package org.sonar.scanner.http;

import java.io.IOException;
import java.io.InputStream;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.StandardOpenOption;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.cert.CertificateException;
import java.time.Duration;
import java.time.format.DateTimeParseException;
import javax.annotation.Nullable;
import javax.net.ssl.X509TrustManager;
import nl.altindag.ssl.SSLFactory;
import nl.altindag.ssl.exception.GenericKeyStoreException;
import nl.altindag.ssl.util.KeyStoreUtils;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.sonar.api.notifications.AnalysisWarnings;
import org.sonar.api.utils.System2;
import org.sonar.batch.bootstrapper.EnvironmentInformation;
import org.sonar.scanner.bootstrap.GlobalAnalysisMode;
import org.sonar.scanner.bootstrap.ScannerProperties;
import org.sonar.scanner.bootstrap.SonarUserHome;
import org.sonar.scanner.http.ssl.CertificateStore;
import org.sonar.scanner.http.ssl.SslConfig;
import org.sonarqube.ws.client.HttpConnector;
import org.sonarqube.ws.client.WsClientFactories;
import org.springframework.context.annotation.Bean;

/* loaded from: input_file:org/sonar/scanner/http/ScannerWsClientProvider.class */
public class ScannerWsClientProvider {
    private static final Logger LOG = LoggerFactory.getLogger(ScannerWsClientProvider.class);
    static final int DEFAULT_CONNECT_TIMEOUT = 5;
    static final int DEFAULT_RESPONSE_TIMEOUT = 0;
    static final String READ_TIMEOUT_SEC_PROPERTY = "sonar.ws.timeout";
    public static final String TOKEN_PROPERTY = "sonar.token";
    private static final String TOKEN_ENV_VARIABLE = "SONAR_TOKEN";
    static final int DEFAULT_READ_TIMEOUT_SEC = 60;
    public static final String SONAR_SCANNER_PROXY_PORT = "sonar.scanner.proxyPort";
    public static final String SONAR_SCANNER_CONNECT_TIMEOUT = "sonar.scanner.connectTimeout";
    public static final String SONAR_SCANNER_SOCKET_TIMEOUT = "sonar.scanner.socketTimeout";
    public static final String SONAR_SCANNER_RESPONSE_TIMEOUT = "sonar.scanner.responseTimeout";
    public static final String SKIP_SYSTEM_TRUST_MATERIAL = "sonar.scanner.skipSystemTruststore";

    @Bean({"DefaultScannerWsClient"})
    public DefaultScannerWsClient provide(ScannerProperties scannerProperties, EnvironmentInformation environmentInformation, GlobalAnalysisMode globalAnalysisMode, System2 system2, AnalysisWarnings analysisWarnings, SonarUserHome sonarUserHome) {
        String str = (String) StringUtils.defaultIfBlank(scannerProperties.property("sonar.host.url"), "http://localhost:9000");
        HttpConnector.Builder acceptGzip = HttpConnector.newBuilder().acceptGzip(true);
        String str2 = (String) StringUtils.defaultIfBlank(scannerProperties.property(SONAR_SCANNER_SOCKET_TIMEOUT), (String) StringUtils.defaultIfBlank(scannerProperties.property(READ_TIMEOUT_SEC_PROPERTY), String.valueOf(DEFAULT_READ_TIMEOUT_SEC)));
        String str3 = (String) StringUtils.defaultIfBlank(scannerProperties.property(SONAR_SCANNER_CONNECT_TIMEOUT), String.valueOf(DEFAULT_CONNECT_TIMEOUT));
        String str4 = (String) StringUtils.defaultIfBlank(scannerProperties.property(SONAR_SCANNER_RESPONSE_TIMEOUT), String.valueOf(DEFAULT_RESPONSE_TIMEOUT));
        String str5 = (String) StringUtils.defaultIfBlank(scannerProperties.property("sonar.login"), (String) StringUtils.defaultIfBlank(scannerProperties.property(TOKEN_PROPERTY), (String) StringUtils.defaultIfBlank(system2.envVariable(TOKEN_ENV_VARIABLE), (CharSequence) null)));
        SSLFactory configureSsl = configureSsl(parseSslConfig(scannerProperties, sonarUserHome), system2, Boolean.parseBoolean((String) StringUtils.defaultIfBlank(scannerProperties.property(SKIP_SYSTEM_TRUST_MATERIAL), "false")));
        acceptGzip.readTimeoutMilliseconds(parseDurationProperty(str2, SONAR_SCANNER_SOCKET_TIMEOUT)).connectTimeoutMilliseconds(parseDurationProperty(str3, SONAR_SCANNER_CONNECT_TIMEOUT)).responseTimeoutMilliseconds(parseDurationProperty(str4, SONAR_SCANNER_RESPONSE_TIMEOUT)).userAgent(environmentInformation.toString()).url(str).credentials(str5, scannerProperties.property("sonar.password")).setSSLSocketFactory(configureSsl.getSslSocketFactory()).setTrustManager((X509TrustManager) configureSsl.getTrustManager().orElseThrow());
        String str6 = (String) StringUtils.defaultIfBlank(scannerProperties.property("sonar.scanner.proxyHost"), (CharSequence) null);
        if (str6 != null) {
            acceptGzip.proxy(new Proxy(Proxy.Type.HTTP, new InetSocketAddress(str6, parseIntProperty((String) StringUtils.defaultIfBlank(scannerProperties.property(SONAR_SCANNER_PROXY_PORT), str.startsWith("https") ? "443" : "80"), SONAR_SCANNER_PROXY_PORT))));
        }
        String property = scannerProperties.property("sonar.scanner.proxyUser");
        String property2 = property != null ? property : system2.properties().getProperty("http.proxyUser", "");
        if (StringUtils.isNotBlank(property2)) {
            String property3 = scannerProperties.property("sonar.scanner.proxyPassword");
            acceptGzip.proxyCredentials(property2, property3 != null ? property3 : system2.properties().getProperty("http.proxyPassword", ""));
        }
        return new DefaultScannerWsClient(WsClientFactories.getDefault().newClient(acceptGzip.build()), str5 != null, globalAnalysisMode, analysisWarnings);
    }

    private static int parseIntProperty(String str, String str2) {
        try {
            return Integer.parseInt(str);
        } catch (NumberFormatException e) {
            throw new IllegalArgumentException(str2 + " is not a valid integer: " + str, e);
        }
    }

    private static int parseDurationProperty(String str, String str2) {
        try {
            return (int) Duration.parse(str).toMillis();
        } catch (DateTimeParseException e) {
            return parseIntProperty(str, str2) * 1000;
        }
    }

    private static SslConfig parseSslConfig(ScannerProperties scannerProperties, SonarUserHome sonarUserHome) {
        String str = (String) StringUtils.defaultIfBlank(scannerProperties.property("sonar.scanner.keystorePath"), sonarUserHome.getPath().resolve("ssl/keystore.p12").toString());
        CertificateStore certificateStore = new CertificateStore(Path.of(str, new String[DEFAULT_RESPONSE_TIMEOUT]), scannerProperties.property("sonar.scanner.keystorePassword"));
        String str2 = (String) StringUtils.defaultIfBlank(scannerProperties.property("sonar.scanner.truststorePath"), sonarUserHome.getPath().resolve("ssl/truststore.p12").toString());
        return new SslConfig(certificateStore, new CertificateStore(Path.of(str2, new String[DEFAULT_RESPONSE_TIMEOUT]), scannerProperties.property("sonar.scanner.truststorePassword")));
    }

    private static SSLFactory configureSsl(SslConfig sslConfig, System2 system2, boolean z) {
        SSLFactory.Builder withDefaultTrustMaterial = SSLFactory.builder().withDefaultTrustMaterial();
        if (!z) {
            LOG.debug("Loading OS trusted SSL certificates...");
            LOG.debug("This operation might be slow or even get stuck. You can skip it by passing the scanner property '{}=true'", SKIP_SYSTEM_TRUST_MATERIAL);
            withDefaultTrustMaterial.withSystemTrustMaterial();
        }
        if (system2.properties().containsKey("javax.net.ssl.keyStore")) {
            withDefaultTrustMaterial.withSystemPropertyDerivedIdentityMaterial();
        }
        CertificateStore keyStore = sslConfig.getKeyStore();
        if (keyStore != null && Files.exists(keyStore.getPath(), new LinkOption[DEFAULT_RESPONSE_TIMEOUT])) {
            keyStore.getKeyStorePassword().ifPresentOrElse(str -> {
                withDefaultTrustMaterial.withIdentityMaterial(keyStore.getPath(), str.toCharArray(), keyStore.getKeyStoreType());
            }, () -> {
                loadIdentityMaterialWithDefaultPassword(withDefaultTrustMaterial, keyStore.getPath());
            });
        }
        CertificateStore trustStore = sslConfig.getTrustStore();
        if (trustStore != null && Files.exists(trustStore.getPath(), new LinkOption[DEFAULT_RESPONSE_TIMEOUT])) {
            try {
                KeyStore loadTrustStoreWithBouncyCastle = loadTrustStoreWithBouncyCastle(trustStore.getPath(), trustStore.getKeyStorePassword().orElse(null), trustStore.getKeyStoreType());
                LOG.debug("Loaded truststore from '{}' containing {} certificates", trustStore.getPath(), Integer.valueOf(loadTrustStoreWithBouncyCastle.size()));
                withDefaultTrustMaterial.withTrustMaterial(loadTrustStoreWithBouncyCastle);
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                throw new GenericKeyStoreException("Unable to read truststore from '" + trustStore.getPath() + "'", e);
            }
        }
        return withDefaultTrustMaterial.build();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void loadIdentityMaterialWithDefaultPassword(SSLFactory.Builder builder, Path path) {
        try {
            builder.withIdentityMaterial(KeyStoreUtils.loadKeyStore(path, CertificateStore.DEFAULT_PASSWORD.toCharArray(), CertificateStore.DEFAULT_STORE_TYPE), CertificateStore.DEFAULT_PASSWORD.toCharArray());
        } catch (GenericKeyStoreException e) {
            KeyStore loadKeyStore = KeyStoreUtils.loadKeyStore(path, CertificateStore.OLD_DEFAULT_PASSWORD.toCharArray(), CertificateStore.DEFAULT_STORE_TYPE);
            LOG.warn("Using deprecated default password for keystore '{}'.", path);
            builder.withIdentityMaterial(loadKeyStore, CertificateStore.OLD_DEFAULT_PASSWORD.toCharArray());
        }
    }

    static KeyStore loadTrustStoreWithBouncyCastle(Path path, @Nullable String str, String str2) throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException {
        KeyStore keyStore = KeyStore.getInstance(str2, (Provider) new BouncyCastleProvider());
        if (str != null) {
            loadKeyStoreWithPassword(path, keyStore, str);
        } else {
            try {
                loadKeyStoreWithPassword(path, keyStore, CertificateStore.DEFAULT_PASSWORD);
            } catch (Exception e) {
                loadKeyStoreWithPassword(path, keyStore, CertificateStore.OLD_DEFAULT_PASSWORD);
                LOG.warn("Using deprecated default password for truststore '{}'.", path);
            }
        }
        return keyStore;
    }

    private static void loadKeyStoreWithPassword(Path path, KeyStore keyStore, String str) throws IOException, NoSuchAlgorithmException, CertificateException {
        InputStream newInputStream = Files.newInputStream(path, StandardOpenOption.READ);
        try {
            keyStore.load(newInputStream, str.toCharArray());
            if (newInputStream != null) {
                newInputStream.close();
            }
        } catch (Throwable th) {
            if (newInputStream != null) {
                try {
                    newInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
