package eu.europa.esig.dss.client.http.commons;

import eu.europa.esig.dss.DSSException;
import eu.europa.esig.dss.DSSUtils;
import eu.europa.esig.dss.client.http.DataLoader;
import eu.europa.esig.dss.client.http.Protocol;
import eu.europa.esig.dss.client.http.proxy.ProxyPreferenceManager;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.InitialDirContext;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.http.HttpEntity;
import org.apache.http.HttpException;
import org.apache.http.HttpHost;
import org.apache.http.HttpRequest;
import org.apache.http.HttpResponse;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.HttpClientConnectionManager;
import org.apache.http.conn.routing.HttpRoute;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.entity.BufferedHttpEntity;
import org.apache.http.entity.InputStreamEntity;
import org.apache.http.impl.auth.BasicScheme;
import org.apache.http.impl.client.BasicAuthCache;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.DefaultProxyRoutePlanner;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.protocol.HttpContext;
import org.apache.http.util.EntityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/client/http/commons/CommonsDataLoader.class */
public class CommonsDataLoader implements DataLoader, DSSNotifier {
    private static final Logger LOG = LoggerFactory.getLogger(CommonsDataLoader.class);
    public static final int TIMEOUT_CONNECTION = 6000;
    public static final int TIMEOUT_SOCKET = 6000;
    public static final int CONNECTIONS_MAX_TOTAL = 20;
    public static final int CONNECTIONS_MAX_PER_ROUTE = 2;
    public static final String CONTENT_TYPE = "Content-Type";
    protected String contentType;
    private ProxyPreferenceManager proxyPreferenceManager;
    private int timeoutConnection;
    private int timeoutSocket;
    private int connectionsMaxTotal;
    private int connectionsMaxPerRoute;
    private boolean redirectsEnabled;
    private final Map<HttpHost, UsernamePasswordCredentials> authenticationMap;
    private boolean updated;
    private String sslKeystorePath;
    private String sslKeystoreType;
    private String sslKeystorePassword;
    private String sslTruststorePath;
    private String sslTruststoreType;
    private String sslTruststorePassword;

    public CommonsDataLoader() {
        this(null);
    }

    public CommonsDataLoader(String str) {
        this.timeoutConnection = 6000;
        this.timeoutSocket = 6000;
        this.connectionsMaxTotal = 20;
        this.connectionsMaxPerRoute = 2;
        this.redirectsEnabled = true;
        this.authenticationMap = new HashMap();
        this.sslKeystoreType = KeyStore.getDefaultType();
        this.sslKeystorePassword = "";
        this.sslTruststoreType = KeyStore.getDefaultType();
        this.sslTruststorePassword = "";
        this.contentType = str;
    }

    private HttpClientConnectionManager getConnectionManager() throws DSSException {
        PoolingHttpClientConnectionManager poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager(setConnectionManagerSchemeHttps(setConnectionManagerSchemeHttp(RegistryBuilder.create())).build());
        poolingHttpClientConnectionManager.setMaxTotal(getConnectionsMaxTotal());
        poolingHttpClientConnectionManager.setDefaultMaxPerRoute(getConnectionsMaxPerRoute());
        LOG.debug("PoolingHttpClientConnectionManager: max total: " + poolingHttpClientConnectionManager.getMaxTotal());
        LOG.debug("PoolingHttpClientConnectionManager: max per route: " + poolingHttpClientConnectionManager.getDefaultMaxPerRoute());
        return poolingHttpClientConnectionManager;
    }

    private RegistryBuilder<ConnectionSocketFactory> setConnectionManagerSchemeHttp(RegistryBuilder<ConnectionSocketFactory> registryBuilder) {
        return registryBuilder.register("http", PlainConnectionSocketFactory.getSocketFactory());
    }

    private RegistryBuilder<ConnectionSocketFactory> setConnectionManagerSchemeHttps(RegistryBuilder<ConnectionSocketFactory> registryBuilder) throws DSSException {
        X509TrustManager defaultTrustManager;
        KeyManager[] keyManagerArr;
        FileInputStream fileInputStream = null;
        FileInputStream fileInputStream2 = null;
        try {
            try {
                if (StringUtils.isEmpty(this.sslTruststorePath)) {
                    LOG.debug("Accept all sources");
                    defaultTrustManager = new AcceptAllTrustManager();
                } else {
                    LOG.debug("Accept sources from the truststore");
                    fileInputStream2 = new FileInputStream(new File(this.sslTruststorePath));
                    defaultTrustManager = new DefaultTrustManager(fileInputStream2, this.sslTruststoreType, this.sslTruststorePassword);
                }
                if (StringUtils.isEmpty(this.sslKeystorePath)) {
                    LOG.debug("Use default SSL configuration");
                    keyManagerArr = new KeyManager[0];
                } else {
                    LOG.debug("Use provided info for SSL");
                    fileInputStream = new FileInputStream(new File(this.sslKeystorePath));
                    keyManagerArr = new KeyManager[]{new DefaultKeyManager(fileInputStream, this.sslKeystoreType, this.sslKeystorePassword)};
                }
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(keyManagerArr, new TrustManager[]{defaultTrustManager}, new SecureRandom());
                RegistryBuilder<ConnectionSocketFactory> register = registryBuilder.register("https", new SSLConnectionSocketFactory(sSLContext));
                IOUtils.closeQuietly(fileInputStream);
                IOUtils.closeQuietly(fileInputStream2);
                return register;
            } catch (Exception e) {
                throw new DSSException(e);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(fileInputStream);
            IOUtils.closeQuietly(fileInputStream2);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public synchronized CloseableHttpClient getHttpClient(String str) throws DSSException {
        if (LOG.isTraceEnabled() && this.updated) {
            LOG.trace(">>> Proxy preferences updated");
        }
        HttpClientBuilder configCredentials = configCredentials(HttpClients.custom(), str);
        RequestConfig.Builder custom = RequestConfig.custom();
        custom.setSocketTimeout(this.timeoutSocket);
        custom.setConnectTimeout(this.timeoutConnection);
        custom.setRedirectsEnabled(this.redirectsEnabled);
        HttpClientBuilder defaultRequestConfig = configCredentials.setDefaultRequestConfig(custom.build());
        defaultRequestConfig.setConnectionManager(getConnectionManager());
        return defaultRequestConfig.build();
    }

    private HttpClientBuilder configCredentials(HttpClientBuilder httpClientBuilder, String str) throws DSSException {
        BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
        for (Map.Entry<HttpHost, UsernamePasswordCredentials> entry : this.authenticationMap.entrySet()) {
            HttpHost key = entry.getKey();
            basicCredentialsProvider.setCredentials(new AuthScope(key.getHostName(), key.getPort()), entry.getValue());
        }
        return configureProxy(httpClientBuilder.setDefaultCredentialsProvider(basicCredentialsProvider), basicCredentialsProvider, str);
    }

    private HttpClientBuilder configureProxy(HttpClientBuilder httpClientBuilder, CredentialsProvider credentialsProvider, String str) throws DSSException {
        if (this.proxyPreferenceManager == null) {
            return httpClientBuilder;
        }
        try {
            String protocol = new URL(str).getProtocol();
            boolean z = Protocol.isHttps(protocol) && this.proxyPreferenceManager.isHttpsEnabled();
            boolean z2 = Protocol.isHttp(protocol) && this.proxyPreferenceManager.isHttpEnabled();
            if (!z && !z2) {
                return httpClientBuilder;
            }
            String str2 = null;
            int i = 0;
            String str3 = null;
            String str4 = null;
            String str5 = null;
            if (z) {
                LOG.debug("Use proxy https parameters");
                Long httpsPort = this.proxyPreferenceManager.getHttpsPort();
                i = httpsPort != null ? httpsPort.intValue() : 0;
                str2 = this.proxyPreferenceManager.getHttpsHost();
                str3 = this.proxyPreferenceManager.getHttpsUser();
                str4 = this.proxyPreferenceManager.getHttpsPassword();
                str5 = this.proxyPreferenceManager.getHttpsExcludedHosts();
            } else if (z2) {
                LOG.debug("Use proxy http parameters");
                Long httpPort = this.proxyPreferenceManager.getHttpPort();
                i = httpPort != null ? httpPort.intValue() : 0;
                str2 = this.proxyPreferenceManager.getHttpHost();
                str3 = this.proxyPreferenceManager.getHttpUser();
                str4 = this.proxyPreferenceManager.getHttpPassword();
                str5 = this.proxyPreferenceManager.getHttpExcludedHosts();
            }
            if (StringUtils.isNotEmpty(str3) && StringUtils.isNotEmpty(str4)) {
                credentialsProvider.setCredentials(new AuthScope(str2, i), new UsernamePasswordCredentials(str3, str4));
            }
            LOG.debug("proxy host/port: " + str2 + ":" + i);
            HttpHost httpHost = new HttpHost(str2, i, Protocol.HTTP.getName());
            if (StringUtils.isNotEmpty(str5)) {
                final String[] split = str5.split("[,; ]");
                httpClientBuilder.setRoutePlanner(new DefaultProxyRoutePlanner(httpHost) { // from class: eu.europa.esig.dss.client.http.commons.CommonsDataLoader.1
                    public HttpRoute determineRoute(HttpHost httpHost2, HttpRequest httpRequest, HttpContext httpContext) throws HttpException {
                        String hostName = httpHost2 != null ? httpHost2.getHostName() : null;
                        if (split != null && hostName != null) {
                            for (String str6 : split) {
                                if (hostName.equalsIgnoreCase(str6)) {
                                    return new HttpRoute(httpHost2);
                                }
                            }
                        }
                        return super.determineRoute(httpHost2, httpRequest, httpContext);
                    }
                });
            }
            HttpClientBuilder proxy = httpClientBuilder.setProxy(httpHost);
            this.updated = false;
            return proxy;
        } catch (MalformedURLException e) {
            throw new DSSException(e);
        }
    }

    public byte[] get(String str) {
        if (Protocol.isFileUrl(str)) {
            return fileGet(str);
        }
        if (Protocol.isHttpUrl(str)) {
            return httpGet(str);
        }
        if (Protocol.isFtpUrl(str)) {
            return ftpGet(str);
        }
        if (Protocol.isLdapUrl(str)) {
            return ldapGet(str);
        }
        LOG.warn("DSS framework only supports HTTP, HTTPS, FTP and LDAP CRL's urlString.");
        return httpGet(str);
    }

    public DataLoader.DataAndUrl get(List<String> list) {
        byte[] bArr;
        int size = list.size();
        int i = 0;
        for (String str : list) {
            try {
                i++;
                bArr = get(str);
            } catch (Exception e) {
                if (i == size) {
                    if (e instanceof DSSException) {
                        throw e;
                    }
                    throw new DSSException(e);
                }
                LOG.warn("Impossible to obtain data using {}", str, e);
            }
            if (bArr != null) {
                return new DataLoader.DataAndUrl(bArr, str);
            }
        }
        return null;
    }

    public byte[] get(String str, boolean z) {
        return get(str);
    }

    private byte[] fileGet(String str) {
        try {
            return DSSUtils.toByteArray(new URL(str).openStream());
        } catch (IOException e) {
            LOG.warn(e.getMessage(), e);
            return null;
        }
    }

    private byte[] ldapGet(String str) {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", str);
        try {
            StringTokenizer stringTokenizer = new StringTokenizer(StringUtils.substringAfter(str, "?"), "?");
            String nextToken = stringTokenizer.hasMoreTokens() ? stringTokenizer.nextToken() : null;
            if (StringUtils.isEmpty(nextToken)) {
                nextToken = "certificateRevocationList;binary";
            }
            Attributes attributes = new InitialDirContext(hashtable).getAttributes("", new String[]{nextToken});
            if (attributes == null || attributes.size() < 1) {
                LOG.warn("Cannot download CRL from: " + str + ", no attributes with name: " + nextToken + " returned");
                return null;
            }
            byte[] bArr = (byte[]) ((Attribute) attributes.getAll().next()).get();
            if (ArrayUtils.isNotEmpty(bArr)) {
                return bArr;
            }
            return null;
        } catch (Exception e) {
            LOG.warn(e.getMessage(), e);
            return null;
        }
    }

    protected byte[] ftpGet(String str) {
        InputStream inputStream = null;
        try {
            try {
                inputStream = new URL(str).openStream();
                byte[] byteArray = DSSUtils.toByteArray(inputStream);
                IOUtils.closeQuietly(inputStream);
                return byteArray;
            } catch (Exception e) {
                LOG.warn(e.getMessage());
                IOUtils.closeQuietly(inputStream);
                return null;
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(inputStream);
            throw th;
        }
    }

    protected byte[] httpGet(String str) {
        HttpGet httpGet = null;
        HttpResponse httpResponse = null;
        CloseableHttpClient closeableHttpClient = null;
        try {
            try {
                httpGet = new HttpGet(new URI(str.trim()));
                if (this.contentType != null) {
                    httpGet.setHeader(CONTENT_TYPE, this.contentType);
                }
                closeableHttpClient = getHttpClient(str);
                httpResponse = getHttpResponse(closeableHttpClient, httpGet, str);
                byte[] readHttpResponse = readHttpResponse(str, httpResponse);
                if (httpGet != null) {
                    try {
                        httpGet.releaseConnection();
                    } finally {
                        closeClient(closeableHttpClient);
                    }
                }
                if (httpResponse != null) {
                    EntityUtils.consumeQuietly(httpResponse.getEntity());
                }
                return readHttpResponse;
            } catch (URISyntaxException e) {
                throw new DSSException(e);
            }
        } catch (Throwable th) {
            if (httpGet != null) {
                try {
                    httpGet.releaseConnection();
                } finally {
                    closeClient(closeableHttpClient);
                }
            }
            if (httpResponse != null) {
                EntityUtils.consumeQuietly(httpResponse.getEntity());
            }
            throw th;
        }
    }

    public byte[] post(String str, byte[] bArr) throws DSSException {
        LOG.debug("Fetching data via POST from url " + str);
        HttpPost httpPost = null;
        HttpResponse httpResponse = null;
        CloseableHttpClient closeableHttpClient = null;
        try {
            try {
                httpPost = new HttpPost(URI.create(str.trim()));
                httpPost.setEntity(new BufferedHttpEntity(new InputStreamEntity(new ByteArrayInputStream(bArr), bArr.length)));
                if (this.contentType != null) {
                    httpPost.setHeader(CONTENT_TYPE, this.contentType);
                }
                closeableHttpClient = getHttpClient(str);
                httpResponse = getHttpResponse(closeableHttpClient, httpPost, str);
                byte[] readHttpResponse = readHttpResponse(str, httpResponse);
                if (httpPost != null) {
                    try {
                        httpPost.releaseConnection();
                    } finally {
                        closeClient(closeableHttpClient);
                    }
                }
                if (httpResponse != null) {
                    EntityUtils.consumeQuietly(httpResponse.getEntity());
                }
                return readHttpResponse;
            } catch (Throwable th) {
                if (httpPost != null) {
                    try {
                        httpPost.releaseConnection();
                    } finally {
                        closeClient(closeableHttpClient);
                    }
                }
                if (httpResponse != null) {
                    EntityUtils.consumeQuietly(httpResponse.getEntity());
                }
                throw th;
            }
        } catch (IOException e) {
            throw new DSSException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void closeClient(CloseableHttpClient closeableHttpClient) {
        if (closeableHttpClient != null) {
            try {
                try {
                    closeableHttpClient.close();
                } catch (Exception e) {
                    LOG.warn("Cound not close client", e);
                }
            } catch (Throwable th) {
                throw th;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HttpResponse getHttpResponse(CloseableHttpClient closeableHttpClient, HttpUriRequest httpUriRequest, String str) throws DSSException {
        HttpHost httpHost = new HttpHost(httpUriRequest.getURI().getHost(), httpUriRequest.getURI().getPort(), httpUriRequest.getURI().getScheme());
        BasicAuthCache basicAuthCache = new BasicAuthCache();
        basicAuthCache.put(httpHost, new BasicScheme());
        HttpClientContext create = HttpClientContext.create();
        create.setAuthCache(basicAuthCache);
        try {
            return closeableHttpClient.execute(httpHost, httpUriRequest, create);
        } catch (IOException e) {
            throw new DSSException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] readHttpResponse(String str, HttpResponse httpResponse) throws DSSException {
        int statusCode = httpResponse.getStatusLine().getStatusCode();
        if (LOG.isDebugEnabled()) {
            LOG.debug(str + " status code is " + statusCode + " - " + (statusCode == 200 ? "OK" : "NOK"));
        }
        if (statusCode != 200) {
            LOG.warn("No content available via url: " + str);
            return null;
        }
        HttpEntity entity = httpResponse.getEntity();
        if (entity != null) {
            return getContent(entity);
        }
        LOG.warn("No message entity for this response - will use nothing: " + str);
        return null;
    }

    protected byte[] getContent(HttpEntity httpEntity) throws DSSException {
        InputStream inputStream = null;
        try {
            try {
                inputStream = httpEntity.getContent();
                byte[] byteArray = DSSUtils.toByteArray(inputStream);
                IOUtils.closeQuietly(inputStream);
                return byteArray;
            } catch (IOException e) {
                throw new DSSException(e);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(inputStream);
            throw th;
        }
    }

    public int getTimeoutConnection() {
        return this.timeoutConnection;
    }

    public void setTimeoutConnection(int i) {
        this.timeoutConnection = i;
    }

    public int getTimeoutSocket() {
        return this.timeoutSocket;
    }

    public void setTimeoutSocket(int i) {
        this.timeoutSocket = i;
    }

    public int getConnectionsMaxTotal() {
        return this.connectionsMaxTotal;
    }

    public void setConnectionsMaxTotal(int i) {
        this.connectionsMaxTotal = i;
    }

    public int getConnectionsMaxPerRoute() {
        return this.connectionsMaxPerRoute;
    }

    public void setConnectionsMaxPerRoute(int i) {
        this.connectionsMaxPerRoute = i;
    }

    public boolean isRedirectsEnabled() {
        return this.redirectsEnabled;
    }

    public void setRedirectsEnabled(boolean z) {
        this.redirectsEnabled = z;
    }

    public String getContentType() {
        return this.contentType;
    }

    public void setContentType(String str) {
        this.contentType = str;
    }

    public ProxyPreferenceManager getProxyPreferenceManager() {
        return this.proxyPreferenceManager;
    }

    public void setProxyPreferenceManager(ProxyPreferenceManager proxyPreferenceManager) {
        this.proxyPreferenceManager = proxyPreferenceManager;
        if (proxyPreferenceManager != null) {
            proxyPreferenceManager.addNotifier(this);
            if (LOG.isTraceEnabled()) {
                LOG.trace(">>> SET: " + proxyPreferenceManager);
            }
        }
    }

    public void setSslKeystorePath(String str) {
        this.sslKeystorePath = str;
    }

    public void setSslKeystoreType(String str) {
        this.sslKeystoreType = str;
    }

    public void setSslKeystorePassword(String str) {
        this.sslKeystorePassword = str;
    }

    public void setSslTruststorePath(String str) {
        this.sslTruststorePath = str;
    }

    public void setSslTruststorePassword(String str) {
        this.sslTruststorePassword = str;
    }

    public void setSslTruststoreType(String str) {
        this.sslTruststoreType = str;
    }

    public CommonsDataLoader addAuthentication(String str, int i, String str2, String str3, String str4) {
        this.authenticationMap.put(new HttpHost(str, i, str2), new UsernamePasswordCredentials(str3, str4));
        return this;
    }

    public void propagateAuthentication(CommonsDataLoader commonsDataLoader) {
        for (Map.Entry<HttpHost, UsernamePasswordCredentials> entry : this.authenticationMap.entrySet()) {
            HttpHost key = entry.getKey();
            UsernamePasswordCredentials value = entry.getValue();
            commonsDataLoader.addAuthentication(key.getHostName(), key.getPort(), key.getSchemeName(), value.getUserName(), value.getPassword());
        }
    }

    @Override // eu.europa.esig.dss.client.http.commons.DSSNotifier
    public void update() {
        this.updated = true;
    }
}
