeyStore.getInstance("JKS", "SUN");
                    keyStore.load(null, "somepass".toCharArray());
                    Certificate[] certificateArr = new Certificate[this.clientCertChain.size()];
                    for (int i = 0; i < this.clientCertChain.size(); i++) {
                        X509Certificate x509Certificate = this.clientCertChain.get(i);
                        certificateArr[i] = x509Certificate;
                        try {
                            try {
                                x509Certificate.checkValidity(new Date());
                            } catch (CertificateNotYetValidException e) {
                                throw new JFedException("Certificate " + i + " (of " + this.clientCertChain.size() + ") in the user certificate chain is not yet valid. NotBefore=" + x509Certificate.getNotBefore() + " now=" + new Date());
                            }
                        } catch (CertificateExpiredException e2) {
                            throw new JFedException("Certificate " + i + " (of " + this.clientCertChain.size() + ") in the user certificate chain has expired. NotAfter=" + x509Certificate.getNotAfter() + " now=" + new Date());
                        }
                    }
                    keyStore.setKeyEntry("authority", this.privateKey, "someotherpass".toCharArray(), certificateArr);
                    for (int i2 = 0; i2 < this.clientCertChain.size(); i2++) {
                        trustStore.setCertificateEntry("clientCertificate" + i2, this.clientCertChain.get(i2));
                    }
                }
                SecureRandom secureRandom = new SecureRandom();
                ArrayList arrayList = new ArrayList(this.conTrustStore.getAllowedServerCertificateHostnameAliases());
                if (this.handleUntrustedCallback != null) {
                    trustStrategy = new TrustStrategy() { // from class: be.iminds.ilabt.jfed.lowlevel.connection.BasicConnectionBuilder.1
                        @Override // org.apache.http.conn.ssl.TrustStrategy
                        public boolean isTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                            if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                                return false;
                            }
                            try {
                                for (X509Certificate x509Certificate2 : x509CertificateArr) {
                                    if (trustStore.getCertificateAlias(x509Certificate2) != null) {
                                        return true;
                                    }
                                }
                                return BasicConnectionBuilder.this.handleUntrustedCallback.trust(new SSLCertificateDownloader.SSLCertificateJFedInfo(x509CertificateArr[0], BasicConnectionBuilder.this.serverUrl, BasicConnectionBuilder.this.serverUrl.getHost()));
                            } catch (KeyStoreException e3) {
                                throw new CertificateException("problem with keystore while checking certificate", e3);
                            }
                        }
                    };
                    LOG.debug("using home-made trustStrategy, this is far from perfect! Might be insecure!");
                }
                X509HostnameVerifier makeHostNameVerifier = makeHostNameVerifier(arrayList);
                if (trustStrategy != null) {
                    LOG.debug("adding SpyingTrustStrategy");
                    trustStrategy = new SpyingTrustStrategy(trustStrategy);
                }
                if (this.proxyInfo == null || !(this.proxyInfo instanceof JFedConnection.SshProxyInfo)) {
                    sSLSocketFactory = new SSLSocketFactory("TLS", keyStore, "someotherpass", trustStore, secureRandom, trustStrategy, makeHostNameVerifier);
                } else {
                    JFedConnection.SshProxyInfo sshProxyInfo = (JFedConnection.SshProxyInfo) this.proxyInfo;
                    LOG.debug("Using SSH Proxy for connection: " + sshProxyInfo.getHostname());
                    sSLSocketFactory = new SshServerProxyHelper.SslOverSshProxySocketFactory(new SshServerProxyHelper.SshProxyInfo(new InetSocketAddress(sshProxyInfo.getHostname(), sshProxyInfo.getPort()), sshProxyInfo.getUsername(), sshProxyInfo.getHostKey(), new String(KeyUtil.privateKeyToAnyPem(sshProxyInfo.getSshKeyInfo().getPrivateKey()))), "TLS", keyStore, "someotherpass", trustStore, secureRandom, trustStrategy, makeHostNameVerifier);
                }
                defaultHttpClient.getConnectionManager().getSchemeRegistry().register(new Scheme("https", 443, sSLSocketFactory));
            } catch (Exception e3) {
                throw new JFedException("Error creating SSL connection to " + this.serverUrlString, e3);
            }
        }
        if (this.protocol == ConnectionConfig.Protocol.HTTP && this.proxyInfo != null && (this.proxyInfo instanceof JFedConnection.SshProxyInfo)) {
            JFedConnection.SshProxyInfo sshProxyInfo2 = (JFedConnection.SshProxyInfo) this.proxyInfo;
            LOG.debug("Using SSH Proxy HTTP connection: " + sshProxyInfo2.getHostname());
            defaultHttpClient.getConnectionManager().getSchemeRegistry().register(new Scheme(HttpHost.DEFAULT_SCHEME_NAME, 80, new SshServerProxyHelper.PlainHttpOverSshProxySocketFactory(new SshServerProxyHelper.SshProxyInfo(new InetSocketAddress(sshProxyInfo2.getHostname(), sshProxyInfo2.getPort()), sshProxyInfo2.getUsername(), sshProxyInfo2.getHostKey(), new String(KeyUtil.privateKeyToAnyPem(sshProxyInfo2.getSshKeyInfo().getPrivateKey()))))));
        }
        BasicHttpContext basicHttpContext = null;
        if (this.authentication == ConnectionConfig.Authentication.HTTP_BASIC) {
            int port = this.serverUrl.getPort();
            if (this.serverUrl.getPort() <= 0) {
                port = this.serverUrl.getDefaultPort();
            }
            defaultHttpClient.getCredentialsProvider().setCredentials(new AuthScope(this.serverUrl.getHost(), port), new UsernamePasswordCredentials(this.login.getUsername(), this.login.getPassword()));
            BasicAuthCache basicAuthCache = new BasicAuthCache();
            basicAuthCache.put(new HttpHost(this.serverUrl.getHost(), port, this.protocol == ConnectionConfig.Protocol.HTTP ? HttpHost.DEFAULT_SCHEME_NAME : "https"), new BasicScheme());
            basicHttpContext = new BasicHttpContext();
            basicHttpContext.setAttribute(ClientContext.AUTH_CACHE, basicAuthCache);
        }
        return new HttpConParts(defaultHttpClient, null, basicHttpContext, trustStrategy);
    }

    static X509HostnameVerifier makeHostNameVerifier(final List<String> list) {
        return new AbstractVerifier() { // from class: be.iminds.ilabt.jfed.lowlevel.connection.BasicConnectionBuilder.2
            private BrowserCompatHostnameVerifier base = new BrowserCompatHostnameVerifier();

            @Override // org.apache.http.conn.ssl.X509HostnameVerifier
            public final void verify(String str, String[] strArr, String[] strArr2) throws SSLException {
                ArrayList arrayList = new ArrayList();
                ArrayList arrayList2 = new ArrayList();
                if (strArr2 != null) {
                    Collections.addAll(arrayList, strArr2);
                }
                if (strArr != null) {
                    Collections.addAll(arrayList2, strArr);
                }
                for (String str2 : list) {
                    if (arrayList2.contains(str2) || arrayList.contains(str2) || str2.equals(Marker.ANY_MARKER)) {
                        arrayList.clear();
                        arrayList2.clear();
                        arrayList.add(str);
                        arrayList2.add(str);
                        break;
                    }
                }
                String[] strArr3 = new String[arrayList.size()];
                for (int i = 0; i < arrayList.size(); i++) {
                    strArr3[i] = (String) arrayList.get(i);
                }
                String[] strArr4 = new String[arrayList2.size()];
                for (int i2 = 0; i2 < arrayList2.size(); i2++) {
                    strArr4[i2] = (String) arrayList2.get(i2);
                }
                try {
                    this.base.verify(str, strArr4, strArr3);
                } catch (SSLException e) {
                    BasicConnectionBuilder.LOG.warn("HttpsClientWithUserAuthenticationFactory hostnameVerifier host name verification failed:" + e.getMessage() + Indentation.NORMAL_END_OF_LINE + "host=" + str + Indentation.NORMAL_END_OF_LINE + "cns=" + (strArr == null ? Parameters.NULL_VALUE : Arrays.toString(strArr)) + Indentation.NORMAL_END_OF_LINE + "subjectAlts=" + Arrays.toString(strArr2) + Indentation.NORMAL_END_OF_LINE + "newCns=" + arrayList2 + Indentation.NORMAL_END_OF_LINE + "newSubjectAlts=" + arrayList + Indentation.NORMAL_END_OF_LINE + "allowedCertificateHostnameAliases=" + list, (Throwable) e);
                    throw e;
                }
            }
        };
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.connection.ConnectionBuilder
    public SfaConnection buildSfaConnection() throws JFedException {
        check();
        HttpConParts connectionHttpClientAndContext = getConnectionHttpClientAndContext();
        CommonsHttpClientXmlRpcTransportFactory commonsHttpClientXmlRpcTransportFactory = new CommonsHttpClientXmlRpcTransportFactory(this.serverUrlString, connectionHttpClientAndContext.defaultHttpClient, this.debugInfo.isDebugMode());
        try {
            BasicSfaConnection basicSfaConnection = new BasicSfaConnection(getCurrentConnectionConfig(ConnectionConfig.Type.SFA), commonsHttpClientXmlRpcTransportFactory, new XmlRpcClient(this.serverUrl, commonsHttpClientXmlRpcTransportFactory));
            if (connectionHttpClientAndContext.trustStrategy != null && (connectionHttpClientAndContext.trustStrategy instanceof SpyingTrustStrategy)) {
                ((SpyingTrustStrategy) connectionHttpClientAndContext.trustStrategy).setConnection(basicSfaConnection);
            }
            return basicSfaConnection;
        } catch (Exception e) {
            throw new JFedException("Error creating XmlRpcClient: " + e.getMessage(), e);
        }
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.connection.ConnectionBuilder
    public HttpConnection buildHttpConnection() throws JFedException {
        check();
        HttpConParts connectionHttpClientAndContext = getConnectionHttpClientAndContext();
        BasicHttpConnection basicHttpConnection = new BasicHttpConnection(getCurrentConnectionConfig(ConnectionConfig.Type.HTTP), connectionHttpClientAndContext.defaultHttpClient, connectionHttpClientAndContext.httpContext, connectionHttpClientAndContext.preemptiveAuthHttpContext);
        if (connectionHttpClientAndContext.trustStrategy != null && (connectionHttpClientAndContext.trustStrategy instanceof SpyingTrustStrategy)) {
            ((SpyingTrustStrategy) connectionHttpClientAndContext.trustStrategy).setConnection(basicHttpConnection);
        }
        return basicHttpConnection;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.connection.ConnectionBuilder
    public ConnectionConfig getCurrentConnectionConfig(ConnectionConfig.Type type) {
        return new ConnectionConfig(this.serverUrl, this.debugInfo, this.proxyInfo, this.authentication, this.login, this.clientCertChain, this.privateKey, this.protocol, this.conTrustStore, this.handleUntrustedCallback, type);
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.connection.ConnectionBuilder
    public void set(ConnectionConfig connectionConfig) {
        this.serverUrlString = connectionConfig.getServerUrlString();
        this.debugInfo = connectionConfig.getDebugInfo();
        this.proxyInfo = connectionConfig.getProxyInfo();
        this.authentication = connectionConfig.getAuthentication();
        this.login = connectionConfig.getLogin();
        this.clientCertChain = connectionConfig.getClientCertChain();
        this.privateKey = connectionConfig.getPrivateKey();
        this.protocol = connectionConfig.getProtocol();
        this.conTrustStore = connectionConfig.getConTrustStore();
        this.handleUntrustedCallback = connectionConfig.getHandleUntrustedCallback();
    }
}
