package org.apache.cxf.transport.https;

import java.io.IOException;
import java.lang.reflect.Constructor;
import java.lang.reflect.Method;
import java.net.HttpURLConnection;
import java.net.Proxy;
import java.net.URL;
import java.security.AccessController;
import java.security.GeneralSecurityException;
import java.security.PrivilegedAction;
import java.util.logging.Handler;
import java.util.logging.Logger;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.ReflectionInvokationHandler;
import org.apache.cxf.common.util.ReflectionUtil;
import org.apache.cxf.configuration.jsse.TLSClientParameters;

/* loaded from: input_file:BOOT-INF/lib/cxf-rt-transports-http-3.3.6.fuse-790049-redhat-00001.jar:org/apache/cxf/transport/https/HttpsURLConnectionFactory.class */
public class HttpsURLConnectionFactory {
    public static final String HTTPS_URL_PROTOCOL_ID = "https";
    private static final Logger LOG = LogUtils.getL7dLogger(HttpsURLConnectionFactory.class);
    private static boolean weblogicWarned;
    SSLSocketFactory socketFactory;
    int lastTlsHash;

    public HttpURLConnection createConnection(TLSClientParameters tLSClientParameters, Proxy proxy, URL url) throws IOException {
        HttpURLConnection httpURLConnection = (HttpURLConnection) (proxy != null ? url.openConnection(proxy) : url.openConnection());
        if ("https".equals(url.getProtocol())) {
            if (tLSClientParameters == null) {
                tLSClientParameters = new TLSClientParameters();
            }
            try {
                decorateWithTLS(tLSClientParameters, httpURLConnection);
            } catch (Throwable th) {
                throw new IOException("Error while initializing secure socket", th);
            }
        }
        return httpURLConnection;
    }

    protected synchronized void decorateWithTLS(TLSClientParameters tLSClientParameters, HttpURLConnection httpURLConnection) throws GeneralSecurityException {
        int hashCode = tLSClientParameters.hashCode();
        if (hashCode != this.lastTlsHash) {
            this.lastTlsHash = hashCode;
            this.socketFactory = null;
        }
        if (tLSClientParameters.isUseHttpsURLConnectionDefaultSslSocketFactory()) {
            this.socketFactory = HttpsURLConnection.getDefaultSSLSocketFactory();
        } else if (tLSClientParameters.getSSLSocketFactory() != null) {
            this.socketFactory = tLSClientParameters.getSSLSocketFactory();
        } else if (this.socketFactory == null) {
            SSLContext sslContext = tLSClientParameters.getSslContext() != null ? tLSClientParameters.getSslContext() : SSLUtils.getSSLContext(tLSClientParameters);
            this.socketFactory = new SSLSocketFactoryWrapper(sslContext.getSocketFactory(), org.apache.cxf.configuration.jsse.SSLUtils.getCiphersuitesToInclude(tLSClientParameters.getCipherSuites(), tLSClientParameters.getCipherSuitesFilter(), sslContext.getSocketFactory().getDefaultCipherSuites(), org.apache.cxf.configuration.jsse.SSLUtils.getSupportedCipherSuites(sslContext), LOG), tLSClientParameters.getSecureSocketProtocol() != null ? tLSClientParameters.getSecureSocketProtocol() : sslContext.getProtocol());
            this.lastTlsHash = tLSClientParameters.hashCode();
        }
        HostnameVerifier hostnameVerifier = SSLUtils.getHostnameVerifier(tLSClientParameters);
        if (httpURLConnection instanceof HttpsURLConnection) {
            final HttpsURLConnection httpsURLConnection = (HttpsURLConnection) httpURLConnection;
            httpsURLConnection.setHostnameVerifier(hostnameVerifier);
            AccessController.doPrivileged(new PrivilegedAction<Void>() { // from class: org.apache.cxf.transport.https.HttpsURLConnectionFactory.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Void run() {
                    httpsURLConnection.setSSLSocketFactory(HttpsURLConnectionFactory.this.socketFactory);
                    return null;
                }
            });
            return;
        }
        try {
            Method method = httpURLConnection.getClass().getMethod("getHostnameVerifier", new Class[0]);
            httpURLConnection.getClass().getMethod("setHostnameVerifier", method.getReturnType()).invoke(httpURLConnection, java.lang.reflect.Proxy.newProxyInstance(getClass().getClassLoader(), new Class[]{method.getReturnType()}, new ReflectionInvokationHandler(hostnameVerifier) { // from class: org.apache.cxf.transport.https.HttpsURLConnectionFactory.2
                @Override // org.apache.cxf.common.util.ReflectionInvokationHandler, java.lang.reflect.InvocationHandler
                public Object invoke(Object obj, Method method2, Object[] objArr) throws Throwable {
                    try {
                        return super.invoke(obj, method2, objArr);
                    } catch (Exception e) {
                        return false;
                    }
                }
            }));
        } catch (Exception e) {
        }
        try {
            Method method2 = httpURLConnection.getClass().getMethod("getSSLSocketFactory", new Class[0]);
            Method method3 = httpURLConnection.getClass().getMethod("setSSLSocketFactory", method2.getReturnType());
            if (method2.getReturnType().isInstance(this.socketFactory)) {
                method3.invoke(httpURLConnection, this.socketFactory);
            } else {
                Constructor<?> declaredConstructor = method2.getReturnType().getDeclaredConstructor(SSLSocketFactory.class);
                ReflectionUtil.setAccessible(declaredConstructor);
                method3.invoke(httpURLConnection, declaredConstructor.newInstance(this.socketFactory));
            }
        } catch (Exception e2) {
            if (!httpURLConnection.getClass().getName().contains("weblogic")) {
                throw new IllegalArgumentException("Error decorating connection class " + httpURLConnection.getClass().getName(), e2);
            }
            if (weblogicWarned) {
                return;
            }
            weblogicWarned = true;
            LOG.warning("Could not configure SSLSocketFactory on Weblogic.   Use the Weblogic control panel to configure the SSL settings.");
        }
    }

    protected void addLogHandler(Handler handler) {
        LOG.addHandler(handler);
    }
}
