package com.ibm.team.repository.transport.client;

import com.ibm.team.repository.common.transport.ICertificateValidator;
import com.ibm.team.repository.common.util.NLS;
import com.ibm.team.repository.transport.internal.nls.Messages;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.nio.ByteBuffer;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.conn.ssl.BrowserCompatHostnameVerifier;

/* loaded from: input_file:com/ibm/team/repository/transport/client/SecureInterruptableSocketFactory.class */
public class SecureInterruptableSocketFactory extends InterruptableSocketFactory implements SecureProtocolSocketFactory {
    public static final String SSL_TLS = "SSL_TLS";
    public static final String TLS = "TLS";
    public static final String SSL = "SSL";
    private static final Log LOG = LogFactory.getLog(SecureInterruptableSocketFactory.class);
    private static final ConcurrentMap<String, X509Certificate> hostnameToCertificate = new ConcurrentHashMap();
    protected volatile X509Certificate[] lastKnownServerCertPath;
    protected final HandshakeCompletedListener handshakeListener;
    private final SSLContext sslContext;
    private final ICertificateValidator validator;
    private static /* synthetic */ int[] $SWITCH_TABLE$com$ibm$team$repository$common$transport$ICertificateValidator$Trust;

    public SecureInterruptableSocketFactory(TrustManager trustManager) {
        this(null, trustManager, null);
    }

    public SecureInterruptableSocketFactory(KeyManager[] keyManagerArr, TrustManager trustManager) {
        this(keyManagerArr, trustManager, null);
    }

    public SecureInterruptableSocketFactory(ICertificateValidator iCertificateValidator) {
        this(null, new ValidatingX509TrustManager(iCertificateValidator), iCertificateValidator);
    }

    public SecureInterruptableSocketFactory(KeyManager[] keyManagerArr, ICertificateValidator iCertificateValidator) {
        this(keyManagerArr, new ValidatingX509TrustManager(iCertificateValidator), iCertificateValidator);
    }

    private SecureInterruptableSocketFactory(KeyManager[] keyManagerArr, TrustManager trustManager, ICertificateValidator iCertificateValidator) {
        this.handshakeListener = new HandshakeCompletedListener() { // from class: com.ibm.team.repository.transport.client.SecureInterruptableSocketFactory.1
            @Override // javax.net.ssl.HandshakeCompletedListener
            public void handshakeCompleted(HandshakeCompletedEvent handshakeCompletedEvent) {
                try {
                    Certificate[] peerCertificates = handshakeCompletedEvent.getPeerCertificates();
                    if (peerCertificates == null || peerCertificates.length == 0) {
                        return;
                    }
                    if (peerCertificates instanceof X509Certificate[]) {
                        SecureInterruptableSocketFactory.this.lastKnownServerCertPath = (X509Certificate[]) peerCertificates;
                        return;
                    }
                    X509Certificate[] x509CertificateArr = new X509Certificate[peerCertificates.length];
                    for (int length = peerCertificates.length - 1; length >= 0; length--) {
                        if (!(peerCertificates[length] instanceof X509Certificate)) {
                            return;
                        }
                        x509CertificateArr[length] = (X509Certificate) peerCertificates[length];
                    }
                    SecureInterruptableSocketFactory.this.lastKnownServerCertPath = x509CertificateArr;
                } catch (SSLPeerUnverifiedException e) {
                    SecureInterruptableSocketFactory.LOG.trace(e);
                }
            }
        };
        this.sslContext = SSLContextUtil.createSSLContext(keyManagerArr, trustManager);
        this.validator = iCertificateValidator;
    }

    public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException, UnknownHostException {
        SSLSocket sSLSocket = (SSLSocket) this.sslContext.getSocketFactory().createSocket(socket, str, i, z);
        sSLSocket.addHandshakeCompletedListener(this.handshakeListener);
        sSLSocket.startHandshake();
        try {
            new BrowserCompatHostnameVerifier().verify(str, sSLSocket);
        } catch (IOException e) {
            handleCertificateHostnameMismatch(str, i, sSLSocket, e);
        }
        return sSLSocket;
    }

    private void handleCertificateHostnameMismatch(String str, int i, SSLSocket sSLSocket, IOException iOException) throws SSLPeerUnverifiedException, IOException {
        X509Certificate x509Certificate = null;
        Certificate[] peerCertificates = sSLSocket.getSession().getPeerCertificates();
        if (peerCertificates != null && peerCertificates.length > 0 && (peerCertificates[0] instanceof X509Certificate)) {
            x509Certificate = (X509Certificate) peerCertificates[0];
        }
        String str2 = String.valueOf(str) + '-' + i;
        X509Certificate x509Certificate2 = hostnameToCertificate.get(str2);
        if (x509Certificate2 == null || !x509Certificate2.equals(x509Certificate)) {
            if (isPermanentlyAccepted(str2, x509Certificate)) {
                hostnameToCertificate.put(str2, x509Certificate);
                return;
            }
            if (this.validator != null) {
                switch ($SWITCH_TABLE$com$ibm$team$repository$common$transport$ICertificateValidator$Trust()[this.validator.validate(x509Certificate, new CertificateHostnameMismatchException(NLS.bind(Messages.getClientString("SecureInterruptableSocketFactory.ServerCertifiateHostnameMismatch"), str, new Object[0]))).ordinal()]) {
                    case 1:
                        throw iOException;
                    case 2:
                    default:
                        return;
                    case 3:
                        hostnameToCertificate.put(str2, x509Certificate);
                        return;
                    case 4:
                        storePermanentlyAccepted(str2, x509Certificate);
                        return;
                }
            }
        }
    }

    private String getHostnameCertStoreDirectory() {
        return String.valueOf(System.getProperty("user.home")) + "/.jazzhostnamecerts";
    }

    private boolean isPermanentlyAccepted(String str, X509Certificate x509Certificate) throws IOException {
        File file = new File((String.valueOf(getHostnameCertStoreDirectory()) + '/' + str).replace('/', File.separatorChar));
        if (!file.exists()) {
            return false;
        }
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            try {
                X509Certificate x509Certificate2 = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(fileInputStream);
                fileInputStream.close();
                return x509Certificate2.equals(x509Certificate);
            } catch (CertificateException e) {
                LOG.warn(NLS.bind("The certificate in file \"{0}\" could not be read.", file.getAbsolutePath(), new Object[0]), e);
                fileInputStream.close();
                return false;
            }
        } catch (Throwable th) {
            fileInputStream.close();
            throw th;
        }
    }

    private void storePermanentlyAccepted(String str, X509Certificate x509Certificate) throws IOException {
        File file = new File(getHostnameCertStoreDirectory());
        if (!file.exists() && !file.mkdirs()) {
            LOG.warn(NLS.bind("The directory \"{0}\" could not be created", file.getAbsolutePath(), new Object[0]));
            return;
        }
        File file2 = new File(file, str);
        FileOutputStream fileOutputStream = new FileOutputStream(file2, false);
        try {
            ByteBuffer wrap = ByteBuffer.wrap(x509Certificate.getEncoded());
            while (wrap.hasRemaining()) {
                fileOutputStream.getChannel().write(wrap);
            }
        } catch (CertificateEncodingException e) {
            LOG.warn(NLS.bind("A certificate could not be saved to file \"{0}\".", file2.getAbsolutePath(), new Object[0]), e);
        } finally {
            fileOutputStream.close();
        }
    }

    @Override // com.ibm.team.repository.transport.client.InterruptableSocketFactory
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException, UnknownHostException {
        return createSocket(super.createSocket(str, i, inetAddress, i2), str, i, true);
    }

    @Override // com.ibm.team.repository.transport.client.InterruptableSocketFactory
    public Socket createSocket(String str, int i) throws IOException, UnknownHostException {
        return createSocket(super.createSocket(str, i), str, i, true);
    }

    @Override // com.ibm.team.repository.transport.client.InterruptableSocketFactory
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2, HttpConnectionParams httpConnectionParams) throws IOException, UnknownHostException, ConnectTimeoutException {
        return createSocket(super.createSocket(str, i, inetAddress, i2, httpConnectionParams), str, i, true);
    }

    public X509Certificate[] getLastKnownServerCertificatePath() {
        return this.lastKnownServerCertPath;
    }

    static /* synthetic */ int[] $SWITCH_TABLE$com$ibm$team$repository$common$transport$ICertificateValidator$Trust() {
        int[] iArr = $SWITCH_TABLE$com$ibm$team$repository$common$transport$ICertificateValidator$Trust;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[ICertificateValidator.Trust.values().length];
        try {
            iArr2[ICertificateValidator.Trust.ACCEPT_CONNECTION.ordinal()] = 2;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[ICertificateValidator.Trust.ACCEPT_PERMANENT.ordinal()] = 4;
        } catch (NoSuchFieldError unused2) {
        }
        try {
            iArr2[ICertificateValidator.Trust.ACCEPT_SESSION.ordinal()] = 3;
        } catch (NoSuchFieldError unused3) {
        }
        try {
            iArr2[ICertificateValidator.Trust.REJECT.ordinal()] = 1;
        } catch (NoSuchFieldError unused4) {
        }
        $SWITCH_TABLE$com$ibm$team$repository$common$transport$ICertificateValidator$Trust = iArr2;
        return iArr2;
    }
}
