package dk.netarkivet.common.distribute;

import dk.netarkivet.common.distribute.HTTPRemoteFileRegistry;
import dk.netarkivet.common.exceptions.IOFailure;
import dk.netarkivet.common.utils.Settings;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.URL;
import java.net.URLConnection;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManagerFactory;
import org.apache.commons.io.IOUtils;
import org.mortbay.jetty.Server;
import org.mortbay.jetty.security.SslSocketConnector;

/* loaded from: input_file:dk/netarkivet/common/distribute/HTTPSRemoteFileRegistry.class */
public class HTTPSRemoteFileRegistry extends HTTPRemoteFileRegistry {
    private static final String SUN_JCEKS_KEYSTORE_TYPE = "JCEKS";
    private static final String SUN_X509_CERTIFICATE_ALGORITHM = "SunX509";
    private static final String SSL_PROTOCOL = "SSL";
    private static final String SHA1_PRNG_RANDOM_ALGORITHM = "SHA1PRNG";
    private static final String PROTOCOL = "https";
    private static final HostnameVerifier ACCEPTING_HOSTNAME_VERIFIER = new HostnameVerifier() { // from class: dk.netarkivet.common.distribute.HTTPSRemoteFileRegistry.1
        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            return true;
        }
    };
    private static final String KEYSTORE_PATH = Settings.get(HTTPSRemoteFile.HTTPSREMOTEFILE_KEYSTORE_FILE);
    private static final String KEYSTORE_PASSWORD = Settings.get(HTTPSRemoteFile.HTTPSREMOTEFILE_KEYSTORE_PASSWORD);
    private static final String KEY_PASSWORD = Settings.get(HTTPSRemoteFile.HTTPSREMOTEFILE_KEY_PASSWORD);
    private final SSLContext sslContext;

    private HTTPSRemoteFileRegistry() {
        FileInputStream fileInputStream = null;
        try {
            try {
                fileInputStream = new FileInputStream(KEYSTORE_PATH);
                KeyStore keyStore = KeyStore.getInstance(SUN_JCEKS_KEYSTORE_TYPE);
                keyStore.load(fileInputStream, KEYSTORE_PASSWORD.toCharArray());
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(SUN_X509_CERTIFICATE_ALGORITHM);
                keyManagerFactory.init(keyStore, KEY_PASSWORD.toCharArray());
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(SUN_X509_CERTIFICATE_ALGORITHM);
                trustManagerFactory.init(keyStore);
                this.sslContext = SSLContext.getInstance(SSL_PROTOCOL);
                this.sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), SecureRandom.getInstance(SHA1_PRNG_RANDOM_ALGORITHM));
                IOUtils.closeQuietly(fileInputStream);
            } catch (IOException | GeneralSecurityException e) {
                throw new IOFailure("Unable to create secure environment for keystore '" + KEYSTORE_PATH + "'", e);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(fileInputStream);
            throw th;
        }
    }

    public static synchronized HTTPRemoteFileRegistry getInstance() {
        HTTPRemoteFileRegistry hTTPRemoteFileRegistry;
        synchronized (HTTPRemoteFile.class) {
            if (instance == null) {
                instance = new HTTPSRemoteFileRegistry();
            }
            hTTPRemoteFileRegistry = instance;
        }
        return hTTPRemoteFileRegistry;
    }

    @Override // dk.netarkivet.common.distribute.HTTPRemoteFileRegistry
    protected String getProtocol() {
        return PROTOCOL;
    }

    @Override // dk.netarkivet.common.distribute.HTTPRemoteFileRegistry
    protected void startServer() {
        this.server = new Server();
        SslSocketConnector sslSocketConnector = new SslSocketConnector();
        sslSocketConnector.setKeystore(KEYSTORE_PATH);
        sslSocketConnector.setPassword(KEYSTORE_PASSWORD);
        sslSocketConnector.setKeyPassword(KEY_PASSWORD);
        sslSocketConnector.setTruststore(KEYSTORE_PATH);
        sslSocketConnector.setTrustPassword(KEYSTORE_PASSWORD);
        sslSocketConnector.setNeedClientAuth(true);
        sslSocketConnector.setPort(this.port);
        this.server.addConnector(sslSocketConnector);
        this.server.addHandler(new HTTPRemoteFileRegistry.HTTPRemoteFileRegistryHandler());
        try {
            this.server.start();
        } catch (Exception e) {
            throw new IOFailure("Cannot start HTTPSRemoteFile registry", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // dk.netarkivet.common.distribute.HTTPRemoteFileRegistry
    public URLConnection openConnection(URL url) throws IOException {
        URLConnection openConnection = url.openConnection();
        if (!(openConnection instanceof HttpsURLConnection)) {
            throw new IOFailure("Not a secure URL to remote file: " + url);
        }
        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) openConnection;
        httpsURLConnection.setSSLSocketFactory(this.sslContext.getSocketFactory());
        httpsURLConnection.setHostnameVerifier(ACCEPTING_HOSTNAME_VERIFIER);
        return httpsURLConnection;
    }
}
