package eu.unicore.util.httpclient;

import eu.emi.security.authn.x509.impl.CertificateUtils;
import eu.emi.security.authn.x509.impl.HostnameMismatchCallback2;
import eu.emi.security.authn.x509.impl.SocketFactoryCreator2;
import eu.emi.security.authn.x509.impl.X500NameUtils;
import eu.unicore.security.canl.IAuthnAndTrustConfiguration;
import eu.unicore.util.Log;
import java.io.IOException;
import java.net.URL;
import java.net.UnknownHostException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:eu/unicore/util/httpclient/ConnectionUtil.class */
public class ConnectionUtil {
    public static X509Certificate[] getPeerCertificate(IAuthnAndTrustConfiguration iAuthnAndTrustConfiguration, String str, int i, Logger logger) throws UnknownHostException, IOException {
        if (iAuthnAndTrustConfiguration == null || iAuthnAndTrustConfiguration.getValidator() == null || iAuthnAndTrustConfiguration.getCredential() == null) {
            throw new IllegalArgumentException("Can not establish peer's identity without having credential and validator set.");
        }
        URL url = new URL(str);
        SSLSocketFactory socketFactory = new SocketFactoryCreator2(iAuthnAndTrustConfiguration.getCredential(), iAuthnAndTrustConfiguration.getValidator(), (HostnameMismatchCallback2) null).getSocketFactory();
        int port = url.getPort();
        if (port == -1) {
            port = url.getDefaultPort();
        }
        if (port == -1) {
            port = 443;
        }
        SSLSocket sSLSocket = (SSLSocket) socketFactory.createSocket(url.getHost(), port);
        try {
            sSLSocket.setSoTimeout(i);
            X509Certificate[] convertToX509Chain = CertificateUtils.convertToX509Chain(sSLSocket.getSession().getPeerCertificates());
            if (logger.isDebugEnabled()) {
                try {
                    logger.debug("Got peer cert of <{}>\nName: {}\nIssued by: {}", str, X500NameUtils.getReadableForm(convertToX509Chain[0].getSubjectX500Principal()), X500NameUtils.getReadableForm(convertToX509Chain[0].getIssuerX500Principal()));
                } catch (Exception e) {
                    Log.logException("Problem with certificate for <" + str + ">", e, logger);
                }
            }
            if (sSLSocket != null) {
                sSLSocket.close();
            }
            return convertToX509Chain;
        } catch (Throwable th) {
            if (sSLSocket != null) {
                try {
                    sSLSocket.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
