package ch.cyberduck.core.ssl;

import ch.cyberduck.core.FactoryException;
import ch.cyberduck.core.preferences.Preferences;
import ch.cyberduck.core.preferences.PreferencesFactory;
import ch.cyberduck.core.random.SecureRandomProviderFactory;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.List;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import org.apache.log4j.Logger;

/* loaded from: input_file:ch/cyberduck/core/ssl/CustomTrustSSLProtocolSocketFactory.class */
public class CustomTrustSSLProtocolSocketFactory extends SSLSocketFactory {
    private static final Logger log = Logger.getLogger(CustomTrustSSLProtocolSocketFactory.class);
    private final SSLSocketFactory factory;
    private final SSLContext context;
    private final String[] protocols;
    private final AtomicBoolean initializer;
    private final Preferences preferences;
    private final X509TrustManager trust;
    private final X509KeyManager key;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:ch/cyberduck/core/ssl/CustomTrustSSLProtocolSocketFactory$SocketGetter.class */
    public interface SocketGetter {
        Socket create() throws IOException;
    }

    public CustomTrustSSLProtocolSocketFactory(X509TrustManager x509TrustManager, X509KeyManager x509KeyManager) {
        this(x509TrustManager, x509KeyManager, PreferencesFactory.get().getProperty("connection.ssl.protocols").split(","));
    }

    public CustomTrustSSLProtocolSocketFactory(X509TrustManager x509TrustManager, X509KeyManager x509KeyManager, String... strArr) {
        this(x509TrustManager, x509KeyManager, SecureRandomProviderFactory.get().provide(), strArr);
    }

    public CustomTrustSSLProtocolSocketFactory(X509TrustManager x509TrustManager, X509KeyManager x509KeyManager, SecureRandom secureRandom, String... strArr) {
        this.initializer = new AtomicBoolean(false);
        this.preferences = PreferencesFactory.get();
        this.trust = x509TrustManager;
        this.key = x509KeyManager;
        try {
            this.context = SSLContext.getInstance("TLS");
            this.context.init(new KeyManager[]{x509KeyManager}, new TrustManager[]{x509TrustManager}, secureRandom);
            if (log.isDebugEnabled()) {
                log.debug(String.format("Using SSL context with protocol %s", this.context.getProtocol()));
            }
            this.factory = this.context.getSocketFactory();
            this.protocols = strArr;
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new FactoryException(e.getMessage(), e);
        }
    }

    protected void configure(final Socket socket, String[] strArr) throws IOException {
        if (socket instanceof SSLSocket) {
            try {
                if (log.isDebugEnabled()) {
                    log.debug(String.format("Configure SSL parameters with protocols %s", Arrays.toString(strArr)));
                }
                ((SSLSocket) socket).setEnabledProtocols(strArr);
                List asList = Arrays.asList(((SSLSocket) socket).getEnabledCipherSuites());
                List<String> list = this.preferences.getList("connection.ssl.cipher.blacklist");
                if (!list.isEmpty()) {
                    list.getClass();
                    asList.removeIf((v1) -> {
                        return r1.contains(v1);
                    });
                }
                ((SSLSocket) socket).setEnabledCipherSuites((String[]) asList.toArray(new String[asList.size()]));
                if (log.isInfoEnabled()) {
                    log.info(String.format("Enabled cipher suites %s", Arrays.toString(((SSLSocket) socket).getEnabledCipherSuites())));
                    ((SSLSocket) socket).addHandshakeCompletedListener(new HandshakeCompletedListener() { // from class: ch.cyberduck.core.ssl.CustomTrustSSLProtocolSocketFactory.1
                        @Override // javax.net.ssl.HandshakeCompletedListener
                        public void handshakeCompleted(HandshakeCompletedEvent handshakeCompletedEvent) {
                            CustomTrustSSLProtocolSocketFactory.log.info(String.format("Completed handshake with %s and negotiated cipher suite %s", handshakeCompletedEvent.getSession().getProtocol(), handshakeCompletedEvent.getCipherSuite()));
                            ((SSLSocket) socket).removeHandshakeCompletedListener(this);
                        }
                    });
                }
            } catch (Exception e) {
                log.warn(String.format("Failed to configure SSL parameters %s", e.getMessage()));
            }
        }
    }

    protected Socket handshake(SocketGetter socketGetter) throws IOException {
        if (!this.initializer.get()) {
            this.trust.init();
            this.key.init();
            this.initializer.set(true);
        }
        Socket create = socketGetter.create();
        configure(create, this.protocols);
        if (log.isDebugEnabled()) {
            log.debug(String.format("Handshake for socket %s", create));
        }
        return create;
    }

    public SSLContext getSSLContext() {
        return this.context;
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getDefaultCipherSuites() {
        return ((SSLSocketFactory) SSLSocketFactory.getDefault()).getDefaultCipherSuites();
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getSupportedCipherSuites() {
        return ((SSLSocketFactory) SSLSocketFactory.getDefault()).getSupportedCipherSuites();
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket() throws IOException {
        return handshake(new SocketGetter() { // from class: ch.cyberduck.core.ssl.CustomTrustSSLProtocolSocketFactory.2
            @Override // ch.cyberduck.core.ssl.CustomTrustSSLProtocolSocketFactory.SocketGetter
            public Socket create() throws IOException {
                return CustomTrustSSLProtocolSocketFactory.this.factory.createSocket();
            }
        });
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(final String str, final int i, final InetAddress inetAddress, final int i2) throws IOException {
        return handshake(new SocketGetter() { // from class: ch.cyberduck.core.ssl.CustomTrustSSLProtocolSocketFactory.3
            @Override // ch.cyberduck.core.ssl.CustomTrustSSLProtocolSocketFactory.SocketGetter
            public Socket create() throws IOException {
                return CustomTrustSSLProtocolSocketFactory.this.factory.createSocket(str, i, inetAddress, i2);
            }
        });
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(final InetAddress inetAddress, final int i) throws IOException {
        return handshake(new SocketGetter() { // from class: ch.cyberduck.core.ssl.CustomTrustSSLProtocolSocketFactory.4
            @Override // ch.cyberduck.core.ssl.CustomTrustSSLProtocolSocketFactory.SocketGetter
            public Socket create() throws IOException {
                return CustomTrustSSLProtocolSocketFactory.this.factory.createSocket(inetAddress, i);
            }
        });
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(final InetAddress inetAddress, final int i, final InetAddress inetAddress2, final int i2) throws IOException {
        return handshake(new SocketGetter() { // from class: ch.cyberduck.core.ssl.CustomTrustSSLProtocolSocketFactory.5
            @Override // ch.cyberduck.core.ssl.CustomTrustSSLProtocolSocketFactory.SocketGetter
            public Socket create() throws IOException {
                return CustomTrustSSLProtocolSocketFactory.this.factory.createSocket(inetAddress, i, inetAddress2, i2);
            }
        });
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(final String str, final int i) throws IOException {
        return handshake(new SocketGetter() { // from class: ch.cyberduck.core.ssl.CustomTrustSSLProtocolSocketFactory.6
            @Override // ch.cyberduck.core.ssl.CustomTrustSSLProtocolSocketFactory.SocketGetter
            public Socket create() throws IOException {
                return CustomTrustSSLProtocolSocketFactory.this.factory.createSocket(str, i);
            }
        });
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public Socket createSocket(final Socket socket, final String str, final int i, final boolean z) throws IOException {
        return handshake(new SocketGetter() { // from class: ch.cyberduck.core.ssl.CustomTrustSSLProtocolSocketFactory.7
            @Override // ch.cyberduck.core.ssl.CustomTrustSSLProtocolSocketFactory.SocketGetter
            public Socket create() throws IOException {
                return CustomTrustSSLProtocolSocketFactory.this.factory.createSocket(socket, str, i, z);
            }
        });
    }
}
