package org.jpos.iso;

import com.capricorn.utilities.ConstantUtils;
import com.sun.net.ssl.internal.ssl.Provider;
import defpackage.a;
import java.io.File;
import java.io.FileInputStream;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.tools.ant.launch.Launcher;
import org.jpos.core.Configuration;
import org.jpos.core.ReConfigurable;
import org.jpos.util.SimpleLogSource;

/* loaded from: classes5.dex */
public class SunJSSESocketFactory extends SimpleLogSource implements ISOServerSocketFactory, ISOClientSocketFactory, ReConfigurable {
    public String g;
    public String[] j;
    public Configuration k;

    /* renamed from: a, reason: collision with root package name */
    public SSLContext f25719a = null;

    /* renamed from: b, reason: collision with root package name */
    public SSLServerSocketFactory f25720b = null;

    /* renamed from: c, reason: collision with root package name */
    public SSLSocketFactory f25721c = null;

    /* renamed from: d, reason: collision with root package name */
    public String f25722d = null;

    /* renamed from: e, reason: collision with root package name */
    public String f25723e = null;
    public String f = null;
    public boolean h = false;
    public boolean i = false;

    static {
        Security.addProvider(new Provider());
    }

    private String getCN(String str) {
        int indexOf = str.indexOf("CN=");
        if (indexOf == -1) {
            return null;
        }
        String substring = str.substring(indexOf + 3);
        char[] charArray = substring.toCharArray();
        int i = 0;
        while (i < charArray.length && (charArray[i] != ',' || i <= 0 || charArray[i - 1] == '\\')) {
            i++;
        }
        return substring.substring(0, i);
    }

    private SSLContext getSSLContext() {
        if (this.f25723e == null) {
            this.f25723e = getPassword();
        }
        if (this.f == null) {
            this.f = getKeyPassword();
        }
        String str = this.f25722d;
        if (str == null || str.length() == 0) {
            StringBuilder sb = new StringBuilder();
            sb.append(System.getProperty(Launcher.USER_HOMEDIR));
            this.f25722d = a.r(sb, File.separator, ".keystore");
        }
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance("JKS");
                FileInputStream fileInputStream = new FileInputStream(new File(this.f25722d));
                keyStore.load(fileInputStream, this.f25723e.toCharArray());
                fileInputStream.close();
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
                keyManagerFactory.init(keyStore, this.f.toCharArray());
                KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
                TrustManager[] trustManagers = getTrustManagers(keyStore);
                SSLContext sSLContext = SSLContext.getInstance("SSL");
                sSLContext.init(keyManagers, trustManagers, SecureRandom.getInstance("SHA1PRNG"));
                return sSLContext;
            } catch (Exception e2) {
                throw new ISOException(e2);
            }
        } finally {
            this.f25723e = null;
            this.f = null;
        }
    }

    private TrustManager[] getTrustManagers(KeyStore keyStore) {
        if (!this.i) {
            return new TrustManager[]{new X509TrustManager() { // from class: org.jpos.iso.SunJSSESocketFactory.1
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }
            }};
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
        trustManagerFactory.init(keyStore);
        return trustManagerFactory.getTrustManagers();
    }

    private void verifyHostname(SSLSocket sSLSocket) {
        if (this.i) {
            SSLSession session = sSLSocket.getSession();
            String str = this.g;
            if (str == null || str.length() == 0) {
                String peerHost = session.getPeerHost();
                this.g = peerHost;
                try {
                    InetAddress.getByName(peerHost);
                } catch (UnknownHostException unused) {
                    StringBuilder x2 = a.x("Could not resolve SSL server name ");
                    x2.append(this.g);
                    throw new UnknownHostException(x2.toString());
                }
            }
            javax.security.cert.X509Certificate[] peerCertificateChain = session.getPeerCertificateChain();
            if (peerCertificateChain == null || peerCertificateChain.length == 0) {
                throw new SSLPeerUnverifiedException("No server certificates found");
            }
            String cn = getCN(peerCertificateChain[0].getSubjectDN().getName());
            if (!this.g.equalsIgnoreCase(cn)) {
                throw new SSLPeerUnverifiedException(a.s(a.x("Invalid SSL server name. Expected '"), this.g, "', got '", cn, "'"));
            }
        }
    }

    @Override // org.jpos.iso.ISOServerSocketFactory
    public ServerSocket createServerSocket(int i) {
        if (this.f25720b == null) {
            this.f25720b = createServerSocketFactory();
        }
        ServerSocket createServerSocket = this.f25720b.createServerSocket(i);
        SSLServerSocket sSLServerSocket = (SSLServerSocket) createServerSocket;
        sSLServerSocket.setNeedClientAuth(this.h);
        String[] strArr = this.j;
        if (strArr != null && strArr.length > 0) {
            sSLServerSocket.setEnabledCipherSuites(strArr);
        }
        return createServerSocket;
    }

    public SSLServerSocketFactory createServerSocketFactory() {
        if (this.f25719a == null) {
            this.f25719a = getSSLContext();
        }
        return this.f25719a.getServerSocketFactory();
    }

    @Override // org.jpos.iso.ISOClientSocketFactory
    public Socket createSocket(String str, int i) {
        if (this.f25721c == null) {
            this.f25721c = createSocketFactory();
        }
        SSLSocket sSLSocket = (SSLSocket) this.f25721c.createSocket(str, i);
        verifyHostname(sSLSocket);
        return sSLSocket;
    }

    public SSLSocketFactory createSocketFactory() {
        if (this.f25719a == null) {
            this.f25719a = getSSLContext();
        }
        return this.f25719a.getSocketFactory();
    }

    public boolean getClientAuthNeeded() {
        return this.h;
    }

    public Configuration getConfiguration() {
        return this.k;
    }

    public String[] getEnabledCipherSuites() {
        return this.j;
    }

    public String getKeyPassword() {
        return System.getProperty("jpos.ssl.keypass", ConstantUtils.MFS_VGS_PASSWORD);
    }

    public String getKeyStore() {
        return this.f25722d;
    }

    public String getPassword() {
        return System.getProperty("jpos.ssl.storepass", ConstantUtils.MFS_VGS_PASSWORD);
    }

    public boolean getServerAuthNeeded() {
        return this.i;
    }

    public String getServerName() {
        return this.g;
    }

    public void setClientAuthNeeded(boolean z) {
        this.h = z;
    }

    @Override // org.jpos.core.Configurable
    public void setConfiguration(Configuration configuration) {
        this.k = configuration;
        this.f25722d = configuration.get("keystore");
        this.h = configuration.getBoolean("clientauth");
        this.i = configuration.getBoolean("serverauth");
        this.g = configuration.get("servername");
        this.f25723e = configuration.get("storepassword", null);
        this.f = configuration.get("keypassword", null);
        this.j = configuration.getAll("addEnabledCipherSuite");
    }

    public void setEnabledCipherSuites(String[] strArr) {
        this.j = strArr;
    }

    public void setKeyPassword(String str) {
        this.f = str;
    }

    public void setKeyStore(String str) {
        this.f25722d = str;
    }

    public void setPassword(String str) {
        this.f25723e = str;
    }

    public void setServerAuthNeeded(boolean z) {
        this.i = z;
    }

    public void setServerName(String str) {
        this.g = str;
    }
}
