package org.owasp.proxy.ssl;

import flex.messaging.log.LogCategories;
import java.net.InetSocketAddress;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:lib/proxy-1.1-SNAPSHOT.jar:org/owasp/proxy/ssl/DefaultClientContextSelector.class */
public class DefaultClientContextSelector implements SSLContextSelector {
    private X509TrustManager trustManager;
    private Map<String, SSLContext> contextMap = new LinkedHashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/proxy-1.1-SNAPSHOT.jar:org/owasp/proxy/ssl/DefaultClientContextSelector$LoggingTrustManager.class */
    public static class LoggingTrustManager implements X509TrustManager {
        private X509TrustManager trustManager;
        private HashMap<X509Certificate, X509Certificate[]> trusted = new HashMap<>();
        private HashMap<X509Certificate, X509Certificate[]> untrusted = new HashMap<>();

        public LoggingTrustManager(X509TrustManager x509TrustManager) {
            this.trustManager = x509TrustManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.trustManager.getAcceptedIssuers();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            if (this.trusted.containsKey(x509CertificateArr[0]) || this.untrusted.containsKey(x509CertificateArr[0])) {
                return;
            }
            String name = x509CertificateArr[0].getSubjectX500Principal().getName();
            try {
                this.trustManager.checkClientTrusted(x509CertificateArr, str);
                this.trusted.put(x509CertificateArr[0], x509CertificateArr);
            } catch (CertificateException e) {
                this.untrusted.put(x509CertificateArr[0], x509CertificateArr);
                System.err.printf("Untrusted client certificate for %s", name);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            if (this.trusted.containsKey(x509CertificateArr[0]) || this.untrusted.containsKey(x509CertificateArr[0])) {
                return;
            }
            String name = x509CertificateArr[0].getSubjectX500Principal().getName();
            try {
                this.trustManager.checkClientTrusted(x509CertificateArr, str);
                this.trusted.put(x509CertificateArr[0], x509CertificateArr);
            } catch (CertificateException e) {
                this.untrusted.put(x509CertificateArr[0], x509CertificateArr);
                System.err.printf("Untrusted server certificate for %s", name);
            }
        }
    }

    public DefaultClientContextSelector() {
        initTrustManager();
    }

    @Override // org.owasp.proxy.ssl.SSLContextSelector
    public SSLContext select(InetSocketAddress inetSocketAddress) {
        String hostName = inetSocketAddress.getHostName();
        SSLContext sSLContext = this.contextMap.get(hostName);
        if (sSLContext != null) {
            return sSLContext;
        }
        try {
            sSLContext = SSLContext.getInstance(LogCategories.SSL);
            sSLContext.init(null, new TrustManager[]{getTrustManager()}, new SecureRandom());
            this.contextMap.put(hostName, sSLContext);
        } catch (KeyManagementException e) {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
        }
        return sSLContext;
    }

    public void setTrustManager(X509TrustManager x509TrustManager) {
        this.trustManager = x509TrustManager;
    }

    private void initTrustManager() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            X509TrustManager x509TrustManager = null;
            int i = 0;
            while (true) {
                if (i >= trustManagers.length) {
                    break;
                }
                if (trustManagers[i] instanceof X509TrustManager) {
                    x509TrustManager = new LoggingTrustManager((X509TrustManager) trustManagers[i]);
                    break;
                }
                i++;
            }
            if (x509TrustManager == null) {
                x509TrustManager = new X509TrustManager() { // from class: org.owasp.proxy.ssl.DefaultClientContextSelector.1
                    @Override // javax.net.ssl.X509TrustManager
                    public X509Certificate[] getAcceptedIssuers() {
                        return null;
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
                    }
                };
            }
            this.trustManager = x509TrustManager;
        } catch (KeyStoreException e) {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
        }
    }

    public X509TrustManager getTrustManager() {
        return this.trustManager;
    }
}
