package org.apache.avalon.cornerstone.blocks.sockets;

import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import org.apache.avalon.cornerstone.services.sockets.SocketFactory;
import org.apache.avalon.framework.activity.Initializable;
import org.apache.avalon.framework.configuration.Configurable;
import org.apache.avalon.framework.configuration.Configuration;
import org.apache.avalon.framework.configuration.ConfigurationException;
import org.apache.avalon.framework.context.Contextualizable;

/* loaded from: input_file:org/apache/avalon/cornerstone/blocks/sockets/TLSSocketFactory.class */
public class TLSSocketFactory extends AbstractTLSSocketFactory implements SocketFactory, Contextualizable, Configurable, Initializable {
    private SSLSocketFactory m_factory;
    private boolean m_verifyServerIdentity;

    @Override // org.apache.avalon.cornerstone.blocks.sockets.AbstractTLSSocketFactory
    public void configure(Configuration configuration) throws ConfigurationException {
        super.configure(configuration);
        this.m_verifyServerIdentity = configuration.getChild("verify-server-identity").getValueAsBoolean(false);
    }

    @Override // org.apache.avalon.cornerstone.blocks.sockets.AbstractTLSSocketFactory
    protected void visitBuilder(SSLFactoryBuilder sSLFactoryBuilder) {
        this.m_factory = sSLFactoryBuilder.buildSocketFactory();
    }

    private Socket initSocket(Socket socket) throws IOException {
        socket.setSoTimeout(this.m_socketTimeOut);
        return socket;
    }

    private SSLSocket sslWrap(Socket socket, InetAddress inetAddress, int i) throws IOException {
        String hostName = inetAddress.getHostName();
        SSLSocket sSLSocket = (SSLSocket) this.m_factory.createSocket(socket, hostName, i, true);
        sSLSocket.startHandshake();
        SSLSession session = sSLSocket.getSession();
        String name = session.getPeerCertificateChain()[0].getSubjectDN().getName();
        if (!hostName.equals(getCN(name))) {
            throw new IOException(new StringBuffer().append("Host name mismatch, expected '").append(hostName).append("' recevied DN is ").append(name).toString());
        }
        if (getLogger().isDebugEnabled()) {
            getLogger().debug(new StringBuffer().append("DN of the server ").append(name).toString());
            getLogger().debug(new StringBuffer().append("Session id ").append((Object) bytesToString(session.getId())).toString());
        }
        return sSLSocket;
    }

    private StringBuffer bytesToString(byte[] bArr) {
        StringBuffer stringBuffer = new StringBuffer(bArr.length * 3);
        String str = "";
        for (int i = 0; i < bArr.length; i++) {
            byte b = bArr[i];
            stringBuffer.append(str).append(Integer.toHexString(b >= 0 ? b : 256 + b));
            str = ":";
        }
        return stringBuffer;
    }

    private String getCN(String str) {
        int length;
        int indexOf;
        int indexOf2 = str.indexOf("CN=");
        if (indexOf2 >= 0 && (indexOf = str.indexOf(44, (length = indexOf2 + "CN=".length()))) > 0) {
            return str.substring(length, indexOf);
        }
        return null;
    }

    @Override // org.apache.avalon.cornerstone.services.sockets.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
        return this.m_verifyServerIdentity ? sslWrap(initSocket(new Socket(inetAddress, i)), inetAddress, i) : initSocket(this.m_factory.createSocket(inetAddress, i));
    }

    @Override // org.apache.avalon.cornerstone.services.sockets.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
        return this.m_verifyServerIdentity ? sslWrap(initSocket(new Socket(inetAddress, i, inetAddress2, i2)), inetAddress, i) : initSocket(this.m_factory.createSocket(inetAddress, i));
    }
}
