package org.opennms.netmgt.poller.monitors;

import java.io.IOException;
import java.io.InterruptedIOException;
import java.net.ConnectException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.NoRouteToHostException;
import java.net.Socket;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.GregorianCalendar;
import java.util.Map;
import javax.net.ssl.SSLSocket;
import org.apache.log4j.Level;
import org.opennms.core.utils.InetAddressUtils;
import org.opennms.core.utils.ParameterMap;
import org.opennms.core.utils.SocketWrapper;
import org.opennms.core.utils.SslSocketWrapper;
import org.opennms.core.utils.TimeoutTracker;
import org.opennms.netmgt.model.PollStatus;
import org.opennms.netmgt.poller.Distributable;
import org.opennms.netmgt.poller.MonitoredService;
import org.opennms.netmgt.poller.NetworkInterface;
import org.opennms.netmgt.poller.NetworkInterfaceNotSupportedException;

@Distributable
/* loaded from: input_file:org/opennms/netmgt/poller/monitors/SSLCertMonitor.class */
public final class SSLCertMonitor extends AbstractServiceMonitor {
    private static final int DEFAULT_PORT = -1;
    private static final int DEFAULT_RETRY = 0;
    private static final int DEFAULT_TIMEOUT = 3000;
    private static final int DEFAULT_DAYS = 7;
    public static final String PARAMETER_PORT = "port";
    public static final String PARAMETER_DAYS = "days";
    private static Calendar m_calendar;

    SSLCertMonitor() {
        m_calendar = null;
    }

    SSLCertMonitor(Calendar calendar) {
        m_calendar = calendar;
    }

    public PollStatus poll(MonitoredService monitoredService, Map<String, Object> map) {
        NetworkInterface netInterface = monitoredService.getNetInterface();
        if (netInterface.getType() != 1) {
            throw new NetworkInterfaceNotSupportedException("Unsupported interface type, only TYPE_INET currently supported");
        }
        TimeoutTracker timeoutTracker = new TimeoutTracker(map, 0, 3000);
        int keyedInteger = ParameterMap.getKeyedInteger(map, "port", -1);
        if (keyedInteger == -1) {
            throw new RuntimeException("Required parameter 'port' is not present in supplied properties.");
        }
        int keyedInteger2 = ParameterMap.getKeyedInteger(map, PARAMETER_DAYS, 7);
        if (keyedInteger2 <= 0) {
            throw new RuntimeException("Required parameter 'days' must be a positive value.");
        }
        Calendar gregorianCalendar = GregorianCalendar.getInstance();
        Calendar gregorianCalendar2 = GregorianCalendar.getInstance();
        if (m_calendar != null) {
            gregorianCalendar2.setTimeInMillis(m_calendar.getTimeInMillis());
        }
        gregorianCalendar.setTimeInMillis(gregorianCalendar2.getTimeInMillis());
        gregorianCalendar.add(5, keyedInteger2);
        Calendar gregorianCalendar3 = GregorianCalendar.getInstance();
        Calendar gregorianCalendar4 = GregorianCalendar.getInstance();
        InetAddress inetAddress = (InetAddress) netInterface.getAddress();
        String str = InetAddressUtils.str(inetAddress);
        log().debug("poll: address=" + str + ", port=" + keyedInteger + ", " + timeoutTracker);
        PollStatus unavailable = PollStatus.unavailable();
        timeoutTracker.reset();
        while (timeoutTracker.shouldRetry() && !unavailable.isAvailable()) {
            Socket socket = null;
            try {
                try {
                    try {
                        timeoutTracker.startAttempt();
                        socket = new Socket();
                        socket.connect(new InetSocketAddress(inetAddress, keyedInteger), timeoutTracker.getConnectionTimeout());
                        socket.setSoTimeout(timeoutTracker.getSoTimeout());
                        log().debug("Connected to host: " + inetAddress + " on port: " + keyedInteger);
                        SSLSocket sSLSocket = (SSLSocket) getSocketWrapper().wrapSocket(socket);
                        unavailable = PollStatus.unresponsive();
                        Certificate[] peerCertificates = sSLSocket.getSession().getPeerCertificates();
                        int i = 0;
                        while (true) {
                            if (i >= peerCertificates.length || unavailable.isAvailable()) {
                                break;
                            }
                            if (peerCertificates[i] instanceof X509Certificate) {
                                X509Certificate x509Certificate = (X509Certificate) peerCertificates[i];
                                log().debug("Checking validity against dates: [current: " + gregorianCalendar2.getTime() + ", valid: " + gregorianCalendar.getTime() + "], NotBefore: " + x509Certificate.getNotBefore() + ", NotAfter: " + x509Certificate.getNotAfter());
                                gregorianCalendar3.setTime(x509Certificate.getNotBefore());
                                gregorianCalendar4.setTime(x509Certificate.getNotAfter());
                                unavailable = gregorianCalendar2.before(gregorianCalendar3) ? logDown(Level.WARN, "Certificate is invalid, current time is before start time") : gregorianCalendar2.before(gregorianCalendar4) ? gregorianCalendar.before(gregorianCalendar4) ? logUp(Level.DEBUG, timeoutTracker.elapsedTimeInMillis(), "Certificate is valid, and does not expire before validity check date") : logDown(Level.ERROR, "Certificate is valid, but will expire in " + keyedInteger2 + " days.") : logDown(Level.ERROR, "Certificate has expired.");
                            } else {
                                i++;
                            }
                        }
                        if (socket != null) {
                            try {
                                socket.close();
                            } catch (IOException e) {
                                e.fillInStackTrace();
                                log().debug("poll: Error closing socket." + e);
                            }
                        }
                    } catch (Throwable th) {
                        if (socket != null) {
                            try {
                                socket.close();
                            } catch (IOException e2) {
                                e2.fillInStackTrace();
                                log().debug("poll: Error closing socket." + e2);
                                throw th;
                            }
                        }
                        throw th;
                    }
                } catch (NoRouteToHostException e3) {
                    unavailable = logDown(Level.WARN, "No route to host exception for address " + str, e3);
                    if (socket != null) {
                        try {
                            socket.close();
                        } catch (IOException e4) {
                            e4.fillInStackTrace();
                            log().debug("poll: Error closing socket." + e4);
                        }
                    }
                } catch (IOException e5) {
                    unavailable = logDown(Level.DEBUG, "IOException while polling address: " + inetAddress, e5);
                    if (socket != null) {
                        try {
                            socket.close();
                        } catch (IOException e6) {
                            e6.fillInStackTrace();
                            log().debug("poll: Error closing socket." + e6);
                        }
                    }
                }
            } catch (InterruptedIOException e7) {
                unavailable = logDown(Level.DEBUG, "did not connect to host with " + timeoutTracker);
                if (socket != null) {
                    try {
                        socket.close();
                    } catch (IOException e8) {
                        e8.fillInStackTrace();
                        log().debug("poll: Error closing socket." + e8);
                    }
                }
            } catch (ConnectException e9) {
                unavailable = logDown(Level.DEBUG, "Connection exception for address: " + inetAddress, e9);
                if (socket != null) {
                    try {
                        socket.close();
                    } catch (IOException e10) {
                        e10.fillInStackTrace();
                        log().debug("poll: Error closing socket." + e10);
                    }
                }
            }
            timeoutTracker.nextAttempt();
        }
        return unavailable;
    }

    protected SocketWrapper getSocketWrapper() {
        return new SslSocketWrapper();
    }

    public void setCalendar(Calendar calendar) {
        m_calendar = calendar;
    }

    public Calendar getCalendar() {
        return m_calendar;
    }
}
