package defpackage;

import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import javax.net.SocketFactory;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

@oH(a = oK.SAFE)
/* loaded from: input_file:sH.class */
public class sH implements InterfaceC0639sw {
    public static final String a = "TLS";
    public static final String b = "SSL";
    public static final String c = "SSLv2";

    @Deprecated
    public static final sS d = C0642sz.b;

    @Deprecated
    public static final sS e = sA.b;

    @Deprecated
    public static final sS f = sO.b;
    private final Log g;
    private final SSLSocketFactory h;
    private final HostnameVerifier i;
    private final String[] j;
    private final String[] k;

    public static HostnameVerifier a() {
        return new sB(sY.a());
    }

    public static sH b() throws sM {
        return new sH(C0040Bo.a(), a());
    }

    private static String[] a(String str) {
        if (BB.b(str)) {
            return null;
        }
        return str.split(" *, *");
    }

    public static sH c() throws sM {
        return new sH((SSLSocketFactory) SSLSocketFactory.getDefault(), a(System.getProperty("https.protocols")), a(System.getProperty("https.cipherSuites")), a());
    }

    public sH(SSLContext sSLContext) {
        this(sSLContext, a());
    }

    @Deprecated
    public sH(SSLContext sSLContext, sS sSVar) {
        this(((SSLContext) C0043Br.a(sSLContext, "SSL context")).getSocketFactory(), (String[]) null, (String[]) null, sSVar);
    }

    @Deprecated
    public sH(SSLContext sSLContext, String[] strArr, String[] strArr2, sS sSVar) {
        this(((SSLContext) C0043Br.a(sSLContext, "SSL context")).getSocketFactory(), strArr, strArr2, sSVar);
    }

    @Deprecated
    public sH(SSLSocketFactory sSLSocketFactory, sS sSVar) {
        this(sSLSocketFactory, (String[]) null, (String[]) null, sSVar);
    }

    @Deprecated
    public sH(SSLSocketFactory sSLSocketFactory, String[] strArr, String[] strArr2, sS sSVar) {
        this(sSLSocketFactory, strArr, strArr2, (HostnameVerifier) sSVar);
    }

    public sH(SSLContext sSLContext, HostnameVerifier hostnameVerifier) {
        this(((SSLContext) C0043Br.a(sSLContext, "SSL context")).getSocketFactory(), (String[]) null, (String[]) null, hostnameVerifier);
    }

    public sH(SSLContext sSLContext, String[] strArr, String[] strArr2, HostnameVerifier hostnameVerifier) {
        this(((SSLContext) C0043Br.a(sSLContext, "SSL context")).getSocketFactory(), strArr, strArr2, hostnameVerifier);
    }

    public sH(SSLSocketFactory sSLSocketFactory, HostnameVerifier hostnameVerifier) {
        this(sSLSocketFactory, (String[]) null, (String[]) null, hostnameVerifier);
    }

    public sH(SSLSocketFactory sSLSocketFactory, String[] strArr, String[] strArr2, HostnameVerifier hostnameVerifier) {
        this.g = LogFactory.getLog(getClass());
        this.h = (SSLSocketFactory) C0043Br.a(sSLSocketFactory, "SSL socket factory");
        this.j = strArr;
        this.k = strArr2;
        this.i = hostnameVerifier != null ? hostnameVerifier : a();
    }

    protected void a(SSLSocket sSLSocket) throws IOException {
    }

    @Override // defpackage.InterfaceC0638sv
    public Socket a(AG ag) throws IOException {
        return SocketFactory.getDefault().createSocket();
    }

    @Override // defpackage.InterfaceC0638sv
    public Socket a(int i, Socket socket, C0516oh c0516oh, InetSocketAddress inetSocketAddress, InetSocketAddress inetSocketAddress2, AG ag) throws IOException {
        C0043Br.a(c0516oh, "HTTP host");
        C0043Br.a(inetSocketAddress, "Remote address");
        Socket a2 = socket != null ? socket : a(ag);
        if (inetSocketAddress2 != null) {
            a2.bind(inetSocketAddress2);
        }
        if (i > 0) {
            try {
                if (a2.getSoTimeout() == 0) {
                    a2.setSoTimeout(i);
                }
            } catch (IOException e2) {
                try {
                    a2.close();
                } catch (IOException e3) {
                }
                throw e2;
            }
        }
        if (this.g.isDebugEnabled()) {
            this.g.debug("Connecting socket to " + inetSocketAddress + " with timeout " + i);
        }
        a2.connect(inetSocketAddress, i);
        if (!(a2 instanceof SSLSocket)) {
            return a(a2, c0516oh.a(), inetSocketAddress.getPort(), ag);
        }
        SSLSocket sSLSocket = (SSLSocket) a2;
        this.g.debug("Starting handshake");
        sSLSocket.startHandshake();
        a(sSLSocket, c0516oh.a());
        return a2;
    }

    @Override // defpackage.InterfaceC0639sw
    public Socket a(Socket socket, String str, int i, AG ag) throws IOException {
        SSLSocket sSLSocket = (SSLSocket) this.h.createSocket(socket, str, i, true);
        if (this.j != null) {
            sSLSocket.setEnabledProtocols(this.j);
        } else {
            String[] enabledProtocols = sSLSocket.getEnabledProtocols();
            ArrayList arrayList = new ArrayList(enabledProtocols.length);
            for (String str2 : enabledProtocols) {
                if (!str2.startsWith("SSL")) {
                    arrayList.add(str2);
                }
            }
            if (!arrayList.isEmpty()) {
                sSLSocket.setEnabledProtocols((String[]) arrayList.toArray(new String[arrayList.size()]));
            }
        }
        if (this.k != null) {
            sSLSocket.setEnabledCipherSuites(this.k);
        }
        if (this.g.isDebugEnabled()) {
            this.g.debug("Enabled protocols: " + Arrays.asList(sSLSocket.getEnabledProtocols()));
            this.g.debug("Enabled cipher suites:" + Arrays.asList(sSLSocket.getEnabledCipherSuites()));
        }
        a(sSLSocket);
        this.g.debug("Starting handshake");
        sSLSocket.startHandshake();
        a(sSLSocket, str);
        return sSLSocket;
    }

    private void a(SSLSocket sSLSocket, String str) throws IOException {
        try {
            SSLSession session = sSLSocket.getSession();
            if (session == null) {
                sSLSocket.getInputStream().available();
                session = sSLSocket.getSession();
                if (session == null) {
                    sSLSocket.startHandshake();
                    session = sSLSocket.getSession();
                }
            }
            if (session == null) {
                throw new SSLHandshakeException("SSL session not available");
            }
            if (this.g.isDebugEnabled()) {
                this.g.debug("Secure session established");
                this.g.debug(" negotiated protocol: " + session.getProtocol());
                this.g.debug(" negotiated cipher suite: " + session.getCipherSuite());
                try {
                    X509Certificate x509Certificate = (X509Certificate) session.getPeerCertificates()[0];
                    this.g.debug(" peer principal: " + x509Certificate.getSubjectX500Principal().toString());
                    Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
                    if (subjectAlternativeNames != null) {
                        ArrayList arrayList = new ArrayList();
                        for (List<?> list : subjectAlternativeNames) {
                            if (!list.isEmpty()) {
                                arrayList.add((String) list.get(1));
                            }
                        }
                        this.g.debug(" peer alternative names: " + arrayList);
                    }
                    this.g.debug(" issuer principal: " + x509Certificate.getIssuerX500Principal().toString());
                    Collection<List<?>> issuerAlternativeNames = x509Certificate.getIssuerAlternativeNames();
                    if (issuerAlternativeNames != null) {
                        ArrayList arrayList2 = new ArrayList();
                        for (List<?> list2 : issuerAlternativeNames) {
                            if (!list2.isEmpty()) {
                                arrayList2.add((String) list2.get(1));
                            }
                        }
                        this.g.debug(" issuer alternative names: " + arrayList2);
                    }
                } catch (Exception e2) {
                }
            }
            if (this.i.verify(str, session)) {
                return;
            }
            throw new SSLPeerUnverifiedException("Certificate for <" + str + "> doesn't match any of the subject alternative names: " + sB.a((X509Certificate) session.getPeerCertificates()[0]));
        } catch (IOException e3) {
            try {
                sSLSocket.close();
            } catch (Exception e4) {
            }
            throw e3;
        }
    }
}
