package org.apache.synapse.transport.nhttp;

import java.io.FileInputStream;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
import org.apache.axis2.AxisFault;
import org.apache.axis2.description.Parameter;
import org.apache.axis2.description.TransportOutDescription;
import org.apache.axis2.transport.base.ParamUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.impl.nio.reactor.SSLIOSessionHandler;
import org.apache.http.nio.NHttpClientHandler;
import org.apache.http.nio.reactor.IOEventDispatch;
import org.apache.http.params.HttpParams;
import org.apache.ws.security.WSConstants;

/* loaded from: input_file:WEB-INF/lib/synapse-nhttp-transport-2.1.0-wso2v7.jar:org/apache/synapse/transport/nhttp/HttpCoreNIOSSLSender.class */
public class HttpCoreNIOSSLSender extends HttpCoreNIOSender {
    private static final Log log = LogFactory.getLog(HttpCoreNIOSSLSender.class);

    @Override // org.apache.synapse.transport.nhttp.HttpCoreNIOSender
    protected IOEventDispatch getEventDispatch(NHttpClientHandler nHttpClientHandler, SSLContext sSLContext, SSLIOSessionHandler sSLIOSessionHandler, HttpParams httpParams, TransportOutDescription transportOutDescription) throws AxisFault {
        SSLClientIOEventDispatch sSLClientIOEventDispatch = new SSLClientIOEventDispatch(nHttpClientHandler, sSLContext, sSLIOSessionHandler, httpParams);
        sSLClientIOEventDispatch.setContextMap(getCustomSSLContexts(transportOutDescription));
        return sSLClientIOEventDispatch;
    }

    @Override // org.apache.synapse.transport.nhttp.HttpCoreNIOSender
    protected SSLContext getSSLContext(TransportOutDescription transportOutDescription) throws AxisFault {
        Parameter parameter = transportOutDescription.getParameter("keystore");
        Parameter parameter2 = transportOutDescription.getParameter("truststore");
        OMElement oMElement = null;
        OMElement oMElement2 = null;
        if (parameter != null) {
            oMElement = parameter.getParameterElement().getFirstElement();
        }
        boolean optionalParamBoolean = ParamUtils.getOptionalParamBoolean(transportOutDescription, "novalidatecert", false);
        if (parameter2 != null) {
            if (optionalParamBoolean) {
                log.warn("Ignoring novalidatecert parameter since a truststore has been specified");
            }
            oMElement2 = parameter2.getParameterElement().getFirstElement();
        }
        return createSSLContext(oMElement, oMElement2, optionalParamBoolean);
    }

    @Override // org.apache.synapse.transport.nhttp.HttpCoreNIOSender
    protected SSLIOSessionHandler getSSLIOSessionHandler(TransportOutDescription transportOutDescription) throws AxisFault {
        Parameter parameter = transportOutDescription.getParameter("HostnameVerifier");
        return parameter != null ? createSSLIOSessionHandler(parameter.getValue().toString()) : createSSLIOSessionHandler(null);
    }

    private Map<String, SSLContext> getCustomSSLContexts(TransportOutDescription transportOutDescription) throws AxisFault {
        if (log.isDebugEnabled()) {
            log.info("Loading custom SSL profiles for the HTTPS sender");
        }
        Parameter parameter = transportOutDescription.getParameter("customSSLProfiles");
        if (parameter == null) {
            return null;
        }
        Iterator childrenWithName = parameter.getParameterElement().getChildrenWithName(new QName("profile"));
        HashMap hashMap = new HashMap();
        while (childrenWithName.hasNext()) {
            OMElement oMElement = (OMElement) childrenWithName.next();
            OMElement firstChildWithName = oMElement.getFirstChildWithName(new QName("servers"));
            if (firstChildWithName == null || firstChildWithName.getText() == null) {
                log.error("Each custom SSL profile must define at least one host:port pair under the servers element");
                throw new AxisFault("Each custom SSL profile must define at least one host:port pair under the servers element");
            }
            String[] split = firstChildWithName.getText().split(",");
            SSLContext createSSLContext = createSSLContext(oMElement.getFirstChildWithName(new QName("KeyStore")), oMElement.getFirstChildWithName(new QName("TrustStore")), "true".equals(oMElement.getAttributeValue(new QName("novalidatecert"))));
            for (String str : split) {
                String trim = str.trim();
                if (hashMap.containsKey(trim)) {
                    log.warn("Multiple SSL profiles were found for the server : " + trim + ". Ignoring the excessive profiles.");
                } else {
                    hashMap.put(trim, createSSLContext);
                }
            }
        }
        if (hashMap.size() <= 0) {
            return null;
        }
        log.info("Custom SSL profiles initialized for " + hashMap.size() + " servers");
        return hashMap;
    }

    private SSLContext createSSLContext(OMElement oMElement, OMElement oMElement2, boolean z) throws AxisFault {
        KeyManager[] keyManagerArr = null;
        TrustManager[] trustManagerArr = null;
        if (oMElement != null) {
            String text = oMElement.getFirstChildWithName(new QName("Location")).getText();
            String text2 = oMElement.getFirstChildWithName(new QName("Type")).getText();
            String text3 = oMElement.getFirstChildWithName(new QName(WSConstants.PASSWORD_LN)).getText();
            String text4 = oMElement.getFirstChildWithName(new QName("KeyPassword")).getText();
            FileInputStream fileInputStream = null;
            try {
                try {
                    KeyStore keyStore = KeyStore.getInstance(text2);
                    fileInputStream = new FileInputStream(text);
                    log.info("Loading Identity Keystore from : " + text);
                    keyStore.load(fileInputStream, text3.toCharArray());
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                    keyManagerFactory.init(keyStore, text4.toCharArray());
                    keyManagerArr = keyManagerFactory.getKeyManagers();
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e) {
                        }
                    }
                } finally {
                }
            } catch (IOException e2) {
                log.error("Error opening Keystore : " + text, e2);
                throw new AxisFault("Error opening Keystore : " + text, e2);
            } catch (GeneralSecurityException e3) {
                log.error("Error loading Keystore : " + text, e3);
                throw new AxisFault("Error loading Keystore : " + text, e3);
            }
        }
        if (oMElement2 != null) {
            if (z) {
                log.warn("Ignoring novalidatecert parameter since a truststore has been specified");
            }
            String text5 = oMElement2.getFirstChildWithName(new QName("Location")).getText();
            String text6 = oMElement2.getFirstChildWithName(new QName("Type")).getText();
            String text7 = oMElement2.getFirstChildWithName(new QName(WSConstants.PASSWORD_LN)).getText();
            FileInputStream fileInputStream2 = null;
            try {
                try {
                    try {
                        KeyStore keyStore2 = KeyStore.getInstance(text6);
                        fileInputStream2 = new FileInputStream(text5);
                        log.info("Loading Trust Keystore from : " + text5);
                        keyStore2.load(fileInputStream2, text7.toCharArray());
                        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                        trustManagerFactory.init(keyStore2);
                        trustManagerArr = trustManagerFactory.getTrustManagers();
                        if (fileInputStream2 != null) {
                            try {
                                fileInputStream2.close();
                            } catch (IOException e4) {
                            }
                        }
                    } catch (GeneralSecurityException e5) {
                        log.error("Error loading Key store : " + text5, e5);
                        throw new AxisFault("Error loading Key store : " + text5, e5);
                    }
                } catch (IOException e6) {
                    log.error("Error opening Key store : " + text5, e6);
                    throw new AxisFault("Error opening Key store : " + text5, e6);
                }
            } finally {
            }
        } else if (z) {
            log.warn("Server certificate validation (trust) has been disabled. DO NOT USE IN PRODUCTION!");
            trustManagerArr = new TrustManager[]{new NoValidateCertTrustManager()};
        }
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagerArr, trustManagerArr, null);
            return sSLContext;
        } catch (GeneralSecurityException e7) {
            log.error("Unable to create SSL context with the given configuration", e7);
            throw new AxisFault("Unable to create SSL context with the given configuration", e7);
        }
    }

    private SSLIOSessionHandler createSSLIOSessionHandler(final String str) throws AxisFault {
        return new SSLIOSessionHandler() { // from class: org.apache.synapse.transport.nhttp.HttpCoreNIOSSLSender.1
            @Override // org.apache.http.impl.nio.reactor.SSLIOSessionHandler
            public void initalize(SSLEngine sSLEngine, HttpParams httpParams) {
            }

            @Override // org.apache.http.impl.nio.reactor.SSLIOSessionHandler
            public void verify(SocketAddress socketAddress, SSLSession sSLSession) throws SSLException {
                String hostName = socketAddress instanceof InetSocketAddress ? ((InetSocketAddress) socketAddress).getHostName() : socketAddress.toString();
                boolean z = false;
                if (str == null) {
                    z = HostnameVerifier.DEFAULT.verify(hostName, sSLSession);
                } else if ("Strict".equals(str)) {
                    z = HostnameVerifier.STRICT.verify(hostName, sSLSession);
                } else if ("AllowAll".equals(str)) {
                    z = HostnameVerifier.ALLOW_ALL.verify(hostName, sSLSession);
                } else if ("DefaultAndLocalhost".equals(str)) {
                    z = HostnameVerifier.DEFAULT_AND_LOCALHOST.verify(hostName, sSLSession);
                }
                if (!z) {
                    throw new SSLException("Host name verification failed for host : " + hostName);
                }
            }
        };
    }
}
