package org.irods.jargon.core.connection;

import java.io.IOException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.ArrayList;
import java.util.Arrays;
import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import org.irods.jargon.core.exception.JargonException;
import org.irods.jargon.core.exception.JargonRuntimeException;
import org.irods.jargon.core.packinstr.SSLStartInp;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/irods/jargon/core/connection/SslConnectionUtilities.class */
public class SslConnectionUtilities {
    private final IRODSSession irodsSession;
    private Logger log = LoggerFactory.getLogger(SslConnectionUtilities.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    public SslConnectionUtilities(IRODSSession iRODSSession) {
        this.irodsSession = iRODSSession;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLSocket createSslSocketForProtocol(IRODSAccount iRODSAccount, AbstractIRODSMidLevelProtocol abstractIRODSMidLevelProtocol, boolean z) throws JargonException, AssertionError {
        SSLContext sSLContext;
        if (z) {
            this.log.info("startSSL for PAM auth");
            abstractIRODSMidLevelProtocol.irodsFunction(SSLStartInp.instance());
        }
        try {
            sSLContext = SSLContext.getInstance("TLSv1.2", "SunJSSE");
        } catch (NoSuchAlgorithmException e) {
            try {
                sSLContext = SSLContext.getInstance("TLSv1", "SunJSSE");
            } catch (NoSuchAlgorithmException e2) {
                throw new AssertionError(e2);
            } catch (NoSuchProviderException e3) {
                throw new AssertionError(e3);
            }
        } catch (NoSuchProviderException e4) {
            throw new AssertionError(e4);
        }
        TrustManager[] trustManagerArr = null;
        if (abstractIRODSMidLevelProtocol.getIrodsSession().getX509TrustManager() != null) {
            trustManagerArr = new TrustManager[]{abstractIRODSMidLevelProtocol.getIrodsSession().getX509TrustManager()};
        }
        try {
            sSLContext.init(null, trustManagerArr, null);
            this.log.debug("getting ssl socket factory");
            SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
            this.log.debug("supported cyphers:{}", socketFactory.getSupportedCipherSuites());
            try {
                SSLSocket sSLSocket = (SSLSocket) socketFactory.createSocket(abstractIRODSMidLevelProtocol.getIrodsConnection().getConnection(), iRODSAccount.getHost(), iRODSAccount.getPort(), false);
                this.log.debug("ssl socket created for credential exchage..now connect");
                SSLParameters defaultSSLParameters = sSLContext.getDefaultSSLParameters();
                ArrayList arrayList = new ArrayList(Arrays.asList(defaultSSLParameters.getProtocols()));
                arrayList.remove("SSLv2Hello");
                defaultSSLParameters.setProtocols((String[]) arrayList.toArray(new String[arrayList.size()]));
                ArrayList arrayList2 = new ArrayList(Arrays.asList(defaultSSLParameters.getCipherSuites()));
                arrayList2.retainAll(Arrays.asList("TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_256_CBC_SHA256", "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_RSA_WITH_RC4_128_SHA1", "SSL_RSA_WITH_RC4_128_MD5", "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"));
                defaultSSLParameters.setCipherSuites((String[]) arrayList2.toArray(new String[arrayList2.size()]));
                this.log.debug("supported protocols:{}", sSLSocket.getSupportedProtocols());
                if (this.log.isDebugEnabled()) {
                    sSLSocket.addHandshakeCompletedListener(new HandshakeCompletedListener() { // from class: org.irods.jargon.core.connection.SslConnectionUtilities.1
                        @Override // javax.net.ssl.HandshakeCompletedListener
                        public void handshakeCompleted(HandshakeCompletedEvent handshakeCompletedEvent) {
                            SslConnectionUtilities.this.log.debug("Handshake finished!");
                            SslConnectionUtilities.this.log.debug("\t CipherSuite:{}", handshakeCompletedEvent.getCipherSuite());
                            SslConnectionUtilities.this.log.debug("\t SessionId {}", handshakeCompletedEvent.getSession());
                            SslConnectionUtilities.this.log.debug("\t PeerHost {}", handshakeCompletedEvent.getSession().getPeerHost());
                        }
                    });
                }
                this.log.debug("starting SSL handshake");
                try {
                    sSLSocket.setUseClientMode(true);
                    sSLSocket.startHandshake();
                    this.log.debug("ssl handshake successful");
                    return sSLSocket;
                } catch (IOException e5) {
                    this.log.error("ssl exception in handshake", e5);
                    throw new JargonException("unable to start SSL socket", e5);
                }
            } catch (IOException e6) {
                this.log.error("ioException creating socket", e6);
                throw new JargonException("unable to create the underlying ssl socket", e6);
            }
        } catch (KeyManagementException e7) {
            this.log.error("error initializing ssl context:{}", e7);
            throw new JargonRuntimeException("ssl context init exception", e7);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void createSslSocketForProtocolAndIntegrateIntoProtocol(IRODSAccount iRODSAccount, AbstractIRODSMidLevelProtocol abstractIRODSMidLevelProtocol, boolean z) throws JargonException, AssertionError {
        this.log.info("createSslSocketForProtocolAndIntegrateIntoProtocol()");
        SSLSocket createSslSocketForProtocol = createSslSocketForProtocol(iRODSAccount, abstractIRODSMidLevelProtocol, z);
        this.log.info("have SSL socket, introduce as the iRODS connection in the provided protocol");
        abstractIRODSMidLevelProtocol.setIrodsConnection(new IRODSBasicTCPConnection(abstractIRODSMidLevelProtocol.getIrodsAccount(), abstractIRODSMidLevelProtocol.getPipelineConfiguration(), abstractIRODSMidLevelProtocol.getIrodsProtocolManager(), createSslSocketForProtocol, abstractIRODSMidLevelProtocol.getIrodsSession()));
    }
}
