package com.amazonaws.http.conn.ssl;

import com.amazonaws.annotation.ThreadSafe;
import com.amazonaws.http.apache.utils.HttpContextUtils;
import com.amazonaws.http.conn.ssl.MasterSecretValidators;
import com.amazonaws.internal.SdkMetricsSocket;
import com.amazonaws.internal.SdkSSLMetricsSocket;
import com.amazonaws.internal.SdkSSLSocket;
import com.amazonaws.internal.SdkSocket;
import com.amazonaws.metrics.AwsSdkMetrics;
import com.amazonaws.util.JavaVersionParser;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.Socket;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocket;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.HttpHost;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.protocol.HttpContext;

@ThreadSafe
/* loaded from: input_file:WEB-INF/lib/aws-java-sdk-core-1.11.401.jar:com/amazonaws/http/conn/ssl/SdkTLSSocketFactory.class */
public class SdkTLSSocketFactory extends SSLConnectionSocketFactory {
    private static final Log LOG = LogFactory.getLog(SdkTLSSocketFactory.class);
    private final SSLContext sslContext;
    private final MasterSecretValidators.MasterSecretValidator masterSecretValidator;
    private final ShouldClearSslSessionPredicate shouldClearSslSessionsPredicate;

    public SdkTLSSocketFactory(SSLContext sSLContext, HostnameVerifier hostnameVerifier) {
        super(sSLContext, hostnameVerifier);
        if (sSLContext == null) {
            throw new IllegalArgumentException("sslContext must not be null. Use SSLContext.getDefault() if you are unsure.");
        }
        this.sslContext = sSLContext;
        this.masterSecretValidator = MasterSecretValidators.getMasterSecretValidator();
        this.shouldClearSslSessionsPredicate = new ShouldClearSslSessionPredicate(JavaVersionParser.getCurrentJavaVersion());
    }

    public Socket createSocket(HttpContext httpContext) throws IOException {
        return HttpContextUtils.disableSocketProxy(httpContext) ? new Socket(Proxy.NO_PROXY) : super.createSocket(httpContext);
    }

    protected final void prepareSocket(SSLSocket sSLSocket) {
        String[] supportedProtocols = sSLSocket.getSupportedProtocols();
        String[] enabledProtocols = sSLSocket.getEnabledProtocols();
        if (LOG.isDebugEnabled()) {
            LOG.debug("socket.getSupportedProtocols(): " + Arrays.toString(supportedProtocols) + ", socket.getEnabledProtocols(): " + Arrays.toString(enabledProtocols));
        }
        ArrayList arrayList = new ArrayList();
        if (supportedProtocols != null) {
            for (TLSProtocol tLSProtocol : TLSProtocol.values()) {
                String protocolName = tLSProtocol.getProtocolName();
                if (existsIn(protocolName, supportedProtocols)) {
                    arrayList.add(protocolName);
                }
            }
        }
        if (enabledProtocols != null) {
            for (String str : enabledProtocols) {
                if (!arrayList.contains(str)) {
                    arrayList.add(str);
                }
            }
        }
        if (arrayList.size() > 0) {
            String[] strArr = (String[]) arrayList.toArray(new String[arrayList.size()]);
            sSLSocket.setEnabledProtocols(strArr);
            if (LOG.isDebugEnabled()) {
                LOG.debug("TLS protocol enabled for SSL handshake: " + Arrays.toString(strArr));
            }
        }
    }

    private boolean existsIn(String str, String[] strArr) {
        for (String str2 : strArr) {
            if (str.equals(str2)) {
                return true;
            }
        }
        return false;
    }

    public Socket connectSocket(int i, Socket socket, HttpHost httpHost, InetSocketAddress inetSocketAddress, InetSocketAddress inetSocketAddress2, HttpContext httpContext) throws IOException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("connecting to " + inetSocketAddress.getAddress() + ":" + inetSocketAddress.getPort());
        }
        try {
            Socket connectSocket = super.connectSocket(i, socket, httpHost, inetSocketAddress, inetSocketAddress2, httpContext);
            if (!this.masterSecretValidator.isMasterSecretValid(connectSocket)) {
                throw ((IllegalStateException) log(new IllegalStateException("Invalid SSL master secret")));
            }
            if (connectSocket instanceof SSLSocket) {
                SdkSSLSocket sdkSSLSocket = new SdkSSLSocket((SSLSocket) connectSocket);
                return AwsSdkMetrics.isHttpSocketReadMetricEnabled() ? new SdkSSLMetricsSocket(sdkSSLSocket) : sdkSSLSocket;
            }
            SdkSocket sdkSocket = new SdkSocket(connectSocket);
            return AwsSdkMetrics.isHttpSocketReadMetricEnabled() ? new SdkMetricsSocket(sdkSocket) : sdkSocket;
        } catch (SSLException e) {
            if (this.shouldClearSslSessionsPredicate.test(e)) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("connection failed due to SSL error, clearing TLS session cache", e);
                }
                clearSessionCache(this.sslContext.getClientSessionContext(), inetSocketAddress);
            }
            throw e;
        }
    }

    private void clearSessionCache(SSLSessionContext sSLSessionContext, InetSocketAddress inetSocketAddress) {
        String hostName = inetSocketAddress.getHostName();
        int port = inetSocketAddress.getPort();
        Enumeration<byte[]> ids = sSLSessionContext.getIds();
        if (ids == null) {
            return;
        }
        while (ids.hasMoreElements()) {
            SSLSession session = sSLSessionContext.getSession(ids.nextElement());
            if (session != null && session.getPeerHost() != null && session.getPeerHost().equalsIgnoreCase(hostName) && session.getPeerPort() == port) {
                session.invalidate();
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Invalidated session " + session);
                }
            }
        }
    }

    private <T extends Throwable> T log(T t) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("", t);
        }
        return t;
    }
}
