package de.fhhannover.inform.trust.ifmapj.channel;

import de.fhhannover.inform.trust.ifmapj.binding.BindingFactory;
import de.fhhannover.inform.trust.ifmapj.binding.Marshaller;
import de.fhhannover.inform.trust.ifmapj.binding.Unmarshaller;
import de.fhhannover.inform.trust.ifmapj.exception.CommunicationException;
import de.fhhannover.inform.trust.ifmapj.exception.InitializationException;
import de.fhhannover.inform.trust.ifmapj.log.IfmapJLog;
import de.fhhannover.inform.trust.ifmapj.messages.RequestFactoryImpl;
import de.fhhannover.inform.trust.ifmapj.messages.RequestFactoryInternal;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:de/fhhannover/inform/trust/ifmapj/channel/Channel.class */
public abstract class Channel implements IfmapChannel {
    public static final String VERIFY_PEER_CERT_PROPERTY = "ifmapj.communication.verifypeercert";
    public static final String VERIFY_PEER_HOST_PROPERTY = "ifmapj.communication.verifypeerhost";
    private final CommunicationHandler mCommunicationHandler;
    private final String mUrlStr;
    private final String mUser;
    private final String mPassword;
    private final boolean mBasicAuth;
    protected final RequestFactoryInternal mRequestFactory;
    protected final Marshaller mMarshaller;
    protected final Unmarshaller mUnmarshaller;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:de/fhhannover/inform/trust/ifmapj/channel/Channel$AllOkHostnameVerifier.class */
    public class AllOkHostnameVerifier implements HostnameVerifier {
        private AllOkHostnameVerifier() {
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:de/fhhannover/inform/trust/ifmapj/channel/Channel$TrustAllManager.class */
    public class TrustAllManager implements X509TrustManager {
        private TrustAllManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:de/fhhannover/inform/trust/ifmapj/channel/Channel$X509CommonNameHostnameVerifier.class */
    public class X509CommonNameHostnameVerifier implements HostnameVerifier {
        private X509CommonNameHostnameVerifier() {
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            X500Principal subjectX500Principal;
            int indexOf;
            try {
                Certificate[] peerCertificates = sSLSession.getPeerCertificates();
                if (peerCertificates.length == 0 || !(peerCertificates[0] instanceof X509Certificate) || (subjectX500Principal = ((X509Certificate) peerCertificates[0]).getSubjectX500Principal()) == null) {
                    return false;
                }
                String name = subjectX500Principal.getName();
                if (!name.startsWith("CN=") || (indexOf = name.indexOf(44)) < 0 || indexOf < 3) {
                    return false;
                }
                String substring = name.substring(3, indexOf);
                try {
                    InetAddress[] allByName = InetAddress.getAllByName(str);
                    InetAddress[] allByName2 = InetAddress.getAllByName(substring);
                    for (InetAddress inetAddress : allByName) {
                        for (InetAddress inetAddress2 : allByName2) {
                            if (inetAddress.equals(inetAddress2)) {
                                return true;
                            }
                        }
                    }
                    return false;
                } catch (UnknownHostException e) {
                    return false;
                }
            } catch (SSLPeerUnverifiedException e2) {
                return false;
            }
        }
    }

    private Channel(String str, String str2, String str3, KeyManager[] keyManagerArr, TrustManager[] trustManagerArr) throws InitializationException {
        if (str == null) {
            throw new InitializationException("URL not allowed to be null");
        }
        if (trustManagerArr == null) {
            throw new InitializationException("keystore and truststore need to be set");
        }
        if ((str2 != null && str3 == null) || (str2 == null && str3 != null)) {
            throw new InitializationException("One basic auth parameter is null");
        }
        this.mUrlStr = str;
        this.mUser = str2;
        this.mPassword = str3;
        this.mBasicAuth = (this.mUser == null && this.mPassword == null) ? false : true;
        this.mRequestFactory = new RequestFactoryImpl();
        this.mMarshaller = BindingFactory.newMarshaller();
        this.mUnmarshaller = BindingFactory.newUnmarshaller();
        this.mCommunicationHandler = CommunicationHandlerFactory.newHandler(str, str2, str3, initSslSocketFactory(keyManagerArr, trustManagerArr), initHostnameVerifier());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Channel(String str, String str2, String str3, TrustManager[] trustManagerArr) throws InitializationException {
        this(str, str2, str3, null, trustManagerArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Channel(String str, KeyManager[] keyManagerArr, TrustManager[] trustManagerArr) throws InitializationException {
        this(str, null, null, keyManagerArr, trustManagerArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public InputStream doHttpRequest(InputStream inputStream) throws CommunicationException {
        return this.mCommunicationHandler.doRequest(inputStream);
    }

    public String getUrl() {
        return this.mUrlStr;
    }

    public String getUser() {
        return this.mUser;
    }

    public String getPassword() {
        return this.mPassword;
    }

    @Override // de.fhhannover.inform.trust.ifmapj.channel.IfmapChannel
    public void setGzip(boolean z) {
        this.mCommunicationHandler.setGzip(z);
    }

    @Override // de.fhhannover.inform.trust.ifmapj.channel.IfmapChannel
    public boolean usesGzip() {
        return this.mCommunicationHandler.usesGzip();
    }

    public boolean isBasicAuth() {
        return this.mBasicAuth;
    }

    @Override // de.fhhannover.inform.trust.ifmapj.channel.IfmapChannel
    public void closeTcpConnection() throws CommunicationException {
        this.mCommunicationHandler.closeTcpConnection();
    }

    private SSLSocketFactory initSslSocketFactory(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr) throws InitializationException {
        String property = System.getProperty(VERIFY_PEER_CERT_PROPERTY);
        if (property != null && property.equals("false")) {
            trustManagerArr = getTrustAllKeystore();
        } else if (property != null && (property == null || !property.equals("true"))) {
            throw new InitializationException("Bad value for ifmapj.communication.verifypeercert property. Expected: true|false");
        }
        if (!isBasicAuth() && keyManagerArr == null) {
            throw new InitializationException("certificate-based auth needs a KeyManager");
        }
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagerArr, trustManagerArr, new SecureRandom());
            return sSLContext.getSocketFactory();
        } catch (Exception e) {
            IfmapJLog.error("Could not initialize SSLSocketFactory [" + e.getMessage() + "]");
            throw new InitializationException(e);
        }
    }

    private TrustManager[] getTrustAllKeystore() {
        return new TrustManager[]{new TrustAllManager()};
    }

    private HostnameVerifier initHostnameVerifier() {
        String property = System.getProperty(VERIFY_PEER_HOST_PROPERTY);
        return (property == null || !property.equals("true")) ? new AllOkHostnameVerifier() : new X509CommonNameHostnameVerifier();
    }
}
