package org.opennms.netmgt.poller.monitors;

import com.google.common.base.Strings;
import com.google.common.collect.ImmutableList;
import java.io.IOException;
import java.io.InterruptedIOException;
import java.net.ConnectException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.NoRouteToHostException;
import java.net.Socket;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.GregorianCalendar;
import java.util.Map;
import java.util.Properties;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSocket;
import org.apache.http.conn.ssl.StrictHostnameVerifier;
import org.opennms.core.utils.InetAddressUtils;
import org.opennms.core.utils.ParameterMap;
import org.opennms.core.utils.PropertiesUtils;
import org.opennms.core.utils.SocketUtils;
import org.opennms.core.utils.TimeoutTracker;
import org.opennms.netmgt.poller.Distributable;
import org.opennms.netmgt.poller.MonitoredService;
import org.opennms.netmgt.poller.PollStatus;
import org.opennms.netmgt.poller.support.AbstractServiceMonitor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Distributable
/* loaded from: input_file:org/opennms/netmgt/poller/monitors/SSLCertMonitor.class */
public class SSLCertMonitor extends AbstractServiceMonitor {
    public static final Logger LOG = LoggerFactory.getLogger(SSLCertMonitor.class);
    private static final int DEFAULT_PORT = -1;
    private static final int DEFAULT_RETRY = 0;
    private static final int DEFAULT_TIMEOUT = 3000;
    private static final int DEFAULT_DAYS = 7;
    public static final String PARAMETER_PORT = "port";
    public static final String PARAMETER_DAYS = "days";
    public static final String PARAMETER_SERVER_NAME = "server-name";

    public PollStatus poll(MonitoredService monitoredService, Map<String, Object> map) {
        SSLSocket wrapSocketInSslContext;
        TimeoutTracker timeoutTracker = new TimeoutTracker(map, 0, 3000);
        int keyedInteger = ParameterMap.getKeyedInteger(map, "port", DEFAULT_PORT);
        if (keyedInteger == DEFAULT_PORT) {
            throw new RuntimeException("Required parameter 'port' is not present in supplied properties.");
        }
        int keyedInteger2 = ParameterMap.getKeyedInteger(map, PARAMETER_DAYS, DEFAULT_DAYS);
        if (keyedInteger2 <= 0) {
            throw new RuntimeException("Required parameter 'days' must be a positive value.");
        }
        String substitute = PropertiesUtils.substitute(ParameterMap.getKeyedString(map, PARAMETER_SERVER_NAME, ""), new Properties[]{getServiceProperties(monitoredService)});
        Calendar calendarInstance = getCalendarInstance();
        Calendar calendarInstance2 = getCalendarInstance();
        calendarInstance.setTimeInMillis(calendarInstance2.getTimeInMillis());
        calendarInstance.add(5, keyedInteger2);
        Calendar calendarInstance3 = getCalendarInstance();
        Calendar calendarInstance4 = getCalendarInstance();
        InetAddress address = monitoredService.getAddress();
        String str = InetAddressUtils.str(address);
        LOG.debug("poll: address={}, port={}, serverName={}, {}", new Object[]{str, Integer.valueOf(keyedInteger), substitute, timeoutTracker});
        PollStatus unavailable = PollStatus.unavailable();
        timeoutTracker.reset();
        while (timeoutTracker.shouldRetry() && !unavailable.isAvailable()) {
            Socket socket = null;
            try {
                try {
                    try {
                        try {
                            try {
                                timeoutTracker.startAttempt();
                                socket = new Socket();
                                socket.connect(new InetSocketAddress(address, keyedInteger), timeoutTracker.getConnectionTimeout());
                                socket.setSoTimeout(timeoutTracker.getSoTimeout());
                                LOG.debug("Connected to host: {} on port: {}", address, Integer.valueOf(keyedInteger));
                                wrapSocketInSslContext = SocketUtils.wrapSocketInSslContext(socket, (String) null, (String[]) null);
                                unavailable = PollStatus.unresponsive();
                            } catch (InterruptedIOException e) {
                                String str2 = "did not connect to host with " + timeoutTracker;
                                LOG.debug(str2);
                                unavailable = PollStatus.unavailable(str2);
                                if (socket != null) {
                                    try {
                                        socket.close();
                                    } catch (IOException e2) {
                                        e2.fillInStackTrace();
                                        LOG.debug("poll: Error closing socket.", e2);
                                    }
                                }
                            }
                        } catch (IOException e3) {
                            String str3 = "IOException while polling address: " + address;
                            LOG.debug(str3, e3);
                            unavailable = PollStatus.unavailable(str3);
                            if (socket != null) {
                                try {
                                    socket.close();
                                } catch (IOException e4) {
                                    e4.fillInStackTrace();
                                    LOG.debug("poll: Error closing socket.", e4);
                                }
                            }
                        }
                    } catch (NoRouteToHostException e5) {
                        String str4 = "No route to host exception for address " + str;
                        LOG.debug(str4, e5);
                        unavailable = PollStatus.unavailable(str4);
                        if (socket != null) {
                            try {
                                socket.close();
                            } catch (IOException e6) {
                                e6.fillInStackTrace();
                                LOG.debug("poll: Error closing socket.", e6);
                            }
                        }
                    }
                } catch (Throwable th) {
                    if (socket != null) {
                        try {
                            socket.close();
                        } catch (IOException e7) {
                            e7.fillInStackTrace();
                            LOG.debug("poll: Error closing socket.", e7);
                            throw th;
                        }
                    }
                    throw th;
                }
            } catch (ConnectException e8) {
                String str5 = "Connection exception for address: " + address;
                LOG.debug(str5, e8);
                unavailable = PollStatus.unavailable(str5);
                if (socket != null) {
                    try {
                        socket.close();
                    } catch (IOException e9) {
                        e9.fillInStackTrace();
                        LOG.debug("poll: Error closing socket.", e9);
                    }
                }
            }
            if (!Strings.isNullOrEmpty(substitute)) {
                SSLParameters sSLParameters = wrapSocketInSslContext.getSSLParameters();
                sSLParameters.setServerNames(ImmutableList.of(new SNIHostName(substitute)));
                wrapSocketInSslContext.setSSLParameters(sSLParameters);
                if (!new StrictHostnameVerifier().verify(substitute, wrapSocketInSslContext.getSession())) {
                    unavailable = PollStatus.unavailable("Host name verification failed - certificate common name is invalid");
                    if (socket != null) {
                        try {
                            socket.close();
                        } catch (IOException e10) {
                            e10.fillInStackTrace();
                            LOG.debug("poll: Error closing socket.", e10);
                        }
                    }
                    timeoutTracker.nextAttempt();
                }
            }
            Certificate[] peerCertificates = wrapSocketInSslContext.getSession().getPeerCertificates();
            int i = 0;
            while (true) {
                if (i >= peerCertificates.length || unavailable.isAvailable()) {
                    break;
                }
                if (peerCertificates[i] instanceof X509Certificate) {
                    X509Certificate x509Certificate = (X509Certificate) peerCertificates[i];
                    LOG.debug("Checking validity against dates: [current: {}, valid: {}], NotBefore: {}, NotAfter: {}", new Object[]{calendarInstance2.getTime(), calendarInstance.getTime(), x509Certificate.getNotBefore(), x509Certificate.getNotAfter()});
                    calendarInstance3.setTime(x509Certificate.getNotBefore());
                    calendarInstance4.setTime(x509Certificate.getNotAfter());
                    if (calendarInstance2.before(calendarInstance3)) {
                        LOG.debug("Certificate is invalid, current time is before start time");
                        unavailable = PollStatus.unavailable("Certificate is invalid, current time is before start time");
                    } else if (!calendarInstance2.before(calendarInstance4)) {
                        LOG.debug("Certificate has expired.");
                        unavailable = PollStatus.unavailable("Certificate has expired.");
                    } else if (calendarInstance.before(calendarInstance4)) {
                        LOG.debug("Certificate is valid, and does not expire before validity check date");
                        unavailable = PollStatus.available(Double.valueOf(timeoutTracker.elapsedTimeInMillis()));
                    } else {
                        String str6 = "Certificate is valid, but will expire within " + keyedInteger2 + " days (" + x509Certificate.getNotAfter() + ").";
                        LOG.debug(str6);
                        unavailable = PollStatus.unavailable(str6);
                    }
                } else {
                    i++;
                }
            }
            if (socket != null) {
                try {
                    socket.close();
                } catch (IOException e11) {
                    e11.fillInStackTrace();
                    LOG.debug("poll: Error closing socket.", e11);
                }
            }
            timeoutTracker.nextAttempt();
        }
        return unavailable;
    }

    protected Calendar getCalendarInstance() {
        return GregorianCalendar.getInstance();
    }
}
