package com.ibm.team.repository.transport.client;

import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.X509HostnameVerifier;

/* loaded from: input_file:com/ibm/team/repository/transport/client/SSLUtils.class */
public class SSLUtils {
    public static final String VALIDATE_CERTS_PROP = "com.ibm.team.clm.ssl.validateCertificates";
    public static final String USE_SECURE_TRUST_MANAGER_PROP = "com.ibm.team.clm.ssl.useSecureTrustManager";
    public static final String USE_SECURE_HOSTNAME_VERIFIER_PROP = "com.ibm.team.clm.ssl.useSecureHostnameVerifier";
    public static final String CLIENT_SSL_PROTOCOL_PROPERTY = "com.ibm.team.repository.transport.client.protocol";
    private static final Log _log = LogFactory.getLog(SSLUtils.class);
    private static final TrustingTrustManager trustingTM = new TrustingTrustManager(null);
    public static final List<String> DEFAULT_PROTOCOLS = Collections.unmodifiableList(Arrays.asList("SSL_TLSv2", "TLS", "SSL"));

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/ibm/team/repository/transport/client/SSLUtils$TrustingTrustManager.class */
    public static class TrustingTrustManager implements X509TrustManager {
        private static final X509Certificate[] emptyArray = new X509Certificate[0];

        private TrustingTrustManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return emptyArray;
        }

        /* synthetic */ TrustingTrustManager(TrustingTrustManager trustingTrustManager) {
            this();
        }
    }

    public static boolean isValidateCertificates() {
        return Boolean.parseBoolean(System.getProperty(VALIDATE_CERTS_PROP, "false"));
    }

    public static boolean isUseSecureTrustManager() {
        String property = System.getProperty(USE_SECURE_TRUST_MANAGER_PROP);
        return property == null ? isValidateCertificates() : Boolean.parseBoolean(property);
    }

    public static boolean isUseSecureHostnameVerifier() {
        String property = System.getProperty(USE_SECURE_HOSTNAME_VERIFIER_PROP);
        return property == null ? isValidateCertificates() : Boolean.parseBoolean(property);
    }

    public static SSLSocketFactory createSocketFactory() {
        return new SSLSocketFactory(createSSLContext(getDefaultTrustManager()), getDefaultX509HostnameVerifier());
    }

    public static SSLContext createSSLContext() {
        return createSSLContext(getSSLProtocols(null), (KeyManager[]) null, getDefaultTrustManager());
    }

    public static SSLContext createSSLContext(TrustManager trustManager) {
        return createSSLContext(getSSLProtocols(null), (KeyManager[]) null, trustManager);
    }

    public static SSLContext createSSLContext(List<String> list, KeyManager[] keyManagerArr, TrustManager trustManager) {
        logDebug("SSL Algorithm Priority: " + list);
        for (String str : getSSLProtocols(list)) {
            SSLContext createSSLContext = createSSLContext(str, keyManagerArr, trustManager);
            if (createSSLContext != null) {
                return createSSLContext;
            }
            logDebug(MessageFormat.format("Failed to create {0} context", str));
        }
        logDebug("No acceptable encryption algorithm found");
        throw new RuntimeException("No acceptable encryption algorithm found");
    }

    public static SSLContext createSSLContext(KeyManager[] keyManagerArr, TrustManager trustManager) {
        return createSSLContext((List<String>) null, keyManagerArr, trustManager);
    }

    public static SSLContext createSSLContext(String str, KeyManager[] keyManagerArr, TrustManager trustManager) {
        logDebug(MessageFormat.format("Creating {0} context", str));
        try {
            SSLContext sSLContext = SSLContext.getInstance(str);
            sSLContext.init(keyManagerArr, trustManager == null ? null : new TrustManager[]{trustManager}, null);
            sSLContext.getSocketFactory().createSocket().close();
            return sSLContext;
        } catch (Throwable th) {
            logDebug(th.getMessage(), th);
            return null;
        }
    }

    public static List<String> getSSLProtocols(List<String> list) {
        if (list != null) {
            return list;
        }
        String property = System.getProperty(CLIENT_SSL_PROTOCOL_PROPERTY);
        return property != null ? Arrays.asList(property) : DEFAULT_PROTOCOLS;
    }

    public static X509TrustManager getDefaultTrustManager() {
        return isUseSecureTrustManager() ? getSecureTrustManager() : getTrustingTrustManager();
    }

    public static X509TrustManager getTrustingTrustManager() {
        return trustingTM;
    }

    public static X509TrustManager getSecureTrustManager() {
        return null;
    }

    public static HostnameVerifier getDefaultX509HostnameVerifier2() {
        return isUseSecureHostnameVerifier() ? new DefaultHostnameVerifier() : new NoopHostnameVerifier();
    }

    public static X509HostnameVerifier getDefaultX509HostnameVerifier() {
        return isUseSecureHostnameVerifier() ? getSecureX509HostNameverifier() : getTrustingX509HostnameVerifier();
    }

    public static HostnameVerifier getDefaultHostnameVerifier() {
        return getDefaultX509HostnameVerifier();
    }

    public static HostnameVerifier getDefaultHostnameVerifier2() {
        return getDefaultX509HostnameVerifier2();
    }

    public static X509HostnameVerifier getTrustingX509HostnameVerifier() {
        return SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
    }

    public static HostnameVerifier getTrustingX509HostnameVerifier2() {
        return new NoopHostnameVerifier();
    }

    public static X509HostnameVerifier getSecureX509HostNameverifier() {
        return SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER;
    }

    public static HostnameVerifier getSecureX509HostNameverifier2() {
        return new DefaultHostnameVerifier();
    }

    private static void logDebug(String str) {
        if (_log.isDebugEnabled()) {
            _log.debug(str);
        }
    }

    private static void logDebug(String str, Throwable th) {
        if (_log.isDebugEnabled()) {
            _log.debug(str, th);
        }
    }
}
