package com.gargoylesoftware.htmlunit;

import java.io.IOException;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.SocketTimeoutException;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import org.apache.http.HttpHost;
import org.apache.http.conn.ConnectTimeoutException;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.params.HttpConnectionParams;
import org.apache.http.params.HttpParams;

/* loaded from: input_file:htmlunit-2.12.jar:com/gargoylesoftware/htmlunit/HtmlUnitSSLSocketFactory.class */
class HtmlUnitSSLSocketFactory extends SSLSocketFactory {
    private static final String SSL3ONLY = "htmlunit.SSL3Only";

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void setUseSSL3Only(HttpParams httpParams, boolean z) {
        httpParams.setParameter(SSL3ONLY, Boolean.valueOf(z));
    }

    static boolean isUseSSL3Only(HttpParams httpParams) {
        return httpParams.getBooleanParameter(SSL3ONLY, false);
    }

    public static SSLSocketFactory buildSSLSocketFactory(WebClientOptions webClientOptions) {
        try {
            if (!webClientOptions.isUseInsecureSSL()) {
                return webClientOptions.getSSLClientCertificateUrl() == null ? new HtmlUnitSSLSocketFactory() : new HtmlUnitSSLSocketFactory(getKeyStore(webClientOptions), webClientOptions.getSSLClientCertificatePassword(), SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
            }
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(getKeyManagers(webClientOptions), new TrustManager[]{new InsecureTrustManager()}, null);
            return new HtmlUnitSSLSocketFactory(sSLContext, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    HtmlUnitSSLSocketFactory(SSLContext sSLContext, X509HostnameVerifier x509HostnameVerifier) {
        super(sSLContext, x509HostnameVerifier);
    }

    HtmlUnitSSLSocketFactory() {
        super(createSSLContext());
    }

    HtmlUnitSSLSocketFactory(KeyStore keyStore, String str, X509HostnameVerifier x509HostnameVerifier) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
        super("TLS", keyStore, str, null, null, null, x509HostnameVerifier);
    }

    private static SSLContext createSSLContext() {
        try {
            Method declaredMethod = SSLSocketFactory.class.getDeclaredMethod("createDefaultSSLContext", new Class[0]);
            declaredMethod.setAccessible(true);
            return (SSLContext) declaredMethod.invoke(null, new Object[0]);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.apache.http.conn.ssl.SSLSocketFactory, org.apache.http.conn.scheme.SchemeSocketFactory
    public Socket createSocket(HttpParams httpParams) throws IOException {
        if (SocksSocketFactory.getSocksProxy(httpParams) != null) {
            return null;
        }
        Socket createSocket = super.createSocket(httpParams);
        configureSocket((SSLSocket) createSocket, httpParams);
        return createSocket;
    }

    private void configureSocket(SSLSocket sSLSocket, HttpParams httpParams) {
        if (isUseSSL3Only(httpParams)) {
            sSLSocket.setEnabledProtocols(new String[]{"SSLv3"});
        }
    }

    @Override // org.apache.http.conn.ssl.SSLSocketFactory, org.apache.http.conn.scheme.SchemeSocketFactory
    public Socket connectSocket(Socket socket, InetSocketAddress inetSocketAddress, InetSocketAddress inetSocketAddress2, HttpParams httpParams) throws IOException, UnknownHostException, ConnectTimeoutException {
        HttpHost socksProxy = SocksSocketFactory.getSocksProxy(httpParams);
        if (socksProxy == null) {
            return super.connectSocket(socket, inetSocketAddress, inetSocketAddress2, httpParams);
        }
        Socket createSocketWithSocksProxy = SocksSocketFactory.createSocketWithSocksProxy(socksProxy);
        createSocketWithSocksProxy.setReuseAddress(true);
        int connectionTimeout = HttpConnectionParams.getConnectionTimeout(httpParams);
        int soTimeout = HttpConnectionParams.getSoTimeout(httpParams);
        InetSocketAddress inetSocketAddress3 = new InetSocketAddress(socksProxy.getHostName(), socksProxy.getPort());
        try {
            createSocketWithSocksProxy.setSoTimeout(soTimeout);
            createSocketWithSocksProxy.connect(inetSocketAddress, connectionTimeout);
            Socket createSocket = getSSLSocketFactory().createSocket(createSocketWithSocksProxy, socksProxy.getHostName(), socksProxy.getPort(), true);
            configureSocket((SSLSocket) createSocket, httpParams);
            return createSocket;
        } catch (SocketTimeoutException e) {
            throw new ConnectTimeoutException("Connect to " + inetSocketAddress3 + " timed out");
        }
    }

    private javax.net.ssl.SSLSocketFactory getSSLSocketFactory() {
        try {
            Field declaredField = SSLSocketFactory.class.getDeclaredField("socketfactory");
            declaredField.setAccessible(true);
            return (javax.net.ssl.SSLSocketFactory) declaredField.get(this);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private static KeyManager[] getKeyManagers(WebClientOptions webClientOptions) {
        if (webClientOptions.getSSLClientCertificateUrl() == null) {
            return null;
        }
        try {
            String sSLClientCertificatePassword = webClientOptions.getSSLClientCertificatePassword();
            char[] charArray = sSLClientCertificatePassword != null ? sSLClientCertificatePassword.toCharArray() : null;
            KeyStore keyStore = getKeyStore(webClientOptions);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
            keyManagerFactory.init(keyStore, charArray);
            return keyManagerFactory.getKeyManagers();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private static KeyStore getKeyStore(WebClientOptions webClientOptions) {
        try {
            KeyStore keyStore = KeyStore.getInstance(webClientOptions.getSSLClientCertificateType());
            String sSLClientCertificatePassword = webClientOptions.getSSLClientCertificatePassword();
            keyStore.load(webClientOptions.getSSLClientCertificateUrl().openStream(), sSLClientCertificatePassword != null ? sSLClientCertificatePassword.toCharArray() : null);
            return keyStore;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
