package com.oneidentity.safeguard.safeguardjava.restclient;

import com.oneidentity.safeguard.safeguardjava.CertificateUtilities;
import com.oneidentity.safeguard.safeguardjava.IProgressCallback;
import com.oneidentity.safeguard.safeguardjava.data.CertificateContext;
import com.oneidentity.safeguard.safeguardjava.data.JsonObject;
import com.oneidentity.safeguard.safeguardjava.exceptions.SafeguardForJavaException;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.Socket;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.HttpEntity;
import org.apache.http.HttpHeaders;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.config.CookieSpecs;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.RequestBuilder;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.cookie.ClientCookie;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity;
import org.apache.http.entity.mime.HttpMultipartMode;
import org.apache.http.entity.mime.MultipartEntityBuilder;
import org.apache.http.impl.client.BasicCookieStore;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
import org.apache.http.impl.cookie.BasicClientCookie;

/* loaded from: input_file:com/oneidentity/safeguard/safeguardjava/restclient/RestClient.class */
public class RestClient {
    private CloseableHttpClient client;
    private BasicCookieStore cookieStore = new BasicCookieStore();
    private String serverUrl = null;
    private String hostDomain = null;
    private boolean ignoreSsl = false;
    private HostnameVerifier validationCallback = null;
    Logger logger = Logger.getLogger(getClass().getName());

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/oneidentity/safeguard/safeguardjava/restclient/RestClient$SafeguardExtendedX509KeyManager.class */
    public class SafeguardExtendedX509KeyManager extends X509ExtendedKeyManager {
        X509KeyManager defaultKeyManager;
        String alias;

        public SafeguardExtendedX509KeyManager(X509KeyManager x509KeyManager, String str) {
            this.defaultKeyManager = x509KeyManager;
            this.alias = str;
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
            return this.alias;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return this.alias;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return this.defaultKeyManager.getClientAliases(str, principalArr);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            return this.defaultKeyManager.getServerAliases(str, principalArr);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            return this.defaultKeyManager.chooseServerAlias(str, principalArr, socket);
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return this.defaultKeyManager.getCertificateChain(str);
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return this.defaultKeyManager.getPrivateKey(str);
        }
    }

    public RestClient(String str, boolean z, HostnameVerifier hostnameVerifier) {
        this.client = null;
        this.client = createClientBuilder(str, z, hostnameVerifier).build();
    }

    public RestClient(String str, String str2, char[] cArr, boolean z, HostnameVerifier hostnameVerifier) {
        this.client = null;
        HttpClientBuilder createClientBuilder = createClientBuilder(str, z, hostnameVerifier);
        BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
        basicCredentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(str2, new String(cArr)));
        this.client = createClientBuilder.setDefaultCredentialsProvider(basicCredentialsProvider).setDefaultRequestConfig(RequestConfig.custom().setCookieSpec(CookieSpecs.STANDARD).build()).setDefaultCookieStore(this.cookieStore).build();
    }

    private HttpClientBuilder createClientBuilder(String str, boolean z, HostnameVerifier hostnameVerifier) {
        SSLConnectionSocketFactory sSLConnectionSocketFactory;
        this.ignoreSsl = z;
        this.serverUrl = str;
        try {
            this.hostDomain = new URL(str).getHost();
        } catch (MalformedURLException e) {
            Logger.getLogger(RestClient.class.getName()).log(Level.SEVERE, "Invalid URL", (Throwable) e);
        }
        if (z) {
            this.validationCallback = null;
            sSLConnectionSocketFactory = new SSLConnectionSocketFactory(getSSLContext(null, null, null, null), NoopHostnameVerifier.INSTANCE);
        } else if (hostnameVerifier != null) {
            this.validationCallback = hostnameVerifier;
            sSLConnectionSocketFactory = new SSLConnectionSocketFactory(getSSLContext(null, null, null, null), hostnameVerifier);
        } else {
            sSLConnectionSocketFactory = new SSLConnectionSocketFactory(getSSLContext(null, null, null, null));
        }
        return HttpClients.custom().setSSLSocketFactory(sSLConnectionSocketFactory).setConnectionManager(new BasicHttpClientConnectionManager(RegistryBuilder.create().register("https", sSLConnectionSocketFactory).build()));
    }

    private URI getBaseURI(String str) {
        try {
            return new URI(this.serverUrl + "/" + str);
        } catch (URISyntaxException e) {
            Logger.getLogger(RestClient.class.getName()).log(Level.SEVERE, "Invalid URI", (Throwable) e);
            return null;
        }
    }

    public String getBaseURL() {
        return this.serverUrl;
    }

    private Map<String, String> parseKeyValue(String str) {
        HashMap hashMap = new HashMap();
        for (String str2 : str.split(";")) {
            String[] split = str2.split("=");
            if (split.length == 1) {
                hashMap.put(split[0].trim(), "");
            }
            if (split.length == 2) {
                hashMap.put(split[0].trim(), split[1].trim());
            }
        }
        return hashMap;
    }

    public void addSessionId(String str) {
        if (str == null) {
            Logger.getLogger(RestClient.class.getName()).log(Level.SEVERE, "Session cookie cannot be null");
            return;
        }
        try {
            Map<String, String> parseKeyValue = parseKeyValue(str);
            String str2 = parseKeyValue.get("session_id");
            if (str2 != null) {
                BasicClientCookie basicClientCookie = new BasicClientCookie("session_id", str2);
                String str3 = parseKeyValue.get(ClientCookie.EXPIRES_ATTR);
                if (str3 != null) {
                    basicClientCookie.setExpiryDate(new SimpleDateFormat("EEE, d MMM yyyy HH:mm:ss z").parse(str3));
                }
                String str4 = parseKeyValue.get("Path");
                if (str4 != null) {
                    basicClientCookie.setPath(str4);
                }
                if (this.hostDomain != null) {
                    basicClientCookie.setDomain(this.hostDomain);
                }
                if (parseKeyValue.get("Secure") != null) {
                    basicClientCookie.setSecure(true);
                }
                this.cookieStore.addCookie(basicClientCookie);
            }
        } catch (Exception e) {
            Logger.getLogger(RestClient.class.getName()).log(Level.SEVERE, "Failed to set session cookie.", (Throwable) e);
        }
    }

    public CloseableHttpResponse execGET(String str, Map<String, String> map, Map<String, String> map2, Integer num) {
        try {
            return this.client.execute(prepareRequest(RequestBuilder.get(getBaseURI(str)), map, map2, num).build());
        } catch (Exception e) {
            return null;
        }
    }

    public CloseableHttpResponse execGET(String str, Map<String, String> map, Map<String, String> map2, Integer num, CertificateContext certificateContext) {
        CloseableHttpClient clientWithCertificate = getClientWithCertificate(certificateContext);
        if (clientWithCertificate == null) {
            return null;
        }
        try {
            return clientWithCertificate.execute(prepareRequest(RequestBuilder.get(getBaseURI(str)), map, map2, num).build());
        } catch (Exception e) {
            return null;
        }
    }

    public CloseableHttpResponse execGETBytes(String str, Map<String, String> map, Map<String, String> map2, Integer num, IProgressCallback iProgressCallback) {
        if (map2 == null || !map2.containsKey(HttpHeaders.ACCEPT)) {
            map2 = map2 == null ? new HashMap<>() : map2;
            map2.put(HttpHeaders.ACCEPT, "application/octet-stream");
        }
        try {
            return this.client.execute(prepareRequest(RequestBuilder.get(getBaseURI(str)), map, map2, num).build());
        } catch (IOException e) {
            return null;
        }
    }

    public CloseableHttpResponse execGETBytes(String str, Map<String, String> map, Map<String, String> map2, Integer num, CertificateContext certificateContext, IProgressCallback iProgressCallback) {
        if (getClientWithCertificate(certificateContext) == null) {
            return null;
        }
        if (map2 == null || !map2.containsKey(HttpHeaders.ACCEPT)) {
            map2 = map2 == null ? new HashMap<>() : map2;
            map2.put(HttpHeaders.ACCEPT, "application/octet-stream");
        }
        try {
            return this.client.execute(prepareRequest(RequestBuilder.get(getBaseURI(str)), map, map2, num).build());
        } catch (IOException e) {
            return null;
        }
    }

    public CloseableHttpResponse execPUT(String str, Map<String, String> map, Map<String, String> map2, Integer num, JsonObject jsonObject) {
        RequestBuilder prepareRequest = prepareRequest(RequestBuilder.put(getBaseURI(str)), map, map2, num);
        try {
            String json = jsonObject.toJson();
            prepareRequest.setEntity(new StringEntity(json == null ? "{}" : json));
            return this.client.execute(prepareRequest.build());
        } catch (Exception e) {
            return null;
        }
    }

    public CloseableHttpResponse execPOST(String str, Map<String, String> map, Map<String, String> map2, Integer num, JsonObject jsonObject) {
        RequestBuilder prepareRequest = prepareRequest(RequestBuilder.post(getBaseURI(str)), map, map2, num);
        try {
            String json = jsonObject.toJson();
            prepareRequest.setEntity(new StringEntity(json == null ? "{}" : json));
            return this.client.execute(prepareRequest.build());
        } catch (Exception e) {
            return null;
        }
    }

    public CloseableHttpResponse execPOST(String str, Map<String, String> map, Map<String, String> map2, Integer num, JsonObject jsonObject, CertificateContext certificateContext) throws SafeguardForJavaException {
        CloseableHttpClient clientWithCertificate = getClientWithCertificate(certificateContext);
        if (clientWithCertificate == null) {
            return null;
        }
        RequestBuilder prepareRequest = prepareRequest(RequestBuilder.post(getBaseURI(str)), map, map2, num);
        try {
            String json = jsonObject.toJson();
            prepareRequest.setEntity(new StringEntity(json == null ? "{}" : json));
            return clientWithCertificate.execute(prepareRequest.build());
        } catch (IOException e) {
            return null;
        }
    }

    public CloseableHttpResponse execPOSTBytes(String str, Map<String, String> map, Map<String, String> map2, Integer num, byte[] bArr, IProgressCallback iProgressCallback) {
        if (map2 == null || !map2.containsKey("Content-Type")) {
            map2 = map2 == null ? new HashMap<>() : map2;
            map2.put("Content-Type", "application/octet-stream");
        }
        RequestBuilder prepareRequest = prepareRequest(RequestBuilder.post(getBaseURI(str)), map, map2, num);
        try {
            prepareRequest.setEntity(new ByteArrayEntity(bArr, iProgressCallback));
            return this.client.execute(prepareRequest.build());
        } catch (IOException e) {
            return null;
        }
    }

    public CloseableHttpResponse execPOSTBytes(String str, Map<String, String> map, Map<String, String> map2, Integer num, byte[] bArr, CertificateContext certificateContext, IProgressCallback iProgressCallback) {
        if (getClientWithCertificate(certificateContext) == null) {
            return null;
        }
        if (map2 == null || !map2.containsKey("Content-Type")) {
            map2 = map2 == null ? new HashMap<>() : map2;
            map2.put("Content-Type", "application/octet-stream");
        }
        RequestBuilder prepareRequest = prepareRequest(RequestBuilder.post(getBaseURI(str)), map, map2, num);
        try {
            prepareRequest.setEntity(new ByteArrayEntity(bArr, iProgressCallback));
            return this.client.execute(prepareRequest.build());
        } catch (IOException e) {
            return null;
        }
    }

    public CloseableHttpResponse execPOSTFile(String str, Map<String, String> map, Map<String, String> map2, Integer num, String str2) {
        File file = new File(str2);
        HttpEntity build = MultipartEntityBuilder.create().setMode(HttpMultipartMode.BROWSER_COMPATIBLE).addBinaryBody("firmware", file, ContentType.MULTIPART_FORM_DATA, file.getName()).build();
        if (map2 == null || !map2.containsKey("Content-Type")) {
            map2 = map2 == null ? new HashMap<>() : map2;
        }
        RequestBuilder prepareRequest = prepareRequest(RequestBuilder.post(getBaseURI(str)), map, map2, num);
        try {
            prepareRequest.setEntity(build);
            return this.client.execute(prepareRequest.build());
        } catch (IOException e) {
            return null;
        }
    }

    public CloseableHttpResponse execPOSTFile(String str, Map<String, String> map, Map<String, String> map2, Integer num, String str2, CertificateContext certificateContext) {
        if (getClientWithCertificate(certificateContext) == null) {
            return null;
        }
        File file = new File(str2);
        HttpEntity build = MultipartEntityBuilder.create().setMode(HttpMultipartMode.BROWSER_COMPATIBLE).addBinaryBody("firmware", file, ContentType.MULTIPART_FORM_DATA, file.getName()).build();
        if (map2 == null || !map2.containsKey("Content-Type")) {
            map2 = map2 == null ? new HashMap<>() : map2;
        }
        RequestBuilder prepareRequest = prepareRequest(RequestBuilder.post(getBaseURI(str)), map, map2, num);
        try {
            prepareRequest.setEntity(build);
            return this.client.execute(prepareRequest.build());
        } catch (IOException e) {
            return null;
        }
    }

    public CloseableHttpResponse execDELETE(String str, Map<String, String> map, Map<String, String> map2, Integer num) {
        try {
            return this.client.execute(prepareRequest(RequestBuilder.delete(getBaseURI(str)), map, map2, num).build());
        } catch (Exception e) {
            return null;
        }
    }

    private CloseableHttpClient getClientWithCertificate(CertificateContext certificateContext) {
        SSLConnectionSocketFactory sSLConnectionSocketFactory;
        CloseableHttpClient closeableHttpClient = null;
        if (certificateContext.getCertificatePath() != null || certificateContext.getCertificateData() != null || certificateContext.getCertificateThumbprint() != null) {
            KeyStore keyStore = null;
            ArrayList arrayList = null;
            char[] certificatePassword = certificateContext.getCertificatePassword();
            String certificateAlias = certificateContext.getCertificateAlias();
            try {
                if (certificateContext.isWindowsKeyStore()) {
                    keyStore = KeyStore.getInstance(CertificateUtilities.WINDOWSKEYSTORE);
                    keyStore.load(null, null);
                    new ArrayList();
                    arrayList = Collections.list(keyStore.aliases());
                } else {
                    InputStream fileInputStream = certificateContext.getCertificatePath() != null ? new FileInputStream(certificateContext.getCertificatePath()) : new ByteArrayInputStream(certificateContext.getCertificateData());
                    try {
                        keyStore = KeyStore.getInstance("JKS");
                    } catch (KeyStoreException e) {
                        Logger.getLogger(RestClient.class.getName()).log(Level.SEVERE, "Could not get instance of JDK, trying PKCS12", (Throwable) e);
                        keyStore = KeyStore.getInstance("PKCS12");
                    }
                    keyStore.load(fileInputStream, certificatePassword);
                    arrayList = Collections.list(keyStore.aliases());
                    fileInputStream.close();
                }
            } catch (FileNotFoundException e2) {
                Logger.getLogger(RestClient.class.getName()).log(Level.SEVERE, (String) null, (Throwable) e2);
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e3) {
                Logger.getLogger(RestClient.class.getName()).log(Level.SEVERE, (String) null, e3);
            }
            if (this.ignoreSsl) {
                sSLConnectionSocketFactory = new SSLConnectionSocketFactory(getSSLContext(keyStore, certificatePassword, certificateAlias == null ? (String) arrayList.get(0) : certificateAlias, certificateContext), NoopHostnameVerifier.INSTANCE);
            } else if (this.validationCallback != null) {
                sSLConnectionSocketFactory = new SSLConnectionSocketFactory(getSSLContext(keyStore, certificatePassword, certificateAlias == null ? (String) arrayList.get(0) : certificateAlias, certificateContext), this.validationCallback);
            } else {
                sSLConnectionSocketFactory = new SSLConnectionSocketFactory(getSSLContext(keyStore, certificatePassword, certificateAlias == null ? (String) arrayList.get(0) : certificateAlias, certificateContext));
            }
            closeableHttpClient = HttpClients.custom().setSSLSocketFactory(sSLConnectionSocketFactory).setConnectionManager(new BasicHttpClientConnectionManager(RegistryBuilder.create().register("https", sSLConnectionSocketFactory).build())).build();
        }
        return closeableHttpClient;
    }

    private RequestBuilder prepareRequest(RequestBuilder requestBuilder, Map<String, String> map, Map<String, String> map2, Integer num) {
        if (map2 == null || !map2.containsKey(HttpHeaders.ACCEPT)) {
            requestBuilder.addHeader(HttpHeaders.ACCEPT, "application/json");
        }
        if (map2 == null || !map2.containsKey("Content-Type")) {
            requestBuilder.addHeader("Content-Type", "application/json");
        }
        if (map2 != null) {
            map2.entrySet().forEach(entry -> {
                requestBuilder.addHeader((String) entry.getKey(), (String) entry.getValue());
            });
        }
        if (map != null) {
            map.entrySet().forEach(entry2 -> {
                requestBuilder.addParameter((String) entry2.getKey(), (String) entry2.getValue());
            });
        }
        if (num != null) {
            requestBuilder.setConfig(RequestConfig.custom().setConnectTimeout(num.intValue()).setConnectionRequestTimeout(num.intValue()).setSocketTimeout(num.intValue()).build());
        }
        return requestBuilder;
    }

    private SSLContext getSSLContext(KeyStore keyStore, char[] cArr, String str, CertificateContext certificateContext) {
        TrustManager[] trustManagerArr = null;
        KeyManager[] keyManagerArr = null;
        if (this.ignoreSsl || this.validationCallback != null) {
            trustManagerArr = new TrustManager[]{new X509TrustManager() { // from class: com.oneidentity.safeguard.safeguardjava.restclient.RestClient.1
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }
            }};
        }
        if ((keyStore != null && cArr != null && str != null) || (keyStore != null && certificateContext.isWindowsKeyStore())) {
            try {
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
                keyManagerFactory.init(keyStore, cArr);
                keyManagerArr = new KeyManager[]{new SafeguardExtendedX509KeyManager((X509KeyManager) keyManagerFactory.getKeyManagers()[0], str)};
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
                e.printStackTrace();
            }
        }
        SSLContext sSLContext = null;
        try {
            sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagerArr, trustManagerArr, new SecureRandom());
        } catch (GeneralSecurityException e2) {
        }
        return sSLContext;
    }
}
