package org.apache.cxf.transport.https;

import java.io.IOException;
import java.net.Proxy;
import java.net.URL;
import java.net.URLConnection;
import java.util.logging.Handler;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.configuration.security.SSLClientPolicy;
import org.apache.cxf.transport.http.URLConnectionFactory;

/* loaded from: input_file:org/apache/cxf/transport/https/HttpsURLConnectionFactory.class */
public final class HttpsURLConnectionFactory implements URLConnectionFactory {
    private static final long serialVersionUID = 1;
    private static final Logger LOG = LogUtils.getL7dLogger(HttpsURLConnectionFactory.class);
    private static final String[] UNSUPPORTED = {"SessionCaching", "SessionCacheKey", "MaxChainLength", "CertValidator", "ProxyHost", "ProxyPort"};
    private static final String[] DERIVATIVE = {"CiphersuiteFilters"};
    SSLClientPolicy sslPolicy;

    public HttpsURLConnectionFactory(SSLClientPolicy sSLClientPolicy) {
        this.sslPolicy = sSLClientPolicy;
    }

    @Override // org.apache.cxf.transport.http.URLConnectionFactory
    public URLConnection createConnection(Proxy proxy, URL url) throws IOException {
        URLConnection openConnection = proxy != null ? url.openConnection(proxy) : url.openConnection();
        if (openConnection instanceof HttpsURLConnection) {
            decorate((HttpsURLConnection) openConnection);
        }
        return openConnection;
    }

    protected void decorate(HttpsURLConnection httpsURLConnection) {
        String keystore = SSLUtils.getKeystore(this.sslPolicy.getKeystore(), LOG);
        String keystoreType = SSLUtils.getKeystoreType(this.sslPolicy.getKeystoreType(), LOG);
        String keystorePassword = SSLUtils.getKeystorePassword(this.sslPolicy.getKeystorePassword(), LOG);
        String keyPassword = SSLUtils.getKeyPassword(this.sslPolicy.getKeyPassword(), LOG);
        String keystoreAlgorithm = SSLUtils.getKeystoreAlgorithm(this.sslPolicy.getKeystoreAlgorithm(), LOG);
        String trustStoreAlgorithm = SSLUtils.getTrustStoreAlgorithm(this.sslPolicy.getTrustStoreAlgorithm(), LOG);
        String trustStore = SSLUtils.getTrustStore(this.sslPolicy.getTrustStore(), LOG);
        String trustStoreType = SSLUtils.getTrustStoreType(this.sslPolicy.getTrustStoreType(), LOG);
        String secureSocketProtocol = SSLUtils.getSecureSocketProtocol(this.sslPolicy.getSecureSocketProtocol(), LOG);
        try {
            SSLContext sSLContext = SSLUtils.getSSLContext(secureSocketProtocol, SSLUtils.getKeyStoreManagers(keystore, keystoreType, keystorePassword, keyPassword, keystoreAlgorithm, secureSocketProtocol, LOG), SSLUtils.getTrustStoreManagers(keystoreType.equalsIgnoreCase("PKCS12"), trustStoreType, trustStore, trustStoreAlgorithm, LOG));
            httpsURLConnection.setSSLSocketFactory(new SSLSocketFactoryWrapper(sSLContext.getSocketFactory(), SSLUtils.getCiphersuites(this.sslPolicy.getCiphersuites(), SSLUtils.getSupportedCipherSuites(sSLContext), this.sslPolicy.getCiphersuiteFilters(), LOG)));
        } catch (Exception e) {
            LogUtils.log(LOG, Level.SEVERE, "SSL_CONTEXT_INIT_FAILURE", e);
        }
        SSLUtils.logUnSupportedPolicies(this.sslPolicy, true, UNSUPPORTED, LOG);
    }

    protected void addLogHandler(Handler handler) {
        LOG.addHandler(handler);
    }

    protected String[] getUnSupported() {
        return UNSUPPORTED;
    }

    protected String[] getDerivative() {
        return DERIVATIVE;
    }
}
