package com.predic8.membrane.core.transport.ssl;

import com.oracle.util.ssl.SSLCapabilities;
import com.oracle.util.ssl.SSLExplorer;
import com.predic8.membrane.core.config.ConfigurationException;
import com.predic8.membrane.core.rules.ServiceProxyKey;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import javax.annotation.Nullable;
import javax.net.ssl.SNIServerName;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/service-proxy-core-4.8.7.jar:com/predic8/membrane/core/transport/ssl/SSLContextCollection.class */
public class SSLContextCollection implements SSLProvider {
    private static final Logger log = LoggerFactory.getLogger(SSLContextCollection.class.getName());
    private final List<SSLContext> sslContexts;
    private final List<Pattern> dnsNames;

    /* loaded from: input_file:WEB-INF/lib/service-proxy-core-4.8.7.jar:com/predic8/membrane/core/transport/ssl/SSLContextCollection$Builder.class */
    public static class Builder {
        private List<String> dnsNames = new ArrayList();
        private List<SSLContext> sslContexts = new ArrayList();

        public SSLProvider build() throws ConfigurationException {
            if (this.sslContexts.isEmpty()) {
                throw new IllegalStateException("No SSLContext's were added to this Builder before invoking build().");
            }
            return this.sslContexts.size() > 1 ? new SSLContextCollection(this.sslContexts, this.dnsNames) : this.sslContexts.get(0);
        }

        public void add(SSLContext sSLContext) {
            if (this.sslContexts.contains(sSLContext)) {
                return;
            }
            this.sslContexts.add(sSLContext);
            this.dnsNames.add(sSLContext.constructHostNamePattern());
        }
    }

    private SSLContextCollection(List<SSLContext> list, List<String> list2) {
        this.dnsNames = new ArrayList();
        Iterator<String> it = list2.iterator();
        while (it.hasNext()) {
            this.dnsNames.add(Pattern.compile(ServiceProxyKey.createHostPattern(it.next()), 2));
        }
        this.sslContexts = list;
    }

    @Override // com.predic8.membrane.core.transport.ssl.SSLProvider
    public ServerSocket createServerSocket(int i, int i2, InetAddress inetAddress) throws IOException {
        return new ServerSocket(i, 50, inetAddress);
    }

    @Override // com.predic8.membrane.core.transport.ssl.SSLProvider
    public Socket wrapAcceptedSocket(Socket socket) throws IOException {
        List<SNIServerName> serverNames;
        InputStream inputStream = socket.getInputStream();
        byte[] bArr = new byte[255];
        int i = 0;
        socket.setSoTimeout(30000);
        while (i < 5) {
            int read = inputStream.read(bArr, i, 5 - i);
            if (read < 0) {
                throw new IOException("unexpected end of stream!");
            }
            i += read;
        }
        int requiredSize = SSLExplorer.getRequiredSize(bArr, 0, i);
        if (bArr.length < requiredSize) {
            bArr = Arrays.copyOf(bArr, requiredSize);
        }
        while (i < requiredSize) {
            int read2 = inputStream.read(bArr, i, requiredSize - i);
            if (read2 < 0) {
                throw new IOException("unexpected end of stream!");
            }
            i += read2;
        }
        SSLCapabilities explore = SSLExplorer.explore(bArr, 0, requiredSize);
        SSLContext sSLContext = null;
        if (explore != null && (serverNames = explore.getServerNames()) != null && serverNames.size() > 0) {
            Iterator<SNIServerName> it = serverNames.iterator();
            loop2: while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String str = new String(it.next().getEncoded(), "UTF-8");
                for (int i2 = 0; i2 < this.dnsNames.size(); i2++) {
                    if (this.dnsNames.get(i2).matcher(str).matches()) {
                        sSLContext = this.sslContexts.get(i2);
                        break loop2;
                    }
                }
            }
            if (sSLContext == null) {
                try {
                    socket.getOutputStream().write(new byte[]{21, 3, 1, 0, 2, 2, 112});
                    socket.close();
                    StringBuilder sb = null;
                    for (SNIServerName sNIServerName : serverNames) {
                        if (sb == null) {
                            sb = new StringBuilder();
                        } else {
                            sb.append(", ");
                        }
                        sb.append(new String(sNIServerName.getEncoded(), "UTF-8"));
                    }
                    throw new RuntimeException("no certificate configured (sending unrecognized_name alert) for hostname \"" + ((Object) sb) + "\"");
                } catch (Throwable th) {
                    socket.close();
                    throw th;
                }
            }
        }
        if (sSLContext == null) {
            Iterator<SSLContext> it2 = this.sslContexts.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                SSLContext next = it2.next();
                if (next.isUseAsDefault()) {
                    sSLContext = next;
                    break;
                }
            }
        }
        if (sSLContext == null) {
            sSLContext = this.sslContexts.get(0);
        }
        return sSLContext.wrap(socket, bArr, i);
    }

    private SSLContext getSSLContextForHostname(String str) {
        SSLContext sSLContext = null;
        int i = 0;
        while (true) {
            if (i >= this.dnsNames.size()) {
                break;
            }
            if (this.dnsNames.get(i).matcher(str).matches()) {
                sSLContext = this.sslContexts.get(i);
                break;
            }
            i++;
        }
        if (sSLContext == null) {
            sSLContext = this.sslContexts.get(0);
        }
        return sSLContext;
    }

    @Override // com.predic8.membrane.core.transport.ssl.SSLProvider
    public Socket createSocket() throws IOException {
        throw new IllegalStateException("not implemented");
    }

    @Override // com.predic8.membrane.core.transport.ssl.SSLProvider
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2, int i3, @Nullable String str2) throws IOException {
        return getSSLContextForHostname(str).createSocket(str, i, inetAddress, i2, i3, str2);
    }

    @Override // com.predic8.membrane.core.transport.ssl.SSLProvider
    public boolean showSSLExceptions() {
        Iterator<SSLContext> it = this.sslContexts.iterator();
        while (it.hasNext()) {
            if (!it.next().showSSLExceptions()) {
                return false;
            }
        }
        return true;
    }

    @Override // com.predic8.membrane.core.transport.ssl.SSLProvider
    public Socket createSocket(String str, int i, int i2, @Nullable String str2) throws IOException {
        return getSSLContextForHostname(str).createSocket(str, i, i2, str2);
    }

    @Override // com.predic8.membrane.core.transport.ssl.SSLProvider
    public Socket createSocket(Socket socket, String str, int i, int i2, @Nullable String str2) throws IOException {
        return getSSLContextForHostname(str).createSocket(socket, str, i, i2, str2);
    }
}
