package org.apache.jmeter.util;

import java.net.HttpURLConnection;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import jodd.util.StringPool;
import org.apache.commons.httpclient.protocol.Protocol;
import org.apache.commons.httpclient.protocol.ProtocolSocketFactory;
import org.apache.jmeter.util.keystore.JmeterKeyStore;
import org.apache.jorphan.logging.LoggingManager;
import org.apache.log.Logger;

/* loaded from: input_file:initiatorTemplates/CloudStore/Documentation/jmeter.zip:jmeter/lib/ext/ApacheJMeter_core.jar:org/apache/jmeter/util/JsseSSLManager.class */
public class JsseSSLManager extends SSLManager {
    private static final String HTTPS = "https";
    private SecureRandom rand;
    private Provider pro = null;
    private SSLContext defaultContext;
    private ThreadLocal<SSLContext> threadlocal;
    private static final Logger log = LoggingManager.getLoggerForClass();
    private static final String DEFAULT_SSL_PROTOCOL = JMeterUtils.getPropDefault("https.default.protocol", "TLS");
    private static final boolean SHARED_SESSION_CONTEXT = JMeterUtils.getPropDefault("https.sessioncontext.shared", false);
    public static final int CPS = JMeterUtils.getPropDefault("httpclient.socket.https.cps", 0);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:initiatorTemplates/CloudStore/Documentation/jmeter.zip:jmeter/lib/ext/ApacheJMeter_core.jar:org/apache/jmeter/util/JsseSSLManager$WrappedX509KeyManager.class */
    public static class WrappedX509KeyManager implements X509KeyManager {
        private final X509KeyManager manager;
        private final JmeterKeyStore store;

        public WrappedX509KeyManager(X509KeyManager x509KeyManager, JmeterKeyStore jmeterKeyStore) {
            this.manager = x509KeyManager;
            this.store = jmeterKeyStore;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            JsseSSLManager.log.debug("WrappedX509Manager: getClientAliases: ");
            return this.store.getClientAliases(str, principalArr);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            JsseSSLManager.log.debug("WrappedX509Manager: getServerAliases: ");
            return this.manager.getServerAliases(str, principalArr);
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            JsseSSLManager.log.debug("WrappedX509Manager: getCertificateChain(" + str + StringPool.RIGHT_BRACKET);
            return this.store.getCertificateChain(str);
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            PrivateKey privateKey = this.store.getPrivateKey(str);
            JsseSSLManager.log.debug("WrappedX509Manager: getPrivateKey: " + privateKey);
            return privateKey;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            if (JsseSSLManager.log.isDebugEnabled()) {
                JsseSSLManager.log.debug("keyType: " + strArr[0]);
            }
            String alias = this.store.getAlias();
            if (JsseSSLManager.log.isDebugEnabled()) {
                JsseSSLManager.log.debug("Client alias:'" + alias + "'");
            }
            return alias;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            return this.manager.chooseServerAlias(str, principalArr, socket);
        }
    }

    public JsseSSLManager(Provider provider) {
        log.debug("ssl Provider =  " + provider);
        setProvider(provider);
        if (null == this.rand) {
            this.rand = new SecureRandom();
        }
        try {
            if (SHARED_SESSION_CONTEXT) {
                log.debug("Creating shared context");
                this.defaultContext = createContext();
            } else {
                this.threadlocal = new ThreadLocal<>();
            }
            HttpsURLConnection.setDefaultSSLSocketFactory(new HttpSSLProtocolSocketFactory(this, CPS));
            HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { // from class: org.apache.jmeter.util.JsseSSLManager.1
                @Override // javax.net.ssl.HostnameVerifier
                public boolean verify(String str, SSLSession sSLSession) {
                    return true;
                }
            });
            Protocol.registerProtocol("https", new Protocol("https", (ProtocolSocketFactory) new HttpSSLProtocolSocketFactory(this, CPS), 443));
            log.debug("SSL stuff all set");
        } catch (GeneralSecurityException e) {
            log.error("Could not set up SSLContext", e);
        }
        log.debug("JsseSSLManager installed");
    }

    @Override // org.apache.jmeter.util.SSLManager
    public void setContext(HttpURLConnection httpURLConnection) {
        if (httpURLConnection instanceof HttpsURLConnection) {
            return;
        }
        log.warn("Unexpected HttpURLConnection class: " + httpURLConnection.getClass().getName());
    }

    @Override // org.apache.jmeter.util.SSLManager
    protected final void setProvider(Provider provider) {
        super.setProvider(provider);
        if (null == this.pro) {
            this.pro = provider;
        }
    }

    public SSLContext getContext() throws GeneralSecurityException {
        if (SHARED_SESSION_CONTEXT) {
            if (log.isDebugEnabled()) {
                log.debug("Using shared SSL context for: " + Thread.currentThread().getName());
            }
            return this.defaultContext;
        }
        SSLContext sSLContext = this.threadlocal.get();
        if (sSLContext == null) {
            if (log.isDebugEnabled()) {
                log.debug("Creating threadLocal SSL context for: " + Thread.currentThread().getName());
            }
            sSLContext = createContext();
            this.threadlocal.set(sSLContext);
        }
        if (log.isDebugEnabled()) {
            log.debug("Using threadLocal SSL context for: " + Thread.currentThread().getName());
        }
        return sSLContext;
    }

    public void resetContext() {
        if (SHARED_SESSION_CONTEXT) {
            return;
        }
        log.debug("Clearing session context for current thread");
        this.threadlocal.set(null);
    }

    private SSLContext createContext() throws GeneralSecurityException {
        SSLContext sSLContext = this.pro != null ? SSLContext.getInstance(DEFAULT_SSL_PROTOCOL, this.pro) : SSLContext.getInstance(DEFAULT_SSL_PROTOCOL);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        JmeterKeyStore keyStore = getKeyStore();
        keyManagerFactory.init(null, this.defaultpw == null ? new char[0] : this.defaultpw.toCharArray());
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        KeyManager[] keyManagerArr = new KeyManager[keyManagers.length];
        log.debug(keyStore.getClass().toString());
        for (int i = 0; i < keyManagers.length; i++) {
            if (keyManagers[i] instanceof X509KeyManager) {
                keyManagerArr[i] = new WrappedX509KeyManager((X509KeyManager) keyManagers[i], keyStore);
            } else {
                keyManagerArr[i] = keyManagers[i];
            }
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(getTrustStore());
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        for (int i2 = 0; i2 < trustManagers.length; i2++) {
            if (trustManagers[i2] instanceof X509TrustManager) {
                trustManagers[i2] = new CustomX509TrustManager((X509TrustManager) trustManagers[i2]);
            }
        }
        sSLContext.init(keyManagerArr, trustManagers, this.rand);
        if (log.isDebugEnabled()) {
            String[] defaultCipherSuites = sSLContext.getSocketFactory().getDefaultCipherSuites();
            String[] supportedCipherSuites = sSLContext.getSocketFactory().getSupportedCipherSuites();
            int length = defaultCipherSuites.length > supportedCipherSuites.length ? defaultCipherSuites.length : supportedCipherSuites.length;
            for (int i3 = 0; i3 < length; i3++) {
                if (i3 < defaultCipherSuites.length) {
                    log.debug("Default Cipher: " + defaultCipherSuites[i3]);
                }
                if (i3 < supportedCipherSuites.length) {
                    log.debug("Supported Cipher: " + supportedCipherSuites[i3]);
                }
            }
        }
        return sSLContext;
    }

    static {
        log.info("Using default SSL protocol: " + DEFAULT_SSL_PROTOCOL);
        log.info("SSL session context: " + (SHARED_SESSION_CONTEXT ? "shared" : "per-thread"));
        if (CPS > 0) {
            log.info("Setting up HTTPS SlowProtocol, cps=" + CPS);
        }
    }
}
