/*
 * The MIT License
 * Copyright (c) 2012 Microsoft Corporation
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 * THE SOFTWARE.
 */

package microsoft.exchange.webservices.data.core;

import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.ssl.SSLContexts;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;

import java.security.GeneralSecurityException;

/**
 * <p>
 * EwsSSLProtocolSocketFactory can be used to create SSL {@link java.net.Socket}s
 * that accept self-signed certificates.
 * </p>
 * <p>
 * This socket factory SHOULD NOT be used for productive systems
 * due to security reasons, unless it is a conscious decision and
 * you are perfectly aware of security implications of accepting
 * self-signed certificates
 * </p>
 * Example of using custom protocol socket factory for a specific host:
 * <pre>
 *     Protocol easyhttps = new Protocol("https", new EasySSLProtocolSocketFactory(), 443);
 *
 *     URI uri = new URI("https://localhost/", true);
 *     // use relative url only
 *     GetMethod httpget = new GetMethod(uri.getPathQuery());
 *     HostConfiguration hc = new HostConfiguration();
 *     hc.setHost(uri.getHost(), uri.getPort(), easyhttps);
 *     HttpClient client = new HttpClient();
 *     client.executeMethod(hc, httpget);
 *     </pre>
 * </p>
 * <p>
 * Example of using custom protocol socket factory per default instead of the standard one:
 * <pre>
 *     Protocol easyhttps = new Protocol("https", new EasySSLProtocolSocketFactory(), 443);
 *     Protocol.registerProtocol("https", easyhttps);
 *
 *     HttpClient client = new HttpClient();
 *     GetMethod httpget = new GetMethod("https://localhost/");
 *     client.executeMethod(httpget);
 *     </pre>
 * </p>
 *
 * <p>
 * DISCLAIMER: HttpClient developers DO NOT actively support this component.
 * The component is provided as a reference material, which may be inappropriate
 * for use without additional customization.
 * </p>
 */

public class EwsSSLProtocolSocketFactory extends SSLConnectionSocketFactory {

  /**
   * Default hostname verifier.
   */
  private static final HostnameVerifier DEFAULT_HOSTNAME_VERIFIER = new DefaultHostnameVerifier();


  /**
   * The SSL Context.
   */
  private final SSLContext sslcontext;


  /**
   * Constructor for EasySSLProtocolSocketFactory.
   *
   * @param context          SSL context
   * @param hostnameVerifier hostname verifier
   */
  public EwsSSLProtocolSocketFactory(
    SSLContext context, HostnameVerifier hostnameVerifier
  ) {
    super(context, hostnameVerifier);
    this.sslcontext = context;
  }


  /**
   * Create and configure SSL protocol socket factory using default hostname verifier.
   * {@link EwsSSLProtocolSocketFactory#DEFAULT_HOSTNAME_VERIFIER}
   *
   * @param trustManager trust manager
   * @return socket factory for SSL protocol
   * @throws GeneralSecurityException on security error
   */
  public static EwsSSLProtocolSocketFactory build(TrustManager trustManager)
    throws GeneralSecurityException {
    return build(trustManager, DEFAULT_HOSTNAME_VERIFIER);
  }

  /**
   * Create and configure SSL protocol socket factory using trust manager and hostname verifier.
   *
   * @param trustManager trust manager
   * @param hostnameVerifier hostname verifier
   * @return socket factory for SSL protocol
   * @throws GeneralSecurityException on security error
   */
  public static EwsSSLProtocolSocketFactory build(
    TrustManager trustManager, HostnameVerifier hostnameVerifier
  ) throws GeneralSecurityException {
    SSLContext sslContext = createSslContext(trustManager);
    return new EwsSSLProtocolSocketFactory(sslContext, hostnameVerifier);
  }

  /**
   * Create SSL context and initialize it using specific trust manager.
   *
   * @param trustManager trust manager
   * @return initialized SSL context
   * @throws GeneralSecurityException on security error
   */
  public static SSLContext createSslContext(TrustManager trustManager)
    throws GeneralSecurityException {
    EwsX509TrustManager x509TrustManager = new EwsX509TrustManager(null, trustManager);
    SSLContext sslContext = SSLContexts.createDefault();
    sslContext.init(
      null,
      new TrustManager[] { x509TrustManager },
      null
    );
    return sslContext;
  }


  /**
   * @return SSL context
   */
  public SSLContext getContext() {
    return sslcontext;
  }

  public boolean equals(Object obj) {
    return ((obj != null) && obj.getClass().equals(EwsSSLProtocolSocketFactory.class));
  }

  public int hashCode() {
    return EwsSSLProtocolSocketFactory.class.hashCode();
  }

}