package com.ibm.xtools.rmpx.oauth.internal.jaf;

import com.ibm.xtools.rmpx.oauth.CertificateHostnameMismatchException;
import com.ibm.xtools.rmpx.oauth.ICertificateValidator;
import com.ibm.xtools.rmpx.oauth.JfsX509TrustManager;
import com.ibm.xtools.rmpx.oauth.internal.osgi.LogHelper;
import com.ibm.xtools.rmpx.oauth.internal.osgi.NlsHelper;
import com.ibm.xtools.rmpx.oauth.l10n.Messages;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import org.apache.http.conn.ssl.X509HostnameVerifier;

/* loaded from: input_file:com/ibm/xtools/rmpx/oauth/internal/jaf/CertificateHostNameVerifier.class */
public class CertificateHostNameVerifier implements X509HostnameVerifier {
    private static final ConcurrentMap<String, X509Certificate> hostnameToCertificate = new ConcurrentHashMap();
    private X509HostnameVerifier verifier;
    private ICertificateValidator validator;
    private static /* synthetic */ int[] $SWITCH_TABLE$com$ibm$xtools$rmpx$oauth$JfsX509TrustManager$Trust;

    public CertificateHostNameVerifier(X509HostnameVerifier x509HostnameVerifier, ICertificateValidator iCertificateValidator) {
        this.verifier = x509HostnameVerifier;
        this.validator = iCertificateValidator;
    }

    @Override // org.apache.http.conn.ssl.X509HostnameVerifier
    public void verify(String str, String[] strArr, String[] strArr2) throws SSLException {
        this.verifier.verify(str, strArr, strArr2);
    }

    @Override // org.apache.http.conn.ssl.X509HostnameVerifier, javax.net.ssl.HostnameVerifier
    public boolean verify(String str, SSLSession sSLSession) {
        return this.verifier.verify(str, sSLSession);
    }

    @Override // org.apache.http.conn.ssl.X509HostnameVerifier
    public void verify(String str, SSLSocket sSLSocket) throws IOException {
        try {
            this.verifier.verify(str, sSLSocket);
        } catch (IOException e) {
            handleCertificateHostnameMismatch(str, sSLSocket.getPort(), sSLSocket, e);
        }
    }

    @Override // org.apache.http.conn.ssl.X509HostnameVerifier
    public void verify(String str, X509Certificate x509Certificate) throws SSLException {
        this.verifier.verify(str, x509Certificate);
    }

    private void handleCertificateHostnameMismatch(String str, int i, SSLSocket sSLSocket, IOException iOException) throws SSLPeerUnverifiedException, IOException {
        X509Certificate x509Certificate = null;
        Certificate[] peerCertificates = sSLSocket.getSession().getPeerCertificates();
        if (peerCertificates != null && peerCertificates.length > 0 && (peerCertificates[0] instanceof X509Certificate)) {
            x509Certificate = (X509Certificate) peerCertificates[0];
        }
        String str2 = String.valueOf(str) + '-' + i;
        X509Certificate x509Certificate2 = hostnameToCertificate.get(str2);
        if (x509Certificate2 == null || !x509Certificate2.equals(x509Certificate)) {
            if (isPermanentlyAccepted(str2, x509Certificate)) {
                hostnameToCertificate.put(str2, x509Certificate);
                return;
            }
            if (this.validator != null) {
                switch ($SWITCH_TABLE$com$ibm$xtools$rmpx$oauth$JfsX509TrustManager$Trust()[this.validator.validate(x509Certificate, new CertificateHostnameMismatchException(NlsHelper.bind(Messages.OAUTH_HOSTNAME_MISMATCH, str))).ordinal()]) {
                    case 1:
                        throw iOException;
                    case 2:
                    default:
                        return;
                    case 3:
                        hostnameToCertificate.put(str2, x509Certificate);
                        return;
                    case 4:
                        storePermanentlyAccepted(str2, x509Certificate);
                        return;
                }
            }
        }
    }

    private static String getHostnameCertStoreDirectory() {
        return String.valueOf(System.getProperty("user.home")) + "/.jazzhostnamecerts";
    }

    private static boolean isPermanentlyAccepted(String str, X509Certificate x509Certificate) throws IOException {
        File file = new File((String.valueOf(getHostnameCertStoreDirectory()) + '/' + str).replace('/', File.separatorChar));
        if (!file.exists()) {
            return false;
        }
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            try {
                X509Certificate x509Certificate2 = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(fileInputStream);
                fileInputStream.close();
                return x509Certificate2.equals(x509Certificate);
            } catch (CertificateException e) {
                LogHelper.warning(NlsHelper.bind("The certificate in file \"{0}\" could not be read.", file.getAbsolutePath()), e);
                fileInputStream.close();
                return false;
            }
        } catch (Throwable th) {
            fileInputStream.close();
            throw th;
        }
    }

    private static void storePermanentlyAccepted(String str, X509Certificate x509Certificate) throws IOException {
        File file = new File(getHostnameCertStoreDirectory());
        if (!file.exists() && !file.mkdirs()) {
            LogHelper.warning(NlsHelper.bind("The directory \"{0}\" could not be created", file.getAbsolutePath()));
            return;
        }
        File file2 = new File(file, str);
        FileOutputStream fileOutputStream = new FileOutputStream(file2, false);
        try {
            ByteBuffer wrap = ByteBuffer.wrap(x509Certificate.getEncoded());
            while (wrap.hasRemaining()) {
                fileOutputStream.getChannel().write(wrap);
            }
        } catch (CertificateEncodingException e) {
            LogHelper.warning(NlsHelper.bind("A certificate could not be saved to file \"{0}\".", file2.getAbsolutePath()), e);
        } finally {
            fileOutputStream.close();
        }
    }

    static /* synthetic */ int[] $SWITCH_TABLE$com$ibm$xtools$rmpx$oauth$JfsX509TrustManager$Trust() {
        int[] iArr = $SWITCH_TABLE$com$ibm$xtools$rmpx$oauth$JfsX509TrustManager$Trust;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[JfsX509TrustManager.Trust.valuesCustom().length];
        try {
            iArr2[JfsX509TrustManager.Trust.ACCEPT_CONNECTION.ordinal()] = 2;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[JfsX509TrustManager.Trust.ACCEPT_PERMANENT.ordinal()] = 4;
        } catch (NoSuchFieldError unused2) {
        }
        try {
            iArr2[JfsX509TrustManager.Trust.ACCEPT_SESSION.ordinal()] = 3;
        } catch (NoSuchFieldError unused3) {
        }
        try {
            iArr2[JfsX509TrustManager.Trust.REJECT.ordinal()] = 1;
        } catch (NoSuchFieldError unused4) {
        }
        $SWITCH_TABLE$com$ibm$xtools$rmpx$oauth$JfsX509TrustManager$Trust = iArr2;
        return iArr2;
    }
}
