package io.github.microcks.util;

import io.github.microcks.domain.Secret;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.channels.Channels;
import java.nio.channels.ReadableByteChannel;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.List;
import java.util.Map;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/github/microcks/util/HTTPDownloader.class */
public class HTTPDownloader {
    private static Logger log = LoggerFactory.getLogger(HTTPDownloader.class);
    private static final String BEGIN_CERTIFICATE = "-----BEGIN CERTIFICATE-----";
    private static final String END_CERTIFICATE = "-----END CERTIFICATE-----";

    /* loaded from: input_file:io/github/microcks/util/HTTPDownloader$FileAndHeaders.class */
    public static class FileAndHeaders {
        private File localFile;
        private Map<String, List<String>> responseHeaders;

        public FileAndHeaders(File file, Map<String, List<String>> map) {
            this.localFile = file;
            this.responseHeaders = map;
        }

        public File getLocalFile() {
            return this.localFile;
        }

        public Map<String, List<String>> getResponseHeaders() {
            return this.responseHeaders;
        }
    }

    public static String getURLEtag(String str, Secret secret, boolean z) throws IOException {
        String headerField;
        HttpURLConnection prepareURLConnection = prepareURLConnection(str, secret, z);
        try {
            headerField = prepareURLConnection.getHeaderField("Etag");
        } catch (Exception e) {
            log.error("Caught an exception while retrieving Etag for " + str, e);
        }
        if (headerField != null) {
            log.debug("Found an Etag for " + str + ": " + headerField);
            return headerField;
        }
        String headerField2 = prepareURLConnection.getHeaderField("ETag");
        if (headerField2 != null) {
            log.debug("Found an ETag for " + str + ": " + headerField2);
            return headerField2;
        }
        log.debug("No Etag found for " + str + " !");
        return null;
    }

    public static File handleHTTPDownloadToFile(String str, Secret secret, boolean z) throws IOException {
        HttpURLConnection prepareURLConnection = prepareURLConnection(str, secret, z);
        File createTempFile = File.createTempFile("microcks-" + System.currentTimeMillis(), ".download");
        ReadableByteChannel readableByteChannel = null;
        FileOutputStream fileOutputStream = null;
        try {
            readableByteChannel = Channels.newChannel(prepareURLConnection.getInputStream());
            fileOutputStream = new FileOutputStream(createTempFile);
            fileOutputStream.getChannel().transferFrom(readableByteChannel, 0L, Long.MAX_VALUE);
            if (fileOutputStream != null) {
                fileOutputStream.close();
            }
            if (readableByteChannel != null) {
                readableByteChannel.close();
            }
            return createTempFile;
        } catch (Throwable th) {
            if (fileOutputStream != null) {
                fileOutputStream.close();
            }
            if (readableByteChannel != null) {
                readableByteChannel.close();
            }
            throw th;
        }
    }

    public static FileAndHeaders handleHTTPDownloadToFileAndHeaders(String str, Secret secret, boolean z) throws IOException {
        HttpURLConnection prepareURLConnection = prepareURLConnection(str, secret, z);
        File createTempFile = File.createTempFile("microcks-" + System.currentTimeMillis(), ".download");
        ReadableByteChannel readableByteChannel = null;
        FileOutputStream fileOutputStream = null;
        try {
            readableByteChannel = Channels.newChannel(prepareURLConnection.getInputStream());
            fileOutputStream = new FileOutputStream(createTempFile);
            fileOutputStream.getChannel().transferFrom(readableByteChannel, 0L, Long.MAX_VALUE);
            Map<String, List<String>> headerFields = prepareURLConnection.getHeaderFields();
            if (fileOutputStream != null) {
                fileOutputStream.close();
            }
            if (readableByteChannel != null) {
                readableByteChannel.close();
            }
            return new FileAndHeaders(createTempFile, headerFields);
        } catch (Throwable th) {
            if (fileOutputStream != null) {
                fileOutputStream.close();
            }
            if (readableByteChannel != null) {
                readableByteChannel.close();
            }
            throw th;
        }
    }

    private static HttpURLConnection prepareURLConnection(String str, Secret secret, boolean z) throws IOException {
        URL url = new URL(str);
        HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
        if ("https".equals(url.getProtocol())) {
            try {
                if (z) {
                    log.debug("SSL Validation is disabled for {}, installing accept everything TrustManager", str);
                    installAcceptEverythingTrustManager(httpURLConnection);
                } else if (secret != null) {
                    if (secret.getCaCertPem() != null) {
                        log.debug("Secret for {} contains a CA Cert, installing certificate into TrustManager", str);
                        installCustomCaCertTrustManager(secret.getCaCertPem(), httpURLConnection);
                    }
                }
            } catch (Exception e) {
                log.error("Caught exception while preparing TrustManager for connecting {}: {}", str, e.getMessage());
                throw new IOException("SSL Connection with " + str + " failed during preparation", e);
            }
        }
        if (secret != null) {
            if (secret.getUsername() != null && secret.getPassword() != null) {
                log.debug("Secret for {} contains username/password, assuming Authorization Basic", str);
                httpURLConnection.setRequestProperty("Authorization", "Basic " + Base64.getEncoder().encodeToString((secret.getUsername() + ":" + secret.getPassword()).getBytes(StandardCharsets.UTF_8)));
            }
            if (secret.getToken() != null) {
                if (secret.getTokenHeader() == null || secret.getTokenHeader().trim().length() <= 0) {
                    log.debug("Secret for {} contains token only, assuming Authorization Bearer", str);
                    httpURLConnection.setRequestProperty("Authorization", "Bearer " + secret.getToken());
                } else {
                    log.debug("Secret for {} contains token and token header, adding them as request header", str);
                    httpURLConnection.setRequestProperty(secret.getTokenHeader().trim(), secret.getToken());
                }
            }
        }
        return httpURLConnection;
    }

    private static void installAcceptEverythingTrustManager() throws Exception {
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: io.github.microcks.util.HTTPDownloader.1
            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }
        }};
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, trustManagerArr, new SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
        HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { // from class: io.github.microcks.util.HTTPDownloader.2
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                return true;
            }
        });
    }

    private static void installAcceptEverythingTrustManager(HttpURLConnection httpURLConnection) throws Exception {
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: io.github.microcks.util.HTTPDownloader.3
            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }
        }};
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, trustManagerArr, new SecureRandom());
        ((HttpsURLConnection) httpURLConnection).setSSLSocketFactory(sSLContext.getSocketFactory());
        ((HttpsURLConnection) httpURLConnection).setHostnameVerifier(new HostnameVerifier() { // from class: io.github.microcks.util.HTTPDownloader.4
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                return true;
            }
        });
    }

    private static void installCustomCaCertTrustManager(String str) throws Exception {
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(org.apache.commons.codec.binary.Base64.decodeBase64(str.replaceAll(BEGIN_CERTIFICATE, "").replaceAll(END_CERTIFICATE, ""))));
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        keyStore.setCertificateEntry("caCert", x509Certificate);
        trustManagerFactory.init(keyStore);
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
        HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
    }

    private static void installCustomCaCertTrustManager(String str, HttpURLConnection httpURLConnection) throws Exception {
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(org.apache.commons.codec.binary.Base64.decodeBase64(str.replaceAll(BEGIN_CERTIFICATE, "").replaceAll(END_CERTIFICATE, ""))));
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        keyStore.setCertificateEntry("caCert", x509Certificate);
        trustManagerFactory.init(keyStore);
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
        ((HttpsURLConnection) httpURLConnection).setSSLSocketFactory(sSLContext.getSocketFactory());
    }
}
