package cfca.sadk.timestamp.client.socket;

import cfca.sadk.timestamp.client.conf.TscDefine;
import cfca.sadk.timestamp.client.logging.TscLogging;
import cfca.sadk.timestamp.client.socket.TscSSLHelper;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.SocketAddress;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import javax.net.SocketFactory;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import org.apache.http.HttpHost;
import org.apache.http.annotation.Contract;
import org.apache.http.annotation.ThreadingBehavior;
import org.apache.http.conn.socket.LayeredConnectionSocketFactory;
import org.apache.http.protocol.HttpContext;
import org.apache.http.util.Args;

@Contract(threading = ThreadingBehavior.SAFE)
/* loaded from: input_file:cfca/sadk/timestamp/client/socket/TscLayeredConnectionSocketFactory.class */
public class TscLayeredConnectionSocketFactory extends TscConnectionSocketFactory implements LayeredConnectionSocketFactory {
    private final SSLSocketFactory socketfactory;
    private final HostnameVerifier hostnameVerifier;
    private final String[] supportedProtocols;
    private final String[] supportedCipherSuites;

    public TscLayeredConnectionSocketFactory(SSLContext sSLContext, String[] strArr, String[] strArr2, HostnameVerifier hostnameVerifier, long j) {
        this(((SSLContext) Args.notNull(sSLContext, "SSL context")).getSocketFactory(), strArr, strArr2, hostnameVerifier, j);
    }

    public TscLayeredConnectionSocketFactory(SSLSocketFactory sSLSocketFactory, String[] strArr, String[] strArr2, HostnameVerifier hostnameVerifier, long j) {
        super(j);
        this.socketfactory = (SSLSocketFactory) Args.notNull(sSLSocketFactory, "SSL socket factory");
        this.supportedProtocols = strArr;
        this.supportedCipherSuites = strArr2;
        this.hostnameVerifier = hostnameVerifier != null ? hostnameVerifier : TscSSLHelper.getDefaultHostnameVerifier();
    }

    @Override // cfca.sadk.timestamp.client.socket.TscConnectionSocketFactory
    public Socket createSocket(HttpContext httpContext) throws IOException {
        return SocketFactory.getDefault().createSocket();
    }

    @Override // cfca.sadk.timestamp.client.socket.TscConnectionSocketFactory
    public Socket connectSocket(int i, Socket socket, HttpHost httpHost, InetSocketAddress inetSocketAddress, InetSocketAddress inetSocketAddress2, HttpContext httpContext) throws IOException {
        Socket connectSocket = super.connectSocket(i, socket, httpHost, inetSocketAddress, inetSocketAddress2, httpContext);
        if (!(connectSocket instanceof SSLSocket)) {
            return createLayeredSocket(connectSocket, httpHost.getHostName(), inetSocketAddress.getPort(), httpContext);
        }
        SSLSocket sSLSocket = (SSLSocket) connectSocket;
        handshake(sSLSocket, httpContext);
        verifyHostname(sSLSocket, httpHost.getHostName(), httpContext);
        return connectSocket;
    }

    public Socket createLayeredSocket(Socket socket, String str, int i, HttpContext httpContext) throws IOException {
        SSLSocket sSLSocket = (SSLSocket) this.socketfactory.createSocket(socket, str, i, true);
        setEnabledProtocolsAndCipherSuites(sSLSocket);
        prepareSocket(sSLSocket, httpContext);
        handshake(sSLSocket, httpContext);
        verifyHostname(sSLSocket, str, httpContext);
        return sSLSocket;
    }

    final void setEnabledProtocolsAndCipherSuites(SSLSocket sSLSocket) {
        if (this.supportedProtocols != null) {
            sSLSocket.setEnabledProtocols(this.supportedProtocols);
        } else {
            String[] enabledProtocols = sSLSocket.getEnabledProtocols();
            ArrayList arrayList = new ArrayList(enabledProtocols.length);
            for (String str : enabledProtocols) {
                if (!str.startsWith("SSL")) {
                    arrayList.add(str);
                }
            }
            if (!arrayList.isEmpty()) {
                sSLSocket.setEnabledProtocols((String[]) arrayList.toArray(new String[arrayList.size()]));
            }
        }
        if (this.supportedCipherSuites != null) {
            sSLSocket.setEnabledCipherSuites(this.supportedCipherSuites);
        }
        if (TscLogging.DEBUG_LOGGER.isDebugEnabled()) {
            StringBuilder sb = new StringBuilder(256);
            sb.append("\nEnabled protocols: ");
            for (String str2 : sSLSocket.getEnabledProtocols()) {
                sb.append(str2).append(",");
            }
            sb.append("\nEnabled cipher suites: ");
            for (String str3 : sSLSocket.getEnabledCipherSuites()) {
                sb.append("\n\t").append(str3);
            }
            TscLogging.DEBUG_LOGGER.debug(sb.toString());
        }
    }

    final void prepareSocket(SSLSocket sSLSocket, HttpContext httpContext) throws IOException {
    }

    final SSLSession handshake(SSLSocket sSLSocket, HttpContext httpContext) throws IOException {
        Args.notNull(sSLSocket, "handshake sslsock");
        String str = (String) httpContext.getAttribute(TscDefine.HEADER_UUID);
        SocketAddress localSocketAddress = sSLSocket.getLocalSocketAddress();
        SocketAddress remoteSocketAddress = sSLSocket.getRemoteSocketAddress();
        long currentTimeMillis = System.currentTimeMillis();
        try {
            TscLogging.SYSTEM_LOGGER.info("CFCA-TSC-UUID={} sslsock {} handshake to {} starting", new Object[]{str, localSocketAddress, remoteSocketAddress});
            sSLSocket.startHandshake();
            long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
            TscLogging.SYSTEM_LOGGER.info("CFCA-TSC-UUID={} sslsock {} handshake to {} successfully, handshakeTime={}ms", new Object[]{str, localSocketAddress, remoteSocketAddress, Long.valueOf(currentTimeMillis2)});
            if (currentTimeMillis2 > getLoggingWarnThresholdTime()) {
                TscLogging.ERROR_LOGGER.warn("CFCA-TSC-UUID={} sslsock {} handshake to {} successfully, handshakeTime={}ms, warningThresholdTime={}ms", new Object[]{str, localSocketAddress, remoteSocketAddress, Long.valueOf(currentTimeMillis2), Long.valueOf(getLoggingWarnThresholdTime())});
            }
            return sSLSocket.getSession();
        } catch (IOException e) {
            TscLogging.ERROR_LOGGER.error("CFCA-TSC-UUID={} sslsock {} handshake to {} failed, handshakeTime={}ms", new Object[]{str, localSocketAddress, remoteSocketAddress, Long.valueOf(System.currentTimeMillis() - currentTimeMillis), e});
            throw e;
        }
    }

    final void verifyHostname(SSLSocket sSLSocket, String str, HttpContext httpContext) throws IOException {
        Args.notNull(sSLSocket, "handshake sslsock");
        String str2 = (String) httpContext.getAttribute(TscDefine.HEADER_UUID);
        SocketAddress localSocketAddress = sSLSocket.getLocalSocketAddress();
        SocketAddress remoteSocketAddress = sSLSocket.getRemoteSocketAddress();
        if (this.hostnameVerifier instanceof TscSSLHelper.IgnoreHostnameVerifier) {
            TscLogging.SYSTEM_LOGGER.info("CFCA-TSC-UUID={} sslsock {} handshake to {} verifyHostname ignore", new Object[]{str2, localSocketAddress, remoteSocketAddress});
            return;
        }
        long currentTimeMillis = System.currentTimeMillis();
        try {
            TscLogging.SYSTEM_LOGGER.info("CFCA-TSC-UUID={} sslsock {} handshake to {} verifyHostname starting", new Object[]{str2, localSocketAddress, remoteSocketAddress});
            SSLSession session = sSLSocket.getSession();
            if (session == null) {
                sSLSocket.getInputStream().available();
                session = sSLSocket.getSession();
                if (session == null) {
                    session = handshake(sSLSocket, httpContext);
                }
            }
            if (session == null) {
                throw new SSLHandshakeException(String.format("CFCA-TSC-UUID=%s SSL session not available", str2));
            }
            TscSSLHelper.loggingPeerCertificates(session);
            if (!this.hostnameVerifier.verify(str, session)) {
                throw new SSLPeerUnverifiedException(String.format("CFCA-TSC-UUID=%s Certificate for <%s> doesn't match any of the subject alternative names: %s", str2, str, TscSubjectName.getSubjectAltNames((X509Certificate) session.getPeerCertificates()[0])));
            }
            long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
            TscLogging.SYSTEM_LOGGER.info("CFCA-TSC-UUID={} sslsock {} handshake to {} verifyHostname successfully, handshakeVerifyTime={}ms", new Object[]{str2, localSocketAddress, remoteSocketAddress, Long.valueOf(currentTimeMillis2)});
            if (currentTimeMillis2 > getLoggingWarnThresholdTime()) {
                TscLogging.ERROR_LOGGER.warn("CFCA-TSC-UUID={} sslsock {} handshake to {} verifyHostname successfully, handshakeVerifyTime={}ms, warningThresholdTime={}ms", new Object[]{str2, localSocketAddress, remoteSocketAddress, Long.valueOf(currentTimeMillis2), Long.valueOf(getLoggingWarnThresholdTime())});
            }
        } catch (IOException e) {
            closeSocket(sSLSocket);
            TscLogging.ERROR_LOGGER.error("CFCA-TSC-UUID={} sslsock {} handshake to {} verifyHostname failed, handshakeVerifyTime={}ms", new Object[]{str2, localSocketAddress, remoteSocketAddress, Long.valueOf(System.currentTimeMillis() - currentTimeMillis), e});
            throw e;
        }
    }
}
