package org.opcfoundation.ua.transport.https;

import java.io.IOException;
import java.nio.charset.Charset;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Timer;
import java.util.TimerTask;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.Executor;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.PoolingClientConnectionManager;
import org.apache.http.params.BasicHttpParams;
import org.apache.http.params.HttpConnectionParams;
import org.opcfoundation.ua.builtintypes.ServiceRequest;
import org.opcfoundation.ua.builtintypes.ServiceResponse;
import org.opcfoundation.ua.builtintypes.UnsignedInteger;
import org.opcfoundation.ua.common.ServiceResultException;
import org.opcfoundation.ua.core.EndpointConfiguration;
import org.opcfoundation.ua.core.EndpointDescription;
import org.opcfoundation.ua.core.StatusCodes;
import org.opcfoundation.ua.encoding.EncoderContext;
import org.opcfoundation.ua.encoding.binary.IEncodeableSerializer;
import org.opcfoundation.ua.transport.AsyncResult;
import org.opcfoundation.ua.transport.TransportChannelSettings;
import org.opcfoundation.ua.transport.security.HttpsSecurityPolicy;
import org.opcfoundation.ua.transport.tcp.io.ITransportChannel;
import org.opcfoundation.ua.utils.CryptoUtil;
import org.opcfoundation.ua.utils.ObjectUtils;
import org.opcfoundation.ua.utils.StackUtils;
import org.opcfoundation.ua.utils.TimerUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/opc-ua-stack-1.3.346-197.jar:org/opcfoundation/ua/transport/https/HttpsClient.class */
public class HttpsClient implements ITransportChannel {
    TransportChannelSettings transportChannelSettings;
    String connectUrl;
    HttpsSecurityPolicy securityPolicy;
    SchemeRegistry sr;
    ClientConnectionManager ccm;
    DefaultHttpClient httpclient;
    String protocol;
    IEncodeableSerializer serializer;
    String securityPolicyUri;
    Timer timer;
    EncoderContext encoderCtx;
    String[] cipherSuites;
    static final ServiceResultException BAD_TIMEOUT = new ServiceResultException(StatusCodes.Bad_Timeout);
    static final Charset UTF8 = Charset.forName("UTF-8");
    static final Logger logger = LoggerFactory.getLogger(HttpsClient.class);
    public static final X509HostnameVerifier ALLOW_ALL_HOSTNAME_VERIFIER = new X509HostnameVerifier() { // from class: org.opcfoundation.ua.transport.https.HttpsClient.3
        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            return true;
        }

        @Override // org.apache.http.conn.ssl.X509HostnameVerifier
        public void verify(String str, String[] strArr, String[] strArr2) throws SSLException {
        }

        @Override // org.apache.http.conn.ssl.X509HostnameVerifier
        public void verify(String str, X509Certificate x509Certificate) throws SSLException {
        }

        @Override // org.apache.http.conn.ssl.X509HostnameVerifier
        public void verify(String str, SSLSocket sSLSocket) throws IOException {
        }
    };
    AtomicInteger requestIdCounter = new AtomicInteger(0);
    Executor executor = StackUtils.getBlockingWorkExecutor();
    int maxConnections = 20;
    Map<Integer, HttpsClientPendingRequest> requests = new ConcurrentHashMap();
    AtomicReference<TimerTask> timeoutPendingRequestsTask = new AtomicReference<>(null);
    AtomicInteger secureChannelIdCounter = new AtomicInteger();
    Runnable timeoutRun = new Runnable() { // from class: org.opcfoundation.ua.transport.https.HttpsClient.2
        @Override // java.lang.Runnable
        public void run() {
            HttpsClient.this.cancelTimeoutPendingRequestTask();
            synchronized (HttpsClient.this.requests) {
                long currentTimeMillis = System.currentTimeMillis();
                for (HttpsClientPendingRequest httpsClientPendingRequest : HttpsClient.this.requests.values()) {
                    if (httpsClientPendingRequest.timeoutTime != 0 && currentTimeMillis >= httpsClientPendingRequest.timeoutTime) {
                        HttpsClient.logger.warn("Request id={} msg={} timeouted {} ms elapsed. timeout at {} ms", Integer.valueOf(httpsClientPendingRequest.requestId), httpsClientPendingRequest.requestMessage.getClass(), Long.valueOf(System.currentTimeMillis() - httpsClientPendingRequest.startTime), Long.valueOf(httpsClientPendingRequest.timeoutTime - httpsClientPendingRequest.startTime));
                        httpsClientPendingRequest.timeout();
                    }
                }
            }
            HttpsClient.this.scheduleTimeoutRequestsTimer();
        }
    };

    public HttpsClient(String str) {
        if (!str.equals("http") && !str.equals("https")) {
            throw new IllegalArgumentException();
        }
        this.protocol = str;
    }

    public void setClientConnectionManager(ClientConnectionManager clientConnectionManager) {
        this.ccm = clientConnectionManager;
    }

    public void setMaxConnections(int i) {
        this.maxConnections = i;
    }

    @Override // org.opcfoundation.ua.transport.tcp.io.ITransportChannel
    public void initialize(String str, TransportChannelSettings transportChannelSettings, EncoderContext encoderContext) throws ServiceResultException {
        SSLContext sSLContext;
        this.connectUrl = str;
        this.securityPolicyUri = transportChannelSettings.getDescription().getSecurityPolicyUri();
        this.transportChannelSettings = transportChannelSettings;
        HttpsSettings httpsSettings = transportChannelSettings.getHttpsSettings();
        HttpsSecurityPolicy[] httpsSecurityPolicies = httpsSettings.getHttpsSecurityPolicies();
        if (httpsSecurityPolicies == null || httpsSecurityPolicies.length <= 0) {
            this.securityPolicy = HttpsSecurityPolicy.TLS_1_1;
        } else {
            this.securityPolicy = httpsSecurityPolicies[httpsSecurityPolicies.length - 1];
        }
        if (this.securityPolicy != HttpsSecurityPolicy.TLS_1_0 && this.securityPolicy != HttpsSecurityPolicy.TLS_1_1 && this.securityPolicy != HttpsSecurityPolicy.TLS_1_2 && this.securityPolicy != HttpsSecurityPolicy.TLS_1_2_PFS) {
            throw new ServiceResultException(StatusCodes.Bad_SecurityChecksFailed, "Https Client doesn't support securityPolicy " + this.securityPolicy);
        }
        if (logger.isDebugEnabled()) {
            logger.debug("initialize: url={}; settings={}", transportChannelSettings.getDescription().getEndpointUrl(), ObjectUtils.printFields(transportChannelSettings));
        }
        EndpointConfiguration configuration = transportChannelSettings.getConfiguration();
        this.encoderCtx = encoderContext;
        this.encoderCtx.setMaxArrayLength(configuration.getMaxArrayLength() != null ? configuration.getMaxArrayLength().intValue() : 0);
        this.encoderCtx.setMaxStringLength(configuration.getMaxStringLength() != null ? configuration.getMaxStringLength().intValue() : 0);
        this.encoderCtx.setMaxByteStringLength(configuration.getMaxByteStringLength() != null ? configuration.getMaxByteStringLength().intValue() : 0);
        this.encoderCtx.setMaxMessageSize(configuration.getMaxMessageSize() != null ? configuration.getMaxMessageSize().intValue() : 0);
        this.timer = TimerUtil.getTimer();
        try {
            SchemeRegistry schemeRegistry = new SchemeRegistry();
            if (this.protocol.equals("https")) {
                try {
                    sSLContext = SSLContext.getInstance("TLSv1.2");
                } catch (NoSuchAlgorithmException e) {
                    logger.debug("No TLSv1.2 implementation found, trying TLS");
                    sSLContext = SSLContext.getInstance("TLS");
                }
                sSLContext.init(httpsSettings.getKeyManagers(), httpsSettings.getTrustManagers(), null);
                SSLSocketFactory sSLSocketFactory = new SSLSocketFactory(sSLContext, httpsSettings.getHostnameVerifier() != null ? httpsSettings.getHostnameVerifier() : SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER) { // from class: org.opcfoundation.ua.transport.https.HttpsClient.1
                    @Override // org.apache.http.conn.ssl.SSLSocketFactory
                    protected void prepareSocket(SSLSocket sSLSocket) throws IOException {
                        sSLSocket.setEnabledCipherSuites(HttpsClient.this.cipherSuites);
                    }
                };
                SSLEngine createSSLEngine = sSLContext.createSSLEngine();
                String[] enabledCipherSuites = createSSLEngine.getEnabledCipherSuites();
                this.cipherSuites = CryptoUtil.filterCipherSuiteList(enabledCipherSuites, this.securityPolicy.getCipherSuites());
                logger.info("Enabled protocols in SSL Engine are {}", Arrays.toString(createSSLEngine.getEnabledProtocols()));
                logger.info("Enabled CipherSuites in SSL Engine are {}", Arrays.toString(enabledCipherSuites));
                logger.info("Client CipherSuite selection for {} is {}", this.securityPolicy.getPolicyUri(), Arrays.toString(this.cipherSuites));
                schemeRegistry.register(new Scheme("https", 443, sSLSocketFactory));
            }
            if (this.protocol.equals("http")) {
                schemeRegistry.register(new Scheme("http", 80, PlainSocketFactory.getSocketFactory()));
            }
            if (this.ccm == null) {
                PoolingClientConnectionManager poolingClientConnectionManager = new PoolingClientConnectionManager(schemeRegistry);
                this.ccm = poolingClientConnectionManager;
                poolingClientConnectionManager.setMaxTotal(this.maxConnections);
                poolingClientConnectionManager.setDefaultMaxPerRoute(this.maxConnections);
            }
            BasicHttpParams basicHttpParams = new BasicHttpParams();
            HttpConnectionParams.setConnectionTimeout(basicHttpParams, this.transportChannelSettings.getConfiguration().getOperationTimeout().intValue());
            HttpConnectionParams.setSoTimeout(basicHttpParams, 0);
            this.httpclient = new DefaultHttpClient(this.ccm, basicHttpParams);
            if (httpsSettings.getUsername() != null && httpsSettings.getPassword() != null) {
                BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
                basicCredentialsProvider.setCredentials(new AuthScope(AuthScope.ANY_HOST, -1), new UsernamePasswordCredentials(httpsSettings.getUsername(), httpsSettings.getPassword()));
                this.httpclient.setCredentialsProvider(basicCredentialsProvider);
            }
        } catch (KeyManagementException e2) {
            new ServiceResultException(e2);
        } catch (NoSuchAlgorithmException e3) {
            new ServiceResultException(e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public long getTimeout(ServiceRequest serviceRequest) {
        UnsignedInteger timeoutHint = serviceRequest.getRequestHeader() != null ? serviceRequest.getRequestHeader().getTimeoutHint() : null;
        long longValue = timeoutHint != null ? timeoutHint.longValue() : getOperationTimeout();
        if (longValue == 0) {
            longValue = 100000;
        }
        return longValue;
    }

    @Override // org.opcfoundation.ua.transport.tcp.io.ITransportChannel
    /* renamed from: serviceRequest */
    public ServiceResponse mo3918serviceRequest(ServiceRequest serviceRequest) throws ServiceResultException {
        return serviceRequest(serviceRequest, getTimeout(serviceRequest));
    }

    @Override // org.opcfoundation.ua.transport.tcp.io.ITransportChannel
    public ServiceResponse serviceRequest(ServiceRequest serviceRequest, long j) throws ServiceResultException {
        return serviceRequestAsync(serviceRequest).waitForResult(j, TimeUnit.MILLISECONDS);
    }

    @Override // org.opcfoundation.ua.transport.tcp.io.ITransportChannel
    public AsyncResult<ServiceResponse> serviceRequestAsync(ServiceRequest serviceRequest) {
        return serviceRequestAsync(serviceRequest, getTimeout(serviceRequest));
    }

    @Override // org.opcfoundation.ua.transport.tcp.io.ITransportChannel
    public AsyncResult<ServiceResponse> serviceRequestAsync(ServiceRequest serviceRequest, long j) {
        return serviceRequestAsync(serviceRequest, j, -1);
    }

    public AsyncResult<ServiceResponse> serviceRequestAsync(ServiceRequest serviceRequest, long j, int i) {
        HttpsClientPendingRequest httpsClientPendingRequest = new HttpsClientPendingRequest(this, serviceRequest);
        httpsClientPendingRequest.secureChannelId = i;
        httpsClientPendingRequest.securityPolicy = this.securityPolicyUri;
        httpsClientPendingRequest.requestId = this.requestIdCounter.getAndIncrement();
        logger.debug("serviceRequestAsync: Sending message, requestId={} message={} operationTimeout={}", Integer.valueOf(httpsClientPendingRequest.requestId), serviceRequest.getClass().getSimpleName(), Long.valueOf(j));
        logger.trace("serviceRequestAsync: message={}", serviceRequest);
        this.requests.put(Integer.valueOf(httpsClientPendingRequest.requestId), httpsClientPendingRequest);
        if (httpsClientPendingRequest.startTime != 0) {
            scheduleTimeoutRequestsTimer();
        }
        this.executor.execute(httpsClientPendingRequest);
        return httpsClientPendingRequest.result;
    }

    public void close() {
        ArrayList arrayList;
        this.ccm.shutdown();
        cancelTimeoutPendingRequestTask();
        synchronized (this.requests) {
            arrayList = new ArrayList(this.requests.values());
            logger.debug("requests.clear()");
            this.requests.clear();
        }
        if (arrayList.isEmpty()) {
            return;
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            ((HttpsClientPendingRequest) it.next()).cancel();
        }
    }

    @Override // org.opcfoundation.ua.transport.tcp.io.ITransportChannel
    public void dispose() {
        close();
        this.ccm = null;
        this.sr = null;
        this.httpclient = null;
        this.serializer = null;
        this.transportChannelSettings = null;
    }

    @Override // org.opcfoundation.ua.transport.tcp.io.ITransportChannel
    public EnumSet<ITransportChannel.TransportChannelFeature> getSupportedFeatures() {
        return EnumSet.of(ITransportChannel.TransportChannelFeature.open, ITransportChannel.TransportChannelFeature.openAsync, ITransportChannel.TransportChannelFeature.close, ITransportChannel.TransportChannelFeature.closeAync, ITransportChannel.TransportChannelFeature.sendRequest, ITransportChannel.TransportChannelFeature.sendRequestAsync);
    }

    @Override // org.opcfoundation.ua.transport.tcp.io.ITransportChannel
    public EndpointDescription getEndpointDescription() {
        return this.transportChannelSettings.getDescription();
    }

    @Override // org.opcfoundation.ua.transport.tcp.io.ITransportChannel
    public EndpointConfiguration getEndpointConfiguration() {
        return this.transportChannelSettings.getConfiguration();
    }

    @Override // org.opcfoundation.ua.transport.tcp.io.ITransportChannel
    public EncoderContext getMessageContext() {
        return this.encoderCtx;
    }

    @Override // org.opcfoundation.ua.transport.tcp.io.ITransportChannel
    public void setOperationTimeout(int i) {
        this.transportChannelSettings.getConfiguration().setOperationTimeout(Integer.valueOf(i));
    }

    @Override // org.opcfoundation.ua.transport.tcp.io.ITransportChannel
    public int getOperationTimeout() {
        Integer operationTimeout = this.transportChannelSettings.getConfiguration().getOperationTimeout();
        if (operationTimeout == null) {
            return 0;
        }
        return operationTimeout.intValue();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void scheduleTimeoutRequestsTimer() {
        HttpsClientPendingRequest _getNextTimeoutingPendingRequest = _getNextTimeoutingPendingRequest();
        if (_getNextTimeoutingPendingRequest == null) {
            cancelTimeoutPendingRequestTask();
            return;
        }
        TimerTask timerTask = this.timeoutPendingRequestsTask.get();
        if (timerTask == null || timerTask.scheduledExecutionTime() > _getNextTimeoutingPendingRequest.timeoutTime) {
            cancelTimeoutPendingRequestTask();
            TimerTask schedule = TimerUtil.schedule(this.timer, this.timeoutRun, this.executor, _getNextTimeoutingPendingRequest.timeoutTime);
            if (this.timeoutPendingRequestsTask.compareAndSet(null, schedule)) {
                return;
            }
            schedule.cancel();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void cancelTimeoutPendingRequestTask() {
        TimerTask andSet = this.timeoutPendingRequestsTask.getAndSet(null);
        if (andSet != null) {
            andSet.cancel();
        }
    }

    private HttpsClientPendingRequest _getNextTimeoutingPendingRequest() {
        HttpsClientPendingRequest httpsClientPendingRequest = null;
        synchronized (this.requests) {
            Iterator<HttpsClientPendingRequest> it = this.requests.values().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                HttpsClientPendingRequest next = it.next();
                if (Long.MAX_VALUE > next.timeoutTime) {
                    long j = next.timeoutTime;
                    httpsClientPendingRequest = next;
                    break;
                }
            }
        }
        return httpsClientPendingRequest;
    }
}
