package org.apache.http.nio.conn.ssl;

import java.io.IOException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import org.apache.http.HttpHost;
import org.apache.http.conn.ssl.AllowAllHostnameVerifier;
import org.apache.http.conn.ssl.BrowserCompatHostnameVerifier;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.http.conn.ssl.StrictHostnameVerifier;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.conn.util.PublicSuffixMatcherLoader;
import org.apache.http.nio.conn.SchemeIOSessionStrategy;
import org.apache.http.nio.reactor.IOSession;
import org.apache.http.nio.reactor.ssl.SSLIOSession;
import org.apache.http.nio.reactor.ssl.SSLMode;
import org.apache.http.nio.reactor.ssl.SSLSetupHandler;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.util.Args;
import org.apache.http.util.Asserts;
import org.apache.http.util.TextUtils;

/* loaded from: input_file:elasticsearch-connector-2.0.0.jar:httpasyncclient-4.1.4.jar:org/apache/http/nio/conn/ssl/SSLIOSessionStrategy.class */
public class SSLIOSessionStrategy implements SchemeIOSessionStrategy {

    @Deprecated
    public static final X509HostnameVerifier ALLOW_ALL_HOSTNAME_VERIFIER = new AllowAllHostnameVerifier();

    @Deprecated
    public static final X509HostnameVerifier BROWSER_COMPATIBLE_HOSTNAME_VERIFIER = new BrowserCompatHostnameVerifier();

    @Deprecated
    public static final X509HostnameVerifier STRICT_HOSTNAME_VERIFIER = new StrictHostnameVerifier();
    private final SSLContext sslContext;
    private final String[] supportedProtocols;
    private final String[] supportedCipherSuites;
    private final HostnameVerifier hostnameVerifier;

    private static String[] split(String str) {
        if (TextUtils.isBlank(str)) {
            return null;
        }
        return str.split(" *, *");
    }

    public static HostnameVerifier getDefaultHostnameVerifier() {
        return new DefaultHostnameVerifier(PublicSuffixMatcherLoader.getDefault());
    }

    public static SSLIOSessionStrategy getDefaultStrategy() {
        return new SSLIOSessionStrategy(SSLContexts.createDefault(), getDefaultHostnameVerifier());
    }

    public static SSLIOSessionStrategy getSystemDefaultStrategy() {
        return new SSLIOSessionStrategy(SSLContexts.createSystemDefault(), split(System.getProperty("https.protocols")), split(System.getProperty("https.cipherSuites")), getDefaultHostnameVerifier());
    }

    @Deprecated
    public SSLIOSessionStrategy(SSLContext sSLContext, String[] strArr, String[] strArr2, X509HostnameVerifier x509HostnameVerifier) {
        this(sSLContext, strArr, strArr2, (HostnameVerifier) x509HostnameVerifier);
    }

    @Deprecated
    public SSLIOSessionStrategy(SSLContext sSLContext, X509HostnameVerifier x509HostnameVerifier) {
        this(sSLContext, (String[]) null, (String[]) null, (HostnameVerifier) x509HostnameVerifier);
    }

    public SSLIOSessionStrategy(SSLContext sSLContext, String[] strArr, String[] strArr2, HostnameVerifier hostnameVerifier) {
        this.sslContext = (SSLContext) Args.notNull(sSLContext, "SSL context");
        this.supportedProtocols = strArr;
        this.supportedCipherSuites = strArr2;
        this.hostnameVerifier = hostnameVerifier != null ? hostnameVerifier : getDefaultHostnameVerifier();
    }

    public SSLIOSessionStrategy(SSLContext sSLContext, HostnameVerifier hostnameVerifier) {
        this(sSLContext, (String[]) null, (String[]) null, hostnameVerifier);
    }

    public SSLIOSessionStrategy(SSLContext sSLContext) {
        this(sSLContext, (String[]) null, (String[]) null, getDefaultHostnameVerifier());
    }

    @Override // org.apache.http.nio.conn.SchemeIOSessionStrategy
    public SSLIOSession upgrade(final HttpHost httpHost, IOSession iOSession) throws IOException {
        Asserts.check(!(iOSession instanceof SSLIOSession), "I/O session is already upgraded to TLS/SSL");
        SSLIOSession sSLIOSession = new SSLIOSession(iOSession, SSLMode.CLIENT, httpHost, this.sslContext, new SSLSetupHandler() { // from class: org.apache.http.nio.conn.ssl.SSLIOSessionStrategy.1
            @Override // org.apache.http.nio.reactor.ssl.SSLSetupHandler
            public void initalize(SSLEngine sSLEngine) throws SSLException {
                if (SSLIOSessionStrategy.this.supportedProtocols != null) {
                    sSLEngine.setEnabledProtocols(SSLIOSessionStrategy.this.supportedProtocols);
                }
                if (SSLIOSessionStrategy.this.supportedCipherSuites != null) {
                    sSLEngine.setEnabledCipherSuites(SSLIOSessionStrategy.this.supportedCipherSuites);
                }
                SSLIOSessionStrategy.this.initializeEngine(sSLEngine);
            }

            @Override // org.apache.http.nio.reactor.ssl.SSLSetupHandler
            public void verify(IOSession iOSession2, SSLSession sSLSession) throws SSLException {
                SSLIOSessionStrategy.this.verifySession(httpHost, iOSession2, sSLSession);
            }
        });
        iOSession.setAttribute(SSLIOSession.SESSION_KEY, sSLIOSession);
        sSLIOSession.initialize();
        return sSLIOSession;
    }

    protected void initializeEngine(SSLEngine sSLEngine) {
    }

    protected void verifySession(HttpHost httpHost, IOSession iOSession, SSLSession sSLSession) throws SSLException {
        if (this.hostnameVerifier.verify(httpHost.getHostName(), sSLSession)) {
            return;
        }
        throw new SSLPeerUnverifiedException("Host name '" + httpHost.getHostName() + "' does not match the certificate subject provided by the peer (" + ((X509Certificate) sSLSession.getPeerCertificates()[0]).getSubjectX500Principal().toString() + ")");
    }

    @Override // org.apache.http.nio.conn.SchemeIOSessionStrategy
    public boolean isLayeringRequired() {
        return true;
    }
}
