package org.parosproxy.paros.network;

import ch.csnc.extension.httpclient.SSLContextManager;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.InvalidKeyException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import org.apache.commons.collections.MapIterator;
import org.apache.commons.collections.map.LRUMap;
import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
import org.apache.log4j.Logger;
import org.parosproxy.paros.network.DecoratedSocketsSslSocketFactory;
import org.parosproxy.paros.security.CachedSslCertifificateServiceImpl;
import org.parosproxy.paros.security.SslCertificateService;

/* loaded from: input_file:WEB-INF/lib/zap-2.4.0.jar:org/parosproxy/paros/network/SSLConnector.class */
public class SSLConnector implements SecureProtocolSocketFactory {
    private static final String SSL = "SSL";
    private static final String CONTENTS_UNRECOGNIZED_NAME_EXCEPTION = "unrecognized_name";
    public static final String SECURITY_PROTOCOL_SSL_V2_HELLO = "SSLv2Hello";
    private SSLSocketFactory clientSSLSockFactory;
    private SSLSocketFactory clientSSLSockCertFactory;
    private static String[] supportedProtocols;
    private static String[] clientEnabledProtocols;
    private static String[] serverEnabledProtocols;
    private static ServerSslSocketsDecorator serverSslSocketsDecorator;
    private static ClientSslSocketsDecorator clientSslSocketsDecorator;
    private static LRUMap misconfiguredHosts;
    private static long timeStampLastStaleCheck;
    private boolean relaxedTrust;
    public static final String SECURITY_PROTOCOL_SSL_V3 = "SSLv3";
    public static final String SECURITY_PROTOCOL_TLS_V1 = "TLSv1";
    public static final String SECURITY_PROTOCOL_TLS_V1_1 = "TLSv1.1";
    public static final String SECURITY_PROTOCOL_TLS_V1_2 = "TLSv1.2";
    private static final String[] DEFAULT_ENABLED_PROTOCOLS = {SECURITY_PROTOCOL_SSL_V3, SECURITY_PROTOCOL_TLS_V1, SECURITY_PROTOCOL_TLS_V1_1, SECURITY_PROTOCOL_TLS_V1_2};
    private static final String[] FAIL_SAFE_DEFAULT_ENABLED_PROTOCOLS = {SECURITY_PROTOCOL_TLS_V1};
    private static long MAX_AGE_MISCONFIGURED_HOST_IN_MIN = 5;
    private static long MAX_AGE_MISCONFIGURED_HOST_IN_MS = TimeUnit.MINUTES.toMillis(MAX_AGE_MISCONFIGURED_HOST_IN_MIN);
    private static final Logger logger = Logger.getLogger(SSLConnector.class);
    private static SSLContextManager sslContextManager = null;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/zap-2.4.0.jar:org/parosproxy/paros/network/SSLConnector$ClientSslSocketsDecorator.class */
    public static class ClientSslSocketsDecorator implements DecoratedSocketsSslSocketFactory.SslSocketDecorator {
        private ClientSslSocketsDecorator() {
        }

        @Override // org.parosproxy.paros.network.DecoratedSocketsSslSocketFactory.SslSocketDecorator
        public void decorate(SSLSocket sSLSocket) {
            if (SSLConnector.supportedProtocols == null) {
                SSLConnector.readSupportedProtocols(sSLSocket);
            }
            sSLSocket.setEnabledProtocols(SSLConnector.getClientEnabledProtocols());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/zap-2.4.0.jar:org/parosproxy/paros/network/SSLConnector$MisconfiguredHostCacheEntry.class */
    public static class MisconfiguredHostCacheEntry {
        private final String host;
        private final int port;
        private final InetAddress address;
        private final long timeStampCreation = System.currentTimeMillis();

        public MisconfiguredHostCacheEntry(String str, int i, InetAddress inetAddress) {
            this.host = str;
            this.port = i;
            this.address = inetAddress;
        }

        public String getHost() {
            return this.host;
        }

        public int getPort() {
            return this.port;
        }

        public InetAddress getAddress() {
            return this.address;
        }

        public boolean isStale(long j) {
            return j - this.timeStampCreation >= SSLConnector.MAX_AGE_MISCONFIGURED_HOST_IN_MS;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/zap-2.4.0.jar:org/parosproxy/paros/network/SSLConnector$ServerSslSocketsDecorator.class */
    public static class ServerSslSocketsDecorator implements DecoratedSocketsSslSocketFactory.SslSocketDecorator {
        private ServerSslSocketsDecorator() {
        }

        @Override // org.parosproxy.paros.network.DecoratedSocketsSslSocketFactory.SslSocketDecorator
        public void decorate(SSLSocket sSLSocket) {
            if (SSLConnector.supportedProtocols == null) {
                SSLConnector.readSupportedProtocols(sSLSocket);
            }
            sSLSocket.setEnabledProtocols(SSLConnector.getServerEnabledProtocols());
        }
    }

    public SSLConnector() {
        this(true);
    }

    public SSLConnector(boolean z) {
        this.clientSSLSockFactory = null;
        this.clientSSLSockCertFactory = null;
        this.relaxedTrust = true;
        this.relaxedTrust = z;
        if (this.clientSSLSockFactory == null) {
            serverSslSocketsDecorator = new ServerSslSocketsDecorator();
            clientSslSocketsDecorator = new ClientSslSocketsDecorator();
            this.clientSSLSockFactory = getClientSocketFactory(SSL);
            misconfiguredHosts = new LRUMap(10);
        }
        if (sslContextManager == null) {
            sslContextManager = new SSLContextManager();
        }
    }

    public SSLContextManager getSSLContextManager() {
        return sslContextManager;
    }

    public void setEnableClientCert(boolean z) {
        if (z) {
            this.clientSSLSockFactory = this.clientSSLSockCertFactory;
            logger.info("ClientCert enabled using: " + sslContextManager.getDefaultKey());
        } else {
            this.clientSSLSockFactory = getClientSocketFactory(SSL);
            logger.info("ClientCert disabled");
        }
    }

    public void setActiveCertificate() {
        this.clientSSLSockCertFactory = createDecoratedClientSslSocketFactory(sslContextManager.getSSLContext(sslContextManager.getDefaultKey()).getSocketFactory());
        logger.info("ActiveCertificate set to: " + sslContextManager.getDefaultKey());
    }

    public ServerSocket listen(int i, int i2, InetAddress inetAddress) throws IOException {
        throw new UnsupportedOperationException("this code is probably not needed any more, SSL server sockets are not \"static\", they're created on the fly");
    }

    public SSLSocketFactory getClientSocketFactory(String str) {
        TrustManager[] trustManagerArr = {new RelaxedX509TrustManager()};
        try {
            SSLContext sSLContext = SSLContext.getInstance(str);
            SecureRandom secureRandom = new SecureRandom();
            secureRandom.setSeed(System.currentTimeMillis());
            if (this.relaxedTrust) {
                sSLContext.init(null, trustManagerArr, secureRandom);
            } else {
                sSLContext.init(null, null, secureRandom);
            }
            this.clientSSLSockFactory = createDecoratedClientSslSocketFactory(sSLContext.getSocketFactory());
            HttpsURLConnection.setDefaultSSLSocketFactory(this.clientSSLSockFactory);
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
        }
        return this.clientSSLSockFactory;
    }

    @Deprecated
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException, UnknownHostException {
        throw new UnsupportedOperationException("Method no longer supported since it's no longer required/called by Commons HttpClient library (version >= 3.0).");
    }

    public static String[] getSupportedProtocols() {
        if (supportedProtocols == null) {
            readSupportedProtocols(null);
        }
        return (String[]) Arrays.copyOf(supportedProtocols, supportedProtocols.length);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static synchronized void readSupportedProtocols(SSLSocket sSLSocket) {
        String[] strArr;
        if (supportedProtocols == null) {
            logger.info("Reading supported SSL/TLS protocols...");
            if (sSLSocket != null) {
                logger.info("Using an existing SSLSocket...");
                strArr = sSLSocket.getSupportedProtocols();
            } else {
                logger.info("Using a SSLEngine...");
                try {
                    SSLContext sSLContext = SSLContext.getInstance(SSL);
                    sSLContext.init(null, null, null);
                    try {
                        strArr = sSLContext.createSSLEngine().getSupportedProtocols();
                    } catch (UnsupportedOperationException e) {
                        logger.warn("Failed to use SSLEngine. Trying with unconnected socket...", e);
                        SSLSocket sSLSocket2 = (SSLSocket) sSLContext.getSocketFactory().createSocket();
                        Throwable th = null;
                        try {
                            strArr = sSLSocket2.getSupportedProtocols();
                            if (sSLSocket2 != null) {
                                if (0 != 0) {
                                    try {
                                        sSLSocket2.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    sSLSocket2.close();
                                }
                            }
                        } finally {
                        }
                    }
                } catch (IOException | KeyManagementException | NoSuchAlgorithmException e2) {
                    logger.error("Failed to read the SSL/TLS supported protocols. Using default protocol versions: " + Arrays.toString(FAIL_SAFE_DEFAULT_ENABLED_PROTOCOLS), e2);
                    strArr = FAIL_SAFE_DEFAULT_ENABLED_PROTOCOLS;
                }
            }
            Arrays.sort(strArr);
            supportedProtocols = strArr;
            logger.info("Done reading supported SSL/TLS protocols: " + Arrays.toString(supportedProtocols));
        }
    }

    public static String[] getClientEnabledProtocols() {
        if (clientEnabledProtocols == null) {
            setClientEnabledProtocols(DEFAULT_ENABLED_PROTOCOLS);
        }
        return (String[]) Arrays.copyOf(clientEnabledProtocols, clientEnabledProtocols.length);
    }

    public static void setClientEnabledProtocols(String[] strArr) {
        clientEnabledProtocols = extractSupportedProtocols(strArr);
    }

    public static String[] getServerEnabledProtocols() {
        if (serverEnabledProtocols == null) {
            setServerEnabledProtocols(DEFAULT_ENABLED_PROTOCOLS);
        }
        return (String[]) Arrays.copyOf(serverEnabledProtocols, serverEnabledProtocols.length);
    }

    public static void setServerEnabledProtocols(String[] strArr) {
        serverEnabledProtocols = extractSupportedProtocols(strArr);
    }

    private static String[] extractSupportedProtocols(String[] strArr) {
        if (strArr == null || strArr.length == 0) {
            throw new IllegalArgumentException("Protocol(s) required but no protocol set.");
        }
        String[] supportedProtocols2 = getSupportedProtocols();
        ArrayList arrayList = new ArrayList(supportedProtocols2.length);
        for (String str : strArr) {
            if (str != null && Arrays.binarySearch(supportedProtocols2, str) >= 0) {
                arrayList.add(str);
            }
        }
        arrayList.trimToSize();
        if (arrayList.isEmpty()) {
            throw new IllegalArgumentException("No supported protocol(s) set.");
        }
        String[] strArr2 = new String[arrayList.size()];
        arrayList.toArray(strArr2);
        return strArr2;
    }

    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2, HttpConnectionParams httpConnectionParams) throws IOException, UnknownHostException, ConnectTimeoutException {
        if (httpConnectionParams == null) {
            throw new IllegalArgumentException("Parameters may not be null");
        }
        int connectionTimeout = httpConnectionParams.getConnectionTimeout();
        if (connectionTimeout != 0) {
            Socket createSocket = this.clientSSLSockFactory.createSocket();
            createSocket.bind(new InetSocketAddress(inetAddress, i2));
            createSocket.connect(new InetSocketAddress(str, i), connectionTimeout);
            return createSocket;
        }
        InetAddress cachedMisconfiguredHost = getCachedMisconfiguredHost(str, i);
        if (cachedMisconfiguredHost != null) {
            return this.clientSSLSockFactory.createSocket(cachedMisconfiguredHost, i, inetAddress, i2);
        }
        try {
            SSLSocket sSLSocket = (SSLSocket) this.clientSSLSockFactory.createSocket(str, i, inetAddress, i2);
            sSLSocket.startHandshake();
            return sSLSocket;
        } catch (SSLException e) {
            if (!e.getMessage().contains(CONTENTS_UNRECOGNIZED_NAME_EXCEPTION)) {
                throw e;
            }
            InetAddress byName = InetAddress.getByName(str);
            cacheMisconfiguredHost(str, i, byName);
            return this.clientSSLSockFactory.createSocket(byName, i, inetAddress, i2);
        }
    }

    private static void cacheMisconfiguredHost(String str, int i, InetAddress inetAddress) {
        synchronized (misconfiguredHosts) {
            if (!misconfiguredHosts.isEmpty()) {
                removeStaleCachedMisconfiguredHosts();
            }
            logger.info("Caching address of misconfigured (\"unrecognized_name\") host [host=" + str + ", port=" + i + "] for the next " + MAX_AGE_MISCONFIGURED_HOST_IN_MIN + " minutes, following connections will not use the hostname.");
            misconfiguredHosts.put(str + i, new MisconfiguredHostCacheEntry(str, i, inetAddress));
        }
    }

    private static void removeStaleCachedMisconfiguredHosts() {
        long currentTimeMillis = System.currentTimeMillis();
        if (currentTimeMillis - timeStampLastStaleCheck < MAX_AGE_MISCONFIGURED_HOST_IN_MS) {
            return;
        }
        timeStampLastStaleCheck = currentTimeMillis;
        MapIterator mapIterator = misconfiguredHosts.mapIterator();
        while (mapIterator.hasNext()) {
            mapIterator.next();
            MisconfiguredHostCacheEntry misconfiguredHostCacheEntry = (MisconfiguredHostCacheEntry) mapIterator.getValue();
            if (misconfiguredHostCacheEntry.isStale(currentTimeMillis)) {
                logger.info("Removing stale cached address of misconfigured (\"unrecognized_name\") host [host=" + misconfiguredHostCacheEntry.getHost() + ", port=" + misconfiguredHostCacheEntry.getPort() + "], following connections will be attempted with the hostname.");
                mapIterator.remove();
            }
        }
    }

    private static InetAddress getCachedMisconfiguredHost(String str, int i) {
        synchronized (misconfiguredHosts) {
            if (misconfiguredHosts.isEmpty()) {
                return null;
            }
            removeStaleCachedMisconfiguredHosts();
            MisconfiguredHostCacheEntry misconfiguredHostCacheEntry = (MisconfiguredHostCacheEntry) misconfiguredHosts.get(str + i);
            if (misconfiguredHostCacheEntry == null) {
                return null;
            }
            return misconfiguredHostCacheEntry.getAddress();
        }
    }

    @Deprecated
    public Socket createSocket(String str, int i) throws IOException, UnknownHostException {
        throw new UnsupportedOperationException("Method no longer supported since it's no longer required/called by Commons HttpClient library (version >= 3.0).");
    }

    public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException, UnknownHostException {
        InetAddress cachedMisconfiguredHost = getCachedMisconfiguredHost(str, i);
        if (cachedMisconfiguredHost != null) {
            return this.clientSSLSockFactory.createSocket(socket, cachedMisconfiguredHost.getHostAddress(), i, z);
        }
        try {
            SSLSocket sSLSocket = (SSLSocket) this.clientSSLSockFactory.createSocket(socket, str, i, z);
            sSLSocket.startHandshake();
            return sSLSocket;
        } catch (SSLException e) {
            if (e.getMessage().contains(CONTENTS_UNRECOGNIZED_NAME_EXCEPTION)) {
                cacheMisconfiguredHost(str, i, InetAddress.getByName(str));
            }
            throw e;
        }
    }

    public Socket createTunnelServerSocket(String str, Socket socket) throws IOException {
        SSLSocket sSLSocket = (SSLSocket) getTunnelSSLSocketFactory(str).createSocket(socket, socket.getInetAddress().getHostAddress(), socket.getPort(), true);
        sSLSocket.setUseClientMode(false);
        sSLSocket.startHandshake();
        return sSLSocket;
    }

    public SSLSocketFactory getTunnelSSLSocketFactory(String str) {
        try {
            SSLContext sSLContext = SSLContext.getInstance(SSL);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(CachedSslCertifificateServiceImpl.getService().createCertForHost(str), SslCertificateService.PASSPHRASE);
            SecureRandom secureRandom = new SecureRandom();
            secureRandom.setSeed(System.currentTimeMillis());
            sSLContext.init(keyManagerFactory.getKeyManagers(), null, secureRandom);
            return createDecoratedServerSslSocketFactory(sSLContext.getSocketFactory());
        } catch (IOException | InvalidKeyException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | UnrecoverableKeyException | CertificateException e) {
            throw new RuntimeException(e);
        }
    }

    private static SSLSocketFactory createDecoratedServerSslSocketFactory(SSLSocketFactory sSLSocketFactory) {
        return new DecoratedSocketsSslSocketFactory(sSLSocketFactory, serverSslSocketsDecorator);
    }

    private static SSLSocketFactory createDecoratedClientSslSocketFactory(SSLSocketFactory sSLSocketFactory) {
        return new DecoratedSocketsSslSocketFactory(sSLSocketFactory, clientSslSocketsDecorator);
    }
}
