package com.bea.security.saml2.artifact.impl;

import com.bea.security.saml2.binding.BindingHandlerException;
import com.bea.security.saml2.config.SAML2ConfigSpi;
import com.bea.security.saml2.providers.registry.IndexedEndpoint;
import com.bea.security.saml2.providers.registry.WebSSOPartner;
import com.bea.security.saml2.util.SAML2Utils;
import com.bea.security.utils.ssl.SSLContextProtocolSelector;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.SocketTimeoutException;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;

/* loaded from: input_file:com/bea/security/saml2/artifact/impl/ArtifactResolverJSSEImpl.class */
public class ArtifactResolverJSSEImpl extends AbstractArtifactResolver {
    private static final String SSLCONTEXT_PROTOCOL = SSLContextProtocolSelector.getSSLContextProtocol();

    public ArtifactResolverJSSEImpl(SAML2ConfigSpi sAML2ConfigSpi) {
        super(sAML2ConfigSpi);
    }

    @Override // com.bea.security.saml2.artifact.impl.AbstractArtifactResolver
    public HttpURLConnection openConnection(WebSSOPartner webSSOPartner, IndexedEndpoint indexedEndpoint) throws BindingHandlerException {
        if (this.logdebug) {
            this.log.debug("open connection to send samlp:ArtifactResolve. partner id:" + webSSOPartner.getEntityID() + ", endpoint url:" + indexedEndpoint.getLocation());
        }
        try {
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(indexedEndpoint.getLocation()).openConnection();
            httpURLConnection.setDoOutput(true);
            httpURLConnection.setAllowUserInteraction(false);
            httpURLConnection.setInstanceFollowRedirects(false);
            httpURLConnection.setRequestMethod("POST");
            httpURLConnection.setRequestProperty("Content-Type", "text/xml; charset=UTF-8");
            String basicAuthn = getBasicAuthn(webSSOPartner);
            if (basicAuthn != null && !basicAuthn.equals("")) {
                httpURLConnection.setRequestProperty("Authorization", "Basic " + SAML2Utils.base64Encode(basicAuthn.getBytes("UTF-8")));
            }
            if (httpURLConnection instanceof HttpsURLConnection) {
                if (this.logdebug) {
                    this.log.debug("remote ARS need secure http connection.");
                }
                try {
                    SSLClientKeyManager sSLClientKeyManager = null;
                    if (this.sslClientKey != null && this.sslClientCert != null && this.sslClientCert.length > 0) {
                        sSLClientKeyManager = new SSLClientKeyManager(this.sslClientKey, this.sslClientCert, this.sslClientKeyAlias);
                    }
                    KeyManager[] keyManagerArr = sSLClientKeyManager == null ? null : new KeyManager[]{sSLClientKeyManager};
                    if (this.logdebug) {
                        this.log.debug("Expected SSLContext service protocol: " + SSLCONTEXT_PROTOCOL);
                    }
                    SSLContext sSLContext = SSLContext.getInstance(SSLCONTEXT_PROTOCOL);
                    if (this.logdebug && null != sSLContext) {
                        this.log.debug("Actual SSLContext service protocol: " + sSLContext.getProtocol());
                    }
                    sSLContext.init(keyManagerArr, null, null);
                    ((HttpsURLConnection) httpURLConnection).setSSLSocketFactory(sSLContext.getSocketFactory());
                    httpURLConnection.connect();
                } catch (SocketTimeoutException e) {
                    if (this.logdebug) {
                        this.log.debug("can't connect to remote server.", e);
                    }
                    throw new BindingHandlerException(e.getMessage(), 500);
                } catch (IOException e2) {
                    if (this.logdebug) {
                        this.log.debug("can't connect to remote server.", e2);
                    }
                    throw new BindingHandlerException(e2.getMessage(), 500);
                } catch (KeyManagementException e3) {
                    if (this.logdebug) {
                        this.log.debug("can't initialize ssl context.", e3);
                    }
                    throw new BindingHandlerException(e3.getMessage(), 500);
                } catch (NoSuchAlgorithmException e4) {
                    if (this.logdebug) {
                        this.log.debug("can't get ssl context: NoSuchAlgorithm: " + SSLCONTEXT_PROTOCOL + ".");
                    }
                    throw new BindingHandlerException(e4.getMessage(), 500);
                }
            }
            return httpURLConnection;
        } catch (UnsupportedEncodingException e5) {
            if (this.logdebug) {
                this.log.debug("can't get BASE64 encoded basic authentication:UnsupportedEncoding:UTF-8.");
            }
            throw new BindingHandlerException(e5.getMessage(), 500);
        } catch (MalformedURLException e6) {
            if (this.logdebug) {
                this.log.debug("can't open connection:MalformedURL:" + indexedEndpoint.getLocation());
            }
            throw new BindingHandlerException(e6.getMessage(), 500);
        } catch (IOException e7) {
            if (this.logdebug) {
                this.log.debug("can't open connection.");
            }
            throw new BindingHandlerException(e7.getMessage(), 500);
        }
    }
}
