package eu.unicore.security.wsutil.client;

import eu.emi.security.authn.x509.X509CertChainValidator;
import eu.emi.security.authn.x509.X509Credential;
import eu.emi.security.authn.x509.impl.CertificateUtils;
import eu.emi.security.authn.x509.impl.FormatMode;
import eu.emi.security.authn.x509.impl.SocketFactoryCreator2;
import eu.unicore.security.canl.LoggingX509TrustManager;
import eu.unicore.util.Log;
import eu.unicore.util.httpclient.HostnameMismatchCallbackImpl;
import eu.unicore.util.httpclient.IClientConfiguration;
import eu.unicore.util.httpclient.NoAuthKeyManager;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:eu/unicore/security/wsutil/client/MySSLSocketFactory.class */
public class MySSLSocketFactory extends SSLSocketFactory {
    private static final Logger log = Log.getLogger("unicore.security", MySSLSocketFactory.class);
    private SSLContext sslcontext = null;
    private IClientConfiguration sec;

    public MySSLSocketFactory(IClientConfiguration iClientConfiguration) {
        this.sec = iClientConfiguration;
    }

    private synchronized SSLContext createSSLContext() {
        X509ExtendedKeyManager noAuthKeyManager;
        try {
            if (this.sec.doSSLAuthn()) {
                noAuthKeyManager = this.sec.getCredential().getKeyManager();
                if (log.isTraceEnabled()) {
                    debugKS(this.sec.getCredential());
                }
            } else {
                noAuthKeyManager = new NoAuthKeyManager();
                log.trace("Not authenticating client");
            }
            TrustManager loggingX509TrustManager = new LoggingX509TrustManager((X509ExtendedTrustManager) new SocketFactoryCreator2(this.sec.getValidator(), new HostnameMismatchCallbackImpl(this.sec.getServerHostnameCheckingMode())).getSSLTrustManager(), "ssl");
            if (log.isTraceEnabled()) {
                debugTS(this.sec.getValidator());
            }
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(new KeyManager[]{noAuthKeyManager}, new TrustManager[]{loggingX509TrustManager}, null);
            return sSLContext;
        } catch (Exception e) {
            log.fatal(e.getMessage(), e);
            throw new RuntimeException(e);
        }
    }

    private void debugTS(X509CertChainValidator x509CertChainValidator) {
        for (X509Certificate x509Certificate : x509CertChainValidator.getTrustedIssuers()) {
            log.trace("Currently(!) trusted certificate:\n" + CertificateUtils.format(x509Certificate, FormatMode.FULL));
        }
    }

    private void debugKS(X509Credential x509Credential) {
        log.trace("Client's certificate chain:" + CertificateUtils.format(CertificateUtils.convertToX509Chain(x509Credential.getCertificateChain()), FormatMode.FULL));
    }

    private SSLContext getSSLContext() {
        if (this.sslcontext == null) {
            this.sslcontext = createSSLContext();
        }
        return this.sslcontext;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException, UnknownHostException {
        return getSSLContext().getSocketFactory().createSocket(str, i, inetAddress, i2);
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i) throws IOException, UnknownHostException {
        return getSSLContext().getSocketFactory().createSocket(str, i);
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException, UnknownHostException {
        return getSSLContext().getSocketFactory().createSocket(socket, str, i, z);
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getDefaultCipherSuites() {
        return createSSLContext().getSupportedSSLParameters().getCipherSuites();
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getSupportedCipherSuites() {
        return createSSLContext().getSupportedSSLParameters().getCipherSuites();
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
        return getSSLContext().getSocketFactory().createSocket(inetAddress, i);
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
        return getSSLContext().getSocketFactory().createSocket(inetAddress, i, inetAddress2, i2);
    }
}
