package com.unboundid.util.ssl.cert;

import com.unboundid.asn1.ASN1StreamReader;
import com.unboundid.ldap.protocol.ExtendedRequestProtocolOp;
import com.unboundid.ldap.protocol.ExtendedResponseProtocolOp;
import com.unboundid.ldap.protocol.LDAPMessage;
import com.unboundid.ldap.sdk.Control;
import com.unboundid.ldap.sdk.ExtendedResult;
import com.unboundid.ldap.sdk.LDAPConnectionOptions;
import com.unboundid.ldap.sdk.LDAPResult;
import com.unboundid.ldap.sdk.ResultCode;
import com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest;
import com.unboundid.ldap.sdk.unboundidds.tools.ResultUtils;
import com.unboundid.util.Debug;
import com.unboundid.util.NotNull;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import com.unboundid.util.ssl.SSLUtil;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.security.cert.CertificateException;
import java.util.Iterator;
import java.util.concurrent.LinkedBlockingQueue;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.lang.time.DateUtils;

@ThreadSafety(level = ThreadSafetyLevel.NOT_THREADSAFE)
/* loaded from: input_file:lib/unboundid-ldapsdk-6.0.11.jar:com/unboundid/util/ssl/cert/ManageCertificatesServerCertificateCollector.class */
final class ManageCertificatesServerCertificateCollector extends Thread implements X509TrustManager {
    private static final int WRAP_COLUMN = StaticUtils.TERMINAL_WIDTH_COLUMNS - 1;

    @NotNull
    private static final java.security.cert.X509Certificate[] NO_CERTIFICATES = new java.security.cert.X509Certificate[0];
    private volatile boolean gotCertificateChain;
    private final boolean useLDAPStartTLS;
    private final boolean verbose;
    private final int port;

    @NotNull
    private final LinkedBlockingQueue<Object> queue;

    @NotNull
    private final ManageCertificates manageCertificates;

    @NotNull
    private final String hostname;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ManageCertificatesServerCertificateCollector(@NotNull ManageCertificates manageCertificates, @NotNull String str, int i, boolean z, boolean z2, @NotNull LinkedBlockingQueue<Object> linkedBlockingQueue) {
        setName("ManageCertificatesServerCertificateCollector background thread for " + str + ':' + i);
        setDaemon(true);
        this.manageCertificates = manageCertificates;
        this.hostname = str;
        this.port = i;
        this.useLDAPStartTLS = z;
        this.verbose = z2;
        this.queue = linkedBlockingQueue;
        this.gotCertificateChain = false;
    }

    @Override // java.lang.Thread, java.lang.Runnable
    public void run() {
        String str = this.hostname + ':' + this.port;
        if (this.verbose) {
            this.manageCertificates.wrapOut(0, WRAP_COLUMN, CertMessages.INFO_MANAGE_CERTS_CERT_COLLECTOR_CONNECTING.get(str));
        }
        try {
            Socket socket = new Socket();
            socket.connect(new InetSocketAddress(LDAPConnectionOptions.DEFAULT_NAME_RESOLVER.getByName(this.hostname), this.port), 60000);
            if (this.verbose) {
                this.manageCertificates.wrapOut(0, WRAP_COLUMN, CertMessages.INFO_MANAGE_CERTS_CERT_COLLECTOR_CONNECTED.get());
            }
            try {
                if (this.useLDAPStartTLS) {
                    if (this.verbose) {
                        this.manageCertificates.out(new Object[0]);
                        this.manageCertificates.wrapOut(0, WRAP_COLUMN, CertMessages.INFO_MANAGE_CERTS_CERT_COLLECTOR_SENDING_START_TLS.get());
                    }
                    LDAPMessage lDAPMessage = new LDAPMessage(1, new ExtendedRequestProtocolOp(StartTLSExtendedRequest.STARTTLS_REQUEST_OID, null), new Control[0]);
                    try {
                        socket.getOutputStream().write(lDAPMessage.encode().encode());
                        socket.getOutputStream().flush();
                        LDAPMessage readFrom = LDAPMessage.readFrom(new ASN1StreamReader(socket.getInputStream()), true);
                        if (readFrom == null) {
                            String str2 = CertMessages.ERR_MANAGE_CERTS_CERT_COLLECTOR_START_TLS_FAILED.get();
                            this.manageCertificates.wrapErr(0, WRAP_COLUMN, str2);
                            this.queue.offer(new CertException(str2));
                            try {
                                socket.close();
                                return;
                            } catch (Exception e) {
                                Debug.debugException(e);
                                return;
                            }
                        }
                        ExtendedResponseProtocolOp extendedResponseProtocolOp = readFrom.getExtendedResponseProtocolOp();
                        if (extendedResponseProtocolOp.getResultCode() != 0) {
                            String str3 = CertMessages.ERR_MANAGE_CERTS_CERT_COLLECTOR_START_TLS_FAILED.get();
                            this.manageCertificates.wrapErr(0, WRAP_COLUMN, str3);
                            Iterator<String> it = ResultUtils.formatResult((LDAPResult) new ExtendedResult(lDAPMessage.getMessageID(), ResultCode.valueOf(extendedResponseProtocolOp.getResultCode()), extendedResponseProtocolOp.getDiagnosticMessage(), extendedResponseProtocolOp.getMatchedDN(), (String[]) extendedResponseProtocolOp.getReferralURLs().toArray(StaticUtils.NO_STRINGS), extendedResponseProtocolOp.getResponseOID(), extendedResponseProtocolOp.getResponseValue(), (Control[]) readFrom.getControls().toArray(StaticUtils.NO_CONTROLS)), false, 0, WRAP_COLUMN).iterator();
                            while (it.hasNext()) {
                                this.manageCertificates.err(it.next());
                            }
                            this.queue.offer(new CertException(str3));
                            try {
                                socket.close();
                                return;
                            } catch (Exception e2) {
                                Debug.debugException(e2);
                                return;
                            }
                        }
                        if (this.verbose) {
                            this.manageCertificates.wrapOut(0, WRAP_COLUMN, CertMessages.INFO_MANAGE_CERTS_CERT_COLLECTOR_START_TLS_SUCCESSFUL.get());
                        }
                    } catch (Exception e3) {
                        String str4 = CertMessages.ERR_MANAGE_CERTS_CERT_COLLECTOR_START_TLS_FAILED.get();
                        this.manageCertificates.wrapErr(0, WRAP_COLUMN, str4);
                        e3.printStackTrace(this.manageCertificates.getErr());
                        this.queue.offer(new CertException(str4));
                        try {
                            socket.close();
                            return;
                        } catch (Exception e4) {
                            Debug.debugException(e4);
                            return;
                        }
                    }
                }
                try {
                    if (this.verbose) {
                        this.manageCertificates.out(new Object[0]);
                        this.manageCertificates.wrapOut(0, WRAP_COLUMN, CertMessages.INFO_MANAGE_CERTS_CERT_COLLECTOR_BEGINNING_TLS_NEGOTIATION.get());
                    }
                    SSLSocket sSLSocket = (SSLSocket) new SSLUtil(this).createSSLSocketFactory().createSocket(socket, this.hostname, this.port, true);
                    sSLSocket.startHandshake();
                    sSLSocket.setSoTimeout(1000);
                    try {
                        long currentTimeMillis = System.currentTimeMillis() + DateUtils.MILLIS_PER_MINUTE;
                        while (System.currentTimeMillis() < currentTimeMillis && !this.gotCertificateChain) {
                            try {
                            } catch (Exception e5) {
                                Debug.debugException(e5);
                            }
                            if (sSLSocket.getInputStream().read() < 0 && this.gotCertificateChain) {
                                try {
                                    socket.close();
                                    return;
                                } catch (Exception e6) {
                                    Debug.debugException(e6);
                                    return;
                                }
                            }
                        }
                        if (!this.gotCertificateChain) {
                            String str5 = CertMessages.ERR_MANAGE_CERTS_CERT_COLLECTOR_NO_CERT_CHAIN_RECEIVED.get(str);
                            this.manageCertificates.wrapErr(0, WRAP_COLUMN, str5);
                            this.queue.offer(new CertException(str5));
                            try {
                                sSLSocket.close();
                            } catch (Exception e7) {
                                Debug.debugException(e7);
                            }
                            try {
                                socket.close();
                                return;
                            } catch (Exception e8) {
                                Debug.debugException(e8);
                                return;
                            }
                        }
                        if (this.verbose) {
                            SSLSession session = sSLSocket.getSession();
                            String protocol = session.getProtocol();
                            if (protocol != null) {
                                this.manageCertificates.wrapOut(0, WRAP_COLUMN, CertMessages.INFO_MANAGE_CERTS_CERT_COLLECTOR_NEGOTIATED_TLS_PROTOCOL.get(protocol));
                            }
                            String cipherSuite = session.getCipherSuite();
                            if (cipherSuite != null) {
                                this.manageCertificates.wrapOut(0, WRAP_COLUMN, CertMessages.INFO_MANAGE_CERTS_CERT_COLLECTOR_NEGOTIATED_TLS_SUITE.get(cipherSuite));
                            }
                        }
                        try {
                            sSLSocket.close();
                        } catch (Exception e9) {
                            Debug.debugException(e9);
                        }
                        try {
                            return;
                        } catch (Exception e10) {
                            return;
                        }
                    } finally {
                        try {
                            sSLSocket.close();
                        } catch (Exception e11) {
                            Debug.debugException(e11);
                        }
                    }
                } catch (Exception e12) {
                    Debug.debugException(e12);
                    String str6 = CertMessages.ERR_MANAGE_CERTS_CERT_COLLECTOR_ERROR_STARTING_TLS_NEGOTIATION.get();
                    this.manageCertificates.wrapErr(0, WRAP_COLUMN, str6);
                    e12.printStackTrace(this.manageCertificates.getErr());
                    this.queue.offer(new CertException(str6, e12));
                    try {
                        socket.close();
                        return;
                    } catch (Exception e13) {
                        Debug.debugException(e13);
                        return;
                    }
                }
            } finally {
            }
            try {
                socket.close();
            } catch (Exception e102) {
                Debug.debugException(e102);
            }
        } catch (Exception e14) {
            Debug.debugException(e14);
            String str7 = CertMessages.ERR_MANAGE_CERTS_CERT_COLLECTOR_CONNECT_FAILED.get(str);
            this.manageCertificates.err(new Object[0]);
            this.manageCertificates.wrapErr(0, WRAP_COLUMN, str7);
            e14.printStackTrace(this.manageCertificates.getErr());
            this.queue.offer(new CertException(str7, e14));
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(@NotNull java.security.cert.X509Certificate[] x509CertificateArr, @NotNull String str) throws CertificateException {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(@NotNull java.security.cert.X509Certificate[] x509CertificateArr, @NotNull String str) throws CertificateException {
        try {
            X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
            for (int i = 0; i < x509CertificateArr.length; i++) {
                x509CertificateArr2[i] = new X509Certificate(x509CertificateArr[i].getEncoded());
            }
            if (this.verbose) {
                this.manageCertificates.wrapOut(0, WRAP_COLUMN, CertMessages.INFO_MANAGE_CERTS_CERT_COLLECTOR_GOT_CERT_CHAIN.get());
            }
            this.queue.offer(x509CertificateArr2);
            this.gotCertificateChain = true;
        } catch (CertException e) {
            Debug.debugException(e);
            String str2 = CertMessages.ERR_MANAGE_CERTS_CERT_COLLECTOR_ERROR_PARSING_CERT_CHAIN.get(this.hostname + ':' + this.port) + ":   " + e.getMessage();
            this.manageCertificates.wrapErr(0, WRAP_COLUMN, str2);
            for (java.security.cert.X509Certificate x509Certificate : x509CertificateArr) {
                this.manageCertificates.err(x509Certificate);
            }
            this.queue.offer(new CertException(str2, e.getCause()));
            this.gotCertificateChain = true;
        } catch (Exception e2) {
            Debug.debugException(e2);
            String str3 = CertMessages.ERR_MANAGE_CERTS_CERT_COLLECTOR_ERROR_PARSING_CERT_CHAIN.get(this.hostname + ':' + this.port);
            this.manageCertificates.wrapErr(0, WRAP_COLUMN, str3);
            e2.printStackTrace(this.manageCertificates.getErr());
            this.queue.offer(new CertException(str3, e2));
            this.gotCertificateChain = true;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    @NotNull
    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
        return NO_CERTIFICATES;
    }
}
