package sun.net.www.protocol.https;

import com.ibm.security.x509.X500Name;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.io.PrintStream;
import java.io.UnsupportedEncodingException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.URL;
import java.net.UnknownHostException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.List;
import java.util.StringTokenizer;
import java.util.Vector;
import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import sun.misc.RegexpPool;
import sun.net.www.http.HttpClient;
import sun.security.action.GetPropertyAction;

/* loaded from: input_file:efixes/PQ96910_linux_i386/components/prereq.jdk/update.jar:/java/jre/lib/javaplugin.jar:sun/net/www/protocol/https/HttpsClient.class */
final class HttpsClient extends HttpClient implements HandshakeCompletedListener {
    private static final int httpsPortNumber = 443;
    private HostnameVerifier hv;
    private SSLSocketFactory sslSocketFactory;
    private String instTunnelHost;
    private int instTunnelPort;
    private SSLSession session;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // sun.net.www.http.HttpClient
    public int getDefaultPort() {
        return httpsPortNumber;
    }

    private String getProxyHost() {
        String str = (String) AccessController.doPrivileged(new GetPropertyAction("https.proxyHost"));
        if (str != null && str.length() == 0) {
            str = null;
        }
        return str;
    }

    private int getProxyPort() {
        int[] iArr = {0};
        AccessController.doPrivileged(new PrivilegedAction(this, iArr) { // from class: sun.net.www.protocol.https.HttpsClient.1
            private final int[] val$port;
            private final HttpsClient this$0;

            {
                this.this$0 = this;
                this.val$port = iArr;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                if (System.getProperty("https.proxyHost") == null) {
                    return null;
                }
                this.val$port[0] = Integer.getInteger("https.proxyPort", 80).intValue();
                return null;
            }
        });
        return iArr[0] < 0 ? super.getDefaultPort() : iArr[0];
    }

    private String[] getCipherSuites() {
        String[] strArr;
        String str = (String) AccessController.doPrivileged(new GetPropertyAction("https.cipherSuites"));
        if (str == null || "".equals(str)) {
            strArr = null;
        } else {
            Vector vector = new Vector();
            StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
            while (stringTokenizer.hasMoreElements()) {
                vector.addElement(stringTokenizer.nextElement());
            }
            strArr = new String[vector.size()];
            for (int i = 0; i < strArr.length; i++) {
                strArr[i] = (String) vector.elementAt(i);
            }
        }
        return strArr;
    }

    private String[] getProtocols() {
        String[] strArr;
        String str = (String) AccessController.doPrivileged(new GetPropertyAction("https.protocols"));
        if (str == null || "".equals(str)) {
            strArr = null;
        } else {
            Vector vector = new Vector();
            StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
            while (stringTokenizer.hasMoreElements()) {
                vector.addElement(stringTokenizer.nextElement());
            }
            strArr = new String[vector.size()];
            for (int i = 0; i < strArr.length; i++) {
                strArr[i] = (String) vector.elementAt(i);
            }
        }
        return strArr;
    }

    private RegexpPool getDontProxy() {
        RegexpPool regexpPool = new RegexpPool();
        String str = (String) AccessController.doPrivileged(new GetPropertyAction("http.nonProxyHosts"));
        if (str != null) {
            StringTokenizer stringTokenizer = new StringTokenizer(str, "|", false);
            while (stringTokenizer.hasMoreTokens()) {
                try {
                    regexpPool.add(stringTokenizer.nextToken().toLowerCase(), new Boolean(true));
                } catch (Exception e) {
                    e.printStackTrace();
                }
            }
        }
        return regexpPool;
    }

    private String getUserAgent() {
        String str = (String) AccessController.doPrivileged(new GetPropertyAction("https.agent"));
        if (str == null || str.length() == 0) {
            str = "JSSE";
        }
        return str;
    }

    private HttpsClient(SSLSocketFactory sSLSocketFactory, URL url) throws IOException {
        this(sSLSocketFactory, url, (String) null, -1);
    }

    HttpsClient(SSLSocketFactory sSLSocketFactory, URL url, String str, int i) throws IOException {
        setSSLSocketFactory(sSLSocketFactory);
        if (str != null) {
            setTunnelProxy(str, i);
        }
        this.proxyDisabled = true;
        try {
            this.host = InetAddress.getByName(url.getHost()).getHostAddress();
        } catch (UnknownHostException e) {
            this.host = url.getHost();
        }
        this.url = url;
        this.port = url.getPort();
        if (this.port == -1) {
            this.port = getDefaultPort();
        }
        openServer();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static HttpClient New(SSLSocketFactory sSLSocketFactory, URL url, HostnameVerifier hostnameVerifier) throws IOException {
        return New(sSLSocketFactory, url, hostnameVerifier, true);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static HttpClient New(SSLSocketFactory sSLSocketFactory, URL url, HostnameVerifier hostnameVerifier, boolean z) throws IOException {
        return New(sSLSocketFactory, url, hostnameVerifier, (String) null, -1, z);
    }

    static HttpClient New(SSLSocketFactory sSLSocketFactory, URL url, HostnameVerifier hostnameVerifier, String str, int i) throws IOException {
        return New(sSLSocketFactory, url, hostnameVerifier, str, i, true);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static HttpClient New(SSLSocketFactory sSLSocketFactory, URL url, HostnameVerifier hostnameVerifier, String str, int i, boolean z) throws IOException {
        HttpsClient httpsClient = null;
        if (z) {
            httpsClient = (HttpsClient) kac.get(url, sSLSocketFactory);
            if (httpsClient != null) {
                httpsClient.cachedHttpClient = true;
            }
        }
        if (httpsClient == null) {
            httpsClient = new HttpsClient(sSLSocketFactory, url, str, i);
        } else {
            SecurityManager securityManager = System.getSecurityManager();
            if (securityManager != null) {
                securityManager.checkConnect(url.getHost(), url.getPort());
            }
            httpsClient.url = url;
        }
        httpsClient.setHostnameVerifier(hostnameVerifier);
        return httpsClient;
    }

    void setHostnameVerifier(HostnameVerifier hostnameVerifier) {
        this.hv = hostnameVerifier;
    }

    void setSSLSocketFactory(SSLSocketFactory sSLSocketFactory) {
        this.sslSocketFactory = sSLSocketFactory;
    }

    void setTunnelProxy(String str, int i) {
        this.instTunnelHost = str;
        this.instTunnelPort = i < 0 ? getDefaultPort() : i;
    }

    SSLSocketFactory getSSLSocketFactory() {
        return this.sslSocketFactory;
    }

    private boolean isNonProxyHost() {
        RegexpPool dontProxy = getDontProxy();
        if (dontProxy.match(this.url.getHost().toLowerCase()) != null) {
            return true;
        }
        try {
            return dontProxy.match(InetAddress.getByName(this.url.getHost()).getHostAddress()) != null;
        } catch (UnknownHostException e) {
            return false;
        }
    }

    @Override // sun.net.www.http.HttpClient
    public boolean needsTunneling() {
        return (this.instTunnelHost == null || isNonProxyHost()) ? false : true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // sun.net.NetworkClient
    public Socket doConnect(String str, int i) throws IOException, UnknownHostException {
        Socket createSocket;
        this.instTunnelHost = this.instTunnelHost != null ? this.instTunnelHost : getProxyHost();
        this.instTunnelPort = this.instTunnelPort != 0 ? this.instTunnelPort : getProxyPort();
        SSLSocketFactory sSLSocketFactory = this.sslSocketFactory;
        if (this.instTunnelHost == null || isNonProxyHost()) {
            createSocket = sSLSocketFactory.createSocket(str, i);
        } else {
            try {
                createSocket = (Socket) AccessController.doPrivileged(new PrivilegedExceptionAction(this) { // from class: sun.net.www.protocol.https.HttpsClient.2
                    private final HttpsClient this$0;

                    {
                        this.this$0 = this;
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws IOException {
                        return new Socket(this.this$0.instTunnelHost, this.this$0.instTunnelPort);
                    }
                });
            } catch (IOException e) {
                try {
                    createSocket = (SSLSocket) sSLSocketFactory.createSocket(str, i);
                } catch (IOException e2) {
                    throw e;
                }
            } catch (PrivilegedActionException e3) {
                throw ((IOException) e3.getException());
            }
        }
        return createSocket;
    }

    @Override // sun.net.www.http.HttpClient
    public void afterConnect() throws IOException, UnknownHostException {
        SSLSocket sSLSocket;
        if (isCachedConnection()) {
            this.session = ((SSLSocket) this.serverSocket).getSession();
            return;
        }
        SSLSocketFactory sSLSocketFactory = this.sslSocketFactory;
        try {
            sSLSocket = !(this.serverSocket instanceof SSLSocket) ? (SSLSocket) sSLSocketFactory.createSocket(this.serverSocket, this.host, this.port, true) : (SSLSocket) this.serverSocket;
        } catch (IOException e) {
            try {
                sSLSocket = (SSLSocket) sSLSocketFactory.createSocket(this.host, this.port);
            } catch (IOException e2) {
                throw e;
            }
        }
        String[] protocols = getProtocols();
        String[] cipherSuites = getCipherSuites();
        if (protocols != null) {
            sSLSocket.setEnabledProtocols(protocols);
        }
        if (cipherSuites != null) {
            sSLSocket.setEnabledCipherSuites(cipherSuites);
        }
        sSLSocket.addHandshakeCompletedListener(this);
        sSLSocket.startHandshake();
        this.session = sSLSocket.getSession();
        this.serverSocket = sSLSocket;
        try {
            this.serverOutput = new PrintStream(new BufferedOutputStream(this.serverSocket.getOutputStream()), false, encoding);
            checkURLSpoofing(this.hv);
        } catch (UnsupportedEncodingException e3) {
            throw new InternalError(new StringBuffer().append(encoding).append(" encoding not found").toString());
        }
    }

    private void checkURLSpoofing(HostnameVerifier hostnameVerifier) throws IOException {
        Certificate[] peerCertificates;
        boolean z = false;
        String host = this.url.getHost();
        if (host != null && host.startsWith("[") && host.endsWith("]")) {
            host = host.substring(1, host.length() - 1);
        }
        try {
            peerCertificates = this.session.getPeerCertificates();
        } catch (CertificateParsingException e) {
        } catch (SSLPeerUnverifiedException e2) {
        }
        if (!(peerCertificates[0] instanceof X509Certificate)) {
            throw new SSLPeerUnverifiedException("");
        }
        X509Certificate x509Certificate = (X509Certificate) peerCertificates[0];
        Collection<List> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
        if (subjectAlternativeNames != null) {
            for (List list : subjectAlternativeNames) {
                if (((Integer) list.get(0)).intValue() == 7) {
                    if (host.equalsIgnoreCase((String) list.get(1))) {
                        return;
                    } else {
                        z = true;
                    }
                } else if (((Integer) list.get(0)).intValue() == 2) {
                    if (isMatched(host, ((String) list.get(1)).toLowerCase())) {
                        return;
                    } else {
                        z = true;
                    }
                } else {
                    continue;
                }
            }
        }
        if (!z) {
            if (isMatched(host, new X500Name(x509Certificate.getSubjectDN().getName()).getCommonName())) {
                return;
            }
        }
        String cipherSuite = this.session.getCipherSuite();
        if (cipherSuite == null || cipherSuite.indexOf("_anon_") == -1) {
            if (hostnameVerifier == null || !hostnameVerifier.verify(host, this.session)) {
                this.serverSocket.close();
                this.session.invalidate();
                throw new IOException(new StringBuffer().append("HTTPS hostname wrong:  should be <").append(this.url.getHost()).append(">").toString());
            }
        }
    }

    private boolean isMatched(String str, String str2) {
        try {
            String lowerCase = str.toLowerCase();
            String lowerCase2 = str2.toLowerCase();
            StringTokenizer stringTokenizer = new StringTokenizer(lowerCase, ".");
            StringTokenizer stringTokenizer2 = new StringTokenizer(lowerCase2, ".");
            if (stringTokenizer.countTokens() != stringTokenizer2.countTokens()) {
                return false;
            }
            while (stringTokenizer.hasMoreTokens()) {
                String nextToken = stringTokenizer.nextToken();
                String nextToken2 = stringTokenizer2.nextToken();
                int indexOf = nextToken2.indexOf("*");
                while (indexOf != -1) {
                    String substring = nextToken2.substring(0, indexOf);
                    nextToken2 = nextToken2.substring(indexOf + 1);
                    int indexOf2 = nextToken.indexOf(substring);
                    if (indexOf2 == -1) {
                        return false;
                    }
                    nextToken = nextToken.substring(indexOf2 + substring.length());
                    indexOf = nextToken2.indexOf("*");
                }
                if (indexOf < 0 && !nextToken.endsWith(nextToken2)) {
                    return false;
                }
            }
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    @Override // sun.net.www.http.HttpClient
    protected void putInKeepAliveCache() {
        kac.put(this.url, this.sslSocketFactory, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getCipherSuite() {
        return this.session.getCipherSuite();
    }

    public Certificate[] getLocalCertificates() {
        return this.session.getLocalCertificates();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Certificate[] getServerCertificates() throws SSLPeerUnverifiedException {
        return this.session.getPeerCertificates();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public javax.security.cert.X509Certificate[] getServerCertificateChain() throws SSLPeerUnverifiedException {
        return this.session.getPeerCertificateChain();
    }

    @Override // javax.net.ssl.HandshakeCompletedListener
    public void handshakeCompleted(HandshakeCompletedEvent handshakeCompletedEvent) {
        this.session = handshakeCompletedEvent.getSession();
    }

    @Override // sun.net.www.http.HttpClient
    public String getProxyHostUsed() {
        if (needsTunneling()) {
            return this.instTunnelHost;
        }
        return null;
    }

    @Override // sun.net.www.http.HttpClient
    public int getProxyPortUsed() {
        return this.instTunnelPort;
    }
}
