package amazon.fws.clicommando.security;

import amazon.fws.clicommando.exceptions.InternalErrorException;
import amazon.fws.clicommando.processors.service.ServiceCallConfig;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ssl.StrictHostnameVerifier;

/* loaded from: input_file:amazon/fws/clicommando/security/VerifyHostnameAgainstCertificate.class */
public final class VerifyHostnameAgainstCertificate {

    /* loaded from: input_file:amazon/fws/clicommando/security/VerifyHostnameAgainstCertificate$VerifyHostnameTrustManager.class */
    private static class VerifyHostnameTrustManager implements X509TrustManager {
        private ServiceCallConfig config;

        public VerifyHostnameTrustManager(ServiceCallConfig serviceCallConfig) {
            this.config = serviceCallConfig;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            try {
                checkServerTrustedUsingSystemDefaultTrustManagers(x509CertificateArr, str);
                StrictHostnameVerifier strictHostnameVerifier = new StrictHostnameVerifier();
                URL url = new URL(this.config.getServiceUrl());
                try {
                    strictHostnameVerifier.verify(url.getHost(), x509CertificateArr[0]);
                } catch (SSLException e) {
                    throw new CertificateException("Unable to match the service hostname (" + url.getHost() + ") with the certificate returned by the server.");
                }
            } catch (MalformedURLException e2) {
                throw new CertificateException("Couldn't parse the service URL for some reason.");
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }

        private void checkServerTrustedUsingSystemDefaultTrustManagers(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
                if (trustManagerFactory == null) {
                    trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                }
                trustManagerFactory.init((KeyStore) null);
                getOnlyX509TrustManager(trustManagerFactory.getTrustManagers()).checkServerTrusted(x509CertificateArr, str);
            } catch (KeyStoreException e) {
                throw new CertificateException("Unable to set up the TrustManagerFactory.");
            } catch (NoSuchAlgorithmException e2) {
                throw new CertificateException("Unable to set up the TrustManagerFactory.");
            }
        }

        private X509TrustManager getOnlyX509TrustManager(TrustManager[] trustManagerArr) throws CertificateException {
            X509TrustManager x509TrustManager = null;
            for (TrustManager trustManager : trustManagerArr) {
                if (trustManager instanceof X509TrustManager) {
                    if (x509TrustManager != null) {
                        throw new CertificateException("Found more than one X509TrustManager, don't know which to trust.");
                    }
                    x509TrustManager = (X509TrustManager) trustManager;
                }
            }
            if (x509TrustManager == null) {
                throw new CertificateException("Didn't find an X509TrustManager, assuming nothing can be trusted.");
            }
            return x509TrustManager;
        }
    }

    public static void setHttpsTrustManager(boolean z, ServiceCallConfig serviceCallConfig) {
        TrustManager[] trustManagerArr = null;
        if (z) {
            trustManagerArr = new TrustManager[]{new VerifyHostnameTrustManager(serviceCallConfig)};
        }
        try {
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            SSLContext.setDefault(sSLContext);
        } catch (GeneralSecurityException e) {
            throw new InternalErrorException("In creating hostname verifier trust manager", e);
        }
    }
}
