package cfca.sadk.timestamp.client.socket;

import cfca.sadk.timestamp.client.conf.TscLayeredConf;
import cfca.sadk.timestamp.client.logging.TscLogging;
import cfca.sadk.timestamp.client.utils.TscStrings;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import org.apache.http.conn.socket.LayeredConnectionSocketFactory;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.http.conn.util.PublicSuffixMatcherLoader;
import org.apache.http.util.Args;

/* loaded from: input_file:cfca/sadk/timestamp/client/socket/TscSSLHelper.class */
public final class TscSSLHelper {
    private static final IgnoreHostnameVerifier IGNORE_HOSTNAME_VERIFIER = new IgnoreHostnameVerifier();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:cfca/sadk/timestamp/client/socket/TscSSLHelper$IgnoreHostnameVerifier.class */
    public static final class IgnoreHostnameVerifier implements HostnameVerifier {
        IgnoreHostnameVerifier() {
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            return true;
        }
    }

    private TscSSLHelper() {
    }

    public static final void loggingLocalCertificates(SSLSession sSLSession) {
        if (!TscLogging.DEBUG_LOGGER.isDebugEnabled() || sSLSession == null) {
            return;
        }
        StringBuilder sb = new StringBuilder(4096);
        sb.append("\r\n").append("Secure session established");
        sb.append("\r\n").append(" negotiated protocol: ").append(sSLSession.getProtocol());
        sb.append("\r\n").append(" negotiated cipher suite: ").append(sSLSession.getCipherSuite());
        try {
            Certificate[] localCertificates = sSLSession.getLocalCertificates();
            if (localCertificates == null || localCertificates.length <= 0) {
                sb.append("\r\n").append(" local certs is null");
            } else {
                for (Certificate certificate : localCertificates) {
                    sb.append("\r\n").append(" local certs: ").append(TscStrings.toBase64String(certificate.getEncoded()));
                }
                X509Certificate x509Certificate = (X509Certificate) localCertificates[0];
                sb.append("\r\n").append("  local principal: ").append(x509Certificate.getSubjectX500Principal());
                Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
                if (subjectAlternativeNames != null) {
                    ArrayList arrayList = new ArrayList();
                    for (List<?> list : subjectAlternativeNames) {
                        if (!list.isEmpty()) {
                            arrayList.add((String) list.get(1));
                        }
                    }
                    sb.append("\r\n").append("  local alternative names: ").append(arrayList);
                }
            }
            TscLogging.DEBUG_LOGGER.debug(sb.toString());
        } catch (Exception e) {
            sb.append("\r\n").append(" local certs parse failed");
            TscLogging.DEBUG_LOGGER.debug(sb.toString(), e);
        }
    }

    public static final void loggingPeerCertificates(SSLSession sSLSession) {
        if (!TscLogging.DEBUG_LOGGER.isDebugEnabled() || sSLSession == null) {
            return;
        }
        StringBuilder sb = new StringBuilder(4096);
        sb.append("\r\n").append("Secure session established");
        sb.append("\r\n").append(" negotiated protocol: ").append(sSLSession.getProtocol());
        sb.append("\r\n").append(" negotiated cipher suite: ").append(sSLSession.getCipherSuite());
        try {
            Certificate[] peerCertificates = sSLSession.getPeerCertificates();
            if (peerCertificates == null || peerCertificates.length <= 0) {
                sb.append("\r\n").append(" peer certs is null");
            } else {
                for (Certificate certificate : peerCertificates) {
                    sb.append("\r\n").append(" peer certs: ").append(TscStrings.toBase64String(certificate.getEncoded()));
                }
                X509Certificate x509Certificate = (X509Certificate) peerCertificates[0];
                sb.append("\r\n").append("  peer principal: ").append(x509Certificate.getSubjectX500Principal());
                Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
                if (subjectAlternativeNames != null) {
                    ArrayList arrayList = new ArrayList();
                    for (List<?> list : subjectAlternativeNames) {
                        if (!list.isEmpty()) {
                            arrayList.add((String) list.get(1));
                        }
                    }
                    sb.append("\r\n").append("  peer alternative names: ").append(arrayList);
                }
                sb.append("\r\n").append("  issuer principal: ").append(x509Certificate.getIssuerX500Principal());
                Collection<List<?>> issuerAlternativeNames = x509Certificate.getIssuerAlternativeNames();
                if (issuerAlternativeNames != null) {
                    ArrayList arrayList2 = new ArrayList();
                    for (List<?> list2 : issuerAlternativeNames) {
                        if (!list2.isEmpty()) {
                            arrayList2.add((String) list2.get(1));
                        }
                    }
                    sb.append("\r\n").append("  issuer alternative names: ").append(arrayList2);
                }
            }
            TscLogging.DEBUG_LOGGER.debug(sb.toString());
        } catch (Exception e) {
            sb.append("\r\n").append(" peer certs parse failed");
            TscLogging.DEBUG_LOGGER.debug(sb.toString(), e);
        }
    }

    public static final HostnameVerifier getDefaultHostnameVerifier() {
        return new DefaultHostnameVerifier(PublicSuffixMatcherLoader.getDefault());
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v19, types: [javax.net.ssl.HostnameVerifier] */
    public static final LayeredConnectionSocketFactory newLayeredConnectionSocketFactory(SSLContext sSLContext, TscLayeredConf tscLayeredConf, long j) {
        Args.notNull(tscLayeredConf, "tscLayeredConf");
        TscSocketFactory tscSocketFactory = sSLContext == null ? null : new TscSocketFactory(sSLContext.getSocketFactory());
        boolean isGMSSL = tscLayeredConf.isGMSSL();
        return new TscLayeredConnectionSocketFactory(tscSocketFactory, isGMSSL ? null : tscLayeredConf.getSupportedProtocols(), isGMSSL ? null : tscLayeredConf.getSupportedCipherSuites(), tscLayeredConf.isHostnameChecker() ? getDefaultHostnameVerifier() : IGNORE_HOSTNAME_VERIFIER, j);
    }
}
