package org.apache.poi.poifs.crypt.dsig.services;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.ws.rs.HttpMethod;
import org.apache.logging.log4j.Logger;
import org.apache.poi.logging.PoiLogManager;
import org.apache.poi.poifs.crypt.dsig.SignatureConfig;
import org.apache.poi.poifs.crypt.dsig.services.TimeStampHttpClient;
import org.apache.poi.util.IOUtils;
import org.apache.poi.util.RandomSingleton;
import org.jboss.resteasy.spi.HttpResponseCodes;

/* loaded from: input_file:WEB-INF/lib/poi-ooxml-5.4.0.jar:org/apache/poi/poifs/crypt/dsig/services/TimeStampSimpleHttpClient.class */
public class TimeStampSimpleHttpClient implements TimeStampHttpClient {
    protected static final String CONTENT_TYPE = "Content-Type";
    protected static final String USER_AGENT = "User-Agent";
    protected static final String BASIC_AUTH = "Authorization";
    protected static final String REDIRECT_LOCATION = "Location";
    private static final int DEFAULT_TIMESTAMP_RESPONSE_SIZE = 10000000;
    protected SignatureConfig config;
    protected Proxy proxy = Proxy.NO_PROXY;
    protected final Map<String, String> header = new HashMap();
    protected String contentTypeOut = null;
    protected boolean ignoreHttpsCertificates = false;
    protected boolean followRedirects = false;
    private static final Logger LOG = PoiLogManager.getLogger((Class<?>) TimeStampSimpleHttpClient.class);
    private static int MAX_TIMESTAMP_RESPONSE_SIZE = 10000000;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:WEB-INF/lib/poi-ooxml-5.4.0.jar:org/apache/poi/poifs/crypt/dsig/services/TimeStampSimpleHttpClient$MethodHandler.class */
    public interface MethodHandler {
        void handle(HttpURLConnection httpURLConnection) throws IOException;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/poi-ooxml-5.4.0.jar:org/apache/poi/poifs/crypt/dsig/services/TimeStampSimpleHttpClient$TimeStampSimpleHttpClientResponse.class */
    public static class TimeStampSimpleHttpClientResponse implements TimeStampHttpClient.TimeStampHttpClientResponse {
        private final int responseCode;
        private final byte[] responseBytes;

        public TimeStampSimpleHttpClientResponse(int i, byte[] bArr) {
            this.responseCode = i;
            this.responseBytes = bArr;
        }

        @Override // org.apache.poi.poifs.crypt.dsig.services.TimeStampHttpClient.TimeStampHttpClientResponse
        public int getResponseCode() {
            return this.responseCode;
        }

        @Override // org.apache.poi.poifs.crypt.dsig.services.TimeStampHttpClient.TimeStampHttpClientResponse
        public byte[] getResponseBytes() {
            return this.responseBytes;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/poi-ooxml-5.4.0.jar:org/apache/poi/poifs/crypt/dsig/services/TimeStampSimpleHttpClient$UnsafeTrustManager.class */
    public static class UnsafeTrustManager implements X509TrustManager {
        private UnsafeTrustManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }
    }

    public static void setMaxTimestampResponseSize(int i) {
        MAX_TIMESTAMP_RESPONSE_SIZE = i;
    }

    public static int getMaxTimestampResponseSize() {
        return MAX_TIMESTAMP_RESPONSE_SIZE;
    }

    @Override // org.apache.poi.poifs.crypt.dsig.services.TimeStampHttpClient
    public void init(SignatureConfig signatureConfig) {
        this.config = signatureConfig;
        this.header.clear();
        this.header.put("User-Agent", signatureConfig.getUserAgent());
        this.contentTypeOut = null;
        setProxy(signatureConfig.getProxyUrl());
        setBasicAuthentication(signatureConfig.getTspUser(), signatureConfig.getTspPass());
    }

    public void setProxy(String str) {
        if (str == null || str.isEmpty()) {
            this.proxy = Proxy.NO_PROXY;
            return;
        }
        try {
            URL url = new URL(str);
            String host = url.getHost();
            int port = url.getPort();
            this.proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(InetAddress.getByName(host), port == -1 ? 80 : port));
        } catch (IOException e) {
        }
    }

    public Proxy getProxy() {
        return this.proxy;
    }

    @Override // org.apache.poi.poifs.crypt.dsig.services.TimeStampHttpClient
    public void setContentTypeIn(String str) {
        this.header.put("Content-Type", str);
    }

    @Override // org.apache.poi.poifs.crypt.dsig.services.TimeStampHttpClient
    public void setContentTypeOut(String str) {
        this.contentTypeOut = str;
    }

    @Override // org.apache.poi.poifs.crypt.dsig.services.TimeStampHttpClient
    public void setBasicAuthentication(String str, String str2) {
        if (str == null || str.isEmpty() || str2 == null || str2.isEmpty()) {
            this.header.remove("Authorization");
            return;
        }
        this.header.put("Authorization", "Basic " + Base64.getEncoder().encodeToString((str + ":" + str2).getBytes(StandardCharsets.ISO_8859_1)));
    }

    @Override // org.apache.poi.poifs.crypt.dsig.services.TimeStampHttpClient
    public boolean isIgnoreHttpsCertificates() {
        return this.ignoreHttpsCertificates;
    }

    @Override // org.apache.poi.poifs.crypt.dsig.services.TimeStampHttpClient
    public void setIgnoreHttpsCertificates(boolean z) {
        this.ignoreHttpsCertificates = z;
    }

    @Override // org.apache.poi.poifs.crypt.dsig.services.TimeStampHttpClient
    public boolean isFollowRedirects() {
        return this.followRedirects;
    }

    @Override // org.apache.poi.poifs.crypt.dsig.services.TimeStampHttpClient
    public void setFollowRedirects(boolean z) {
        this.followRedirects = z;
    }

    @Override // org.apache.poi.poifs.crypt.dsig.services.TimeStampHttpClient
    public TimeStampHttpClient.TimeStampHttpClientResponse post(String str, byte[] bArr) throws IOException {
        return handleRedirect(str, httpURLConnection -> {
            httpURLConnection.setRequestMethod(HttpMethod.POST);
            httpURLConnection.setDoOutput(true);
            OutputStream outputStream = httpURLConnection.getOutputStream();
            Throwable th = null;
            try {
                outputStream.write(bArr);
                if (outputStream != null) {
                    if (0 == 0) {
                        outputStream.close();
                        return;
                    }
                    try {
                        outputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                if (outputStream != null) {
                    if (0 != 0) {
                        try {
                            outputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        outputStream.close();
                    }
                }
                throw th3;
            }
        }, isFollowRedirects());
    }

    @Override // org.apache.poi.poifs.crypt.dsig.services.TimeStampHttpClient
    public TimeStampHttpClient.TimeStampHttpClientResponse get(String str) throws IOException {
        return handleRedirect(str, httpURLConnection -> {
        }, isFollowRedirects());
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:7:0x005c. Please report as an issue. */
    protected TimeStampHttpClient.TimeStampHttpClientResponse handleRedirect(String str, MethodHandler methodHandler, boolean z) throws IOException {
        byte[] byteArrayWithMaxLength;
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection(this.proxy);
        if (this.ignoreHttpsCertificates) {
            recklessConnection(httpURLConnection);
        }
        httpURLConnection.setConnectTimeout(20000);
        httpURLConnection.setReadTimeout(20000);
        Map<String, String> map = this.header;
        httpURLConnection.getClass();
        map.forEach(httpURLConnection::setRequestProperty);
        try {
            methodHandler.handle(httpURLConnection);
            httpURLConnection.connect();
            int responseCode = httpURLConnection.getResponseCode();
            switch (responseCode) {
                case 200:
                    String headerField = httpURLConnection.getHeaderField("Content-Type");
                    if (this.contentTypeOut != null && !this.contentTypeOut.equals(headerField)) {
                        throw new IOException("Content-Type mismatch - expected `" + this.contentTypeOut + "', received '" + headerField + "'");
                    }
                    InputStream inputStream = httpURLConnection.getInputStream();
                    Throwable th = null;
                    try {
                        byteArrayWithMaxLength = IOUtils.toByteArrayWithMaxLength(inputStream, getMaxTimestampResponseSize());
                        if (inputStream != null) {
                            if (0 != 0) {
                                try {
                                    inputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                inputStream.close();
                            }
                        }
                        TimeStampSimpleHttpClientResponse timeStampSimpleHttpClientResponse = new TimeStampSimpleHttpClientResponse(responseCode, byteArrayWithMaxLength);
                        httpURLConnection.disconnect();
                        return timeStampSimpleHttpClientResponse;
                    } finally {
                    }
                case 301:
                case 302:
                case HttpResponseCodes.SC_SEE_OTHER /* 303 */:
                    String headerField2 = httpURLConnection.getHeaderField("Location");
                    if (headerField2 != null && z) {
                        LOG.atWarn().log("Received redirect: {} -> {}", str, headerField2);
                        TimeStampHttpClient.TimeStampHttpClientResponse handleRedirect = handleRedirect(headerField2, methodHandler, false);
                        httpURLConnection.disconnect();
                        return handleRedirect;
                    }
                    LOG.atWarn().log("Redirect ignored - giving up: {} -> {}", str, headerField2);
                    byteArrayWithMaxLength = null;
                    TimeStampSimpleHttpClientResponse timeStampSimpleHttpClientResponse2 = new TimeStampSimpleHttpClientResponse(responseCode, byteArrayWithMaxLength);
                    httpURLConnection.disconnect();
                    return timeStampSimpleHttpClientResponse2;
                default:
                    String str2 = "Error contacting TSP server " + str + ", had status code " + responseCode + "/" + httpURLConnection.getResponseMessage();
                    LOG.atError().log(str2);
                    throw new IOException(str2);
            }
        } catch (Throwable th3) {
            httpURLConnection.disconnect();
            throw th3;
        }
    }

    protected void recklessConnection(HttpURLConnection httpURLConnection) throws IOException {
        if (httpURLConnection instanceof HttpsURLConnection) {
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) httpURLConnection;
            try {
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(null, new TrustManager[]{new UnsafeTrustManager()}, RandomSingleton.getInstance());
                httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
                httpsURLConnection.setHostnameVerifier((str, sSLSession) -> {
                    return true;
                });
            } catch (GeneralSecurityException e) {
                throw new IOException("Unable to reckless wrap connection.", e);
            }
        }
    }
}
