package org.apache.commons.ssl;

import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.SortedSet;
import java.util.TreeSet;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:org/apache/commons/ssl/SSL.class */
public class SSL {
    private static final String[] KNOWN_PROTOCOLS_ARRAY = {"TLSv1", "SSLv3", "SSLv2", "SSLv2Hello"};
    private static final String[] SUPPORTED_CIPHERS_ARRAY;
    public static final SortedSet KNOWN_PROTOCOLS;
    public static final SortedSet SUPPORTED_CIPHERS;
    private boolean doVerify;
    private String protocol;
    private X509Certificate[] currentServerChain;
    private X509Certificate[] currentClientChain;
    private SSLContext context = null;
    private boolean checkCRL = true;
    private int soTimeout = 0;
    private int connectTimeout = 0;
    private TrustChain trustChain = null;
    private KeyMaterial keyMaterial = null;
    private String[] enabledCiphers = null;
    private String[] enabledProtocols = null;
    private String defaultProtocol = "TLS";
    private boolean wantClientAuth = true;
    private boolean needClientAuth = false;

    public SSL(String str, boolean z) throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException, CertificateException {
        this.doVerify = true;
        this.protocol = null;
        this.protocol = str;
        this.doVerify = z;
        init();
    }

    public void addTrustMaterial(TrustChain trustChain) throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException, CertificateException {
        if (this.trustChain == null || trustChain == TrustMaterial.TRUST_ALL) {
            this.trustChain = trustChain;
        } else {
            this.trustChain.addTrustMaterial(trustChain);
        }
        init();
    }

    public void setTrustMaterial(TrustChain trustChain) throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException, CertificateException {
        this.trustChain = trustChain;
        init();
    }

    public void setKeyMaterial(KeyMaterial keyMaterial) throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException, CertificateException {
        this.keyMaterial = keyMaterial;
        init();
    }

    public String[] getEnabledCiphers() {
        return this.enabledCiphers != null ? this.enabledCiphers : getDefaultCipherSuites();
    }

    public void setEnabledCiphers(String[] strArr) {
        HashSet hashSet = new HashSet(Arrays.asList(strArr));
        hashSet.removeAll(SUPPORTED_CIPHERS);
        if (!hashSet.isEmpty()) {
            throw new IllegalArgumentException(new StringBuffer().append("following ciphers not supported: ").append(hashSet).toString());
        }
        this.enabledCiphers = strArr;
    }

    public String[] getEnabledProtocols() {
        return this.enabledProtocols != null ? this.enabledProtocols : KNOWN_PROTOCOLS_ARRAY;
    }

    public void setEnabledProtocols(String[] strArr) {
        HashSet hashSet = new HashSet(Arrays.asList(strArr));
        hashSet.removeAll(KNOWN_PROTOCOLS);
        if (!hashSet.isEmpty()) {
            throw new IllegalArgumentException(new StringBuffer().append("following protocols not supported: ").append(hashSet).toString());
        }
        this.enabledProtocols = strArr;
    }

    public String getDefaultProtocol() {
        return this.defaultProtocol;
    }

    public void setDefaultProtocol(String str) {
        this.defaultProtocol = str;
    }

    public void setDoVerify(boolean z) {
        this.doVerify = z;
    }

    public boolean getDoVerify() {
        return this.doVerify;
    }

    public void setCheckCRL(boolean z) {
        this.checkCRL = z;
    }

    public boolean getCheckCRL() {
        return this.checkCRL;
    }

    public void setSoTimeout(int i) {
        if (i < 0) {
            throw new IllegalArgumentException("soTimeout must not be negative");
        }
        this.soTimeout = i;
    }

    public void setConnectTimeout(int i) {
        if (i < 0) {
            throw new IllegalArgumentException("connectTimeout must not be negative");
        }
        this.connectTimeout = i;
    }

    public void setWantClientAuth(boolean z) {
        this.wantClientAuth = z;
    }

    public void setNeedClientAuth(boolean z) {
        this.needClientAuth = z;
    }

    private void init() throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException, CertificateException {
        SSLContext sSLContext = SSLContext.getInstance(this.protocol);
        TrustManager[] trustManagerArr = null;
        KeyManager[] keyManagerArr = null;
        if (this.trustChain != null) {
            trustManagerArr = this.trustChain.getTrustManagers();
        }
        if (this.keyMaterial != null) {
            keyManagerArr = this.keyMaterial.getKeyManagers();
        }
        decorate(keyManagerArr, this.keyMaterial, trustManagerArr, this.trustChain);
        sSLContext.init(keyManagerArr, trustManagerArr, null);
        this.context = sSLContext;
    }

    private void decorate(KeyManager[] keyManagerArr, KeyMaterial keyMaterial, TrustManager[] trustManagerArr, TrustChain trustChain) {
        if (keyManagerArr != null) {
            for (int i = 0; i < keyManagerArr.length; i++) {
                if (keyManagerArr[i] instanceof X509KeyManager) {
                    keyManagerArr[i] = new X509KeyManagerWrapper((X509KeyManager) keyManagerArr[i], keyMaterial, this);
                }
            }
        }
        if (trustManagerArr != null) {
            for (int i2 = 0; i2 < trustManagerArr.length; i2++) {
                if (trustManagerArr[i2] instanceof X509TrustManager) {
                    trustManagerArr[i2] = new X509TrustManagerWrapper((X509TrustManager) trustManagerArr[i2], trustChain, this);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void doPreConnectSocketStuff(SSLSocket sSLSocket) throws IOException {
        if (this.soTimeout > 0) {
            sSLSocket.setSoTimeout(this.soTimeout);
        }
        if (this.enabledProtocols != null) {
            sSLSocket.setEnabledProtocols(this.enabledProtocols);
        }
        if (this.enabledCiphers != null) {
            sSLSocket.setEnabledCipherSuites(this.enabledCiphers);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void doPreConnectServerSocketStuff(SSLServerSocket sSLServerSocket) throws IOException {
        if (this.soTimeout > 0) {
            sSLServerSocket.setSoTimeout(this.soTimeout);
        }
        if (this.enabledProtocols != null) {
            sSLServerSocket.setEnabledProtocols(this.enabledProtocols);
        }
        if (this.enabledCiphers != null) {
            sSLServerSocket.setEnabledCipherSuites(this.enabledCiphers);
        }
        if (!this.wantClientAuth) {
            sSLServerSocket.setWantClientAuth(this.wantClientAuth);
        }
        if (!this.needClientAuth) {
            sSLServerSocket.setNeedClientAuth(this.needClientAuth);
        }
        if (this.wantClientAuth) {
            sSLServerSocket.setWantClientAuth(this.wantClientAuth);
        }
        if (this.needClientAuth) {
            sSLServerSocket.setNeedClientAuth(this.needClientAuth);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void doPostConnectSocketStuff(SSLSocket sSLSocket, String str) throws IOException {
        if (this.doVerify) {
            Util.verifyHostName(str, sSLSocket);
        }
    }

    public SSLContext getContext() {
        return this.context;
    }

    public int getConnectTimeout() {
        return this.connectTimeout;
    }

    public String[] getDefaultCipherSuites() {
        return this.context.getSocketFactory().getDefaultCipherSuites();
    }

    public String[] getSupportedCipherSuites() {
        String[] strArr = new String[SUPPORTED_CIPHERS_ARRAY.length];
        System.arraycopy(SUPPORTED_CIPHERS_ARRAY, 0, strArr, 0, strArr.length);
        return strArr;
    }

    public void setCurrentServerChain(X509Certificate[] x509CertificateArr) {
        this.currentServerChain = x509CertificateArr;
    }

    public void setCurrentClientChain(X509Certificate[] x509CertificateArr) {
        this.currentClientChain = x509CertificateArr;
    }

    public X509Certificate[] getCurrentServerChain() {
        return this.currentServerChain;
    }

    public X509Certificate[] getCurrentClientChain() {
        return this.currentClientChain;
    }

    static {
        TreeSet treeSet = new TreeSet(Collections.reverseOrder());
        treeSet.addAll(Arrays.asList(KNOWN_PROTOCOLS_ARRAY));
        KNOWN_PROTOCOLS = Collections.unmodifiableSortedSet(treeSet);
        SSLSocketFactory sSLSocketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
        TreeSet treeSet2 = new TreeSet();
        SUPPORTED_CIPHERS_ARRAY = sSLSocketFactory.getSupportedCipherSuites();
        treeSet2.addAll(Arrays.asList(SUPPORTED_CIPHERS_ARRAY));
        SUPPORTED_CIPHERS = Collections.unmodifiableSortedSet(treeSet2);
    }
}
