package org.apereo.cas.shell.commands;

import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.URL;
import java.net.URLConnection;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.web.flow.CasWebflowConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.shell.core.CommandMarker;
import org.springframework.shell.core.annotation.CliCommand;
import org.springframework.shell.core.annotation.CliOption;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:BOOT-INF/classes/org/apereo/cas/shell/commands/ValidateEndpointCommand.class */
public class ValidateEndpointCommand implements CommandMarker {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) ValidateEndpointCommand.class);

    /* JADX WARN: Failed to calculate best type for var: r10v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r11v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 10, insn: 0x00b0: MOVE (r1 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r10 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:33:0x00b0 */
    /* JADX WARN: Not initialized variable reg: 11, insn: 0x00ae: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r11 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:32:0x00ae */
    /* JADX WARN: Type inference failed for: r10v0, types: [java.lang.AutoCloseable] */
    /* JADX WARN: Type inference failed for: r11v0, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r5v0, types: [org.apereo.cas.shell.commands.ValidateEndpointCommand] */
    @CliCommand(value = {"validate-endpoint"}, help = "Test connections to an endpoint to verify connectivity, SSL, etc")
    public void validateEndpoint(@CliOption(key = {"url"}, mandatory = true, help = "Endpoint URL to test", optionContext = "Endpoint URL to test", specifiedDefaultValue = "false", unspecifiedDefaultValue = "false") String str, @CliOption(key = {"proxy"}, help = "Proxy address to use when testing the endpoint url", specifiedDefaultValue = "", unspecifiedDefaultValue = "", mandatory = false, optionContext = "Proxy address to use when testing the endpoint url") String str2, @CliOption(key = {"timeout"}, help = "Timeout to use in milliseconds when testing the url", specifiedDefaultValue = "5000", unspecifiedDefaultValue = "5000", mandatory = false, optionContext = "Timeout to use in milliseconds when testing the url") int i) {
        ?? r11;
        ?? r10;
        try {
            try {
                LOGGER.info("Trying to connect to [{}]", str);
                URLConnection createConnection = createConnection(str, str2);
                LOGGER.info("Setting connection timeout to [{}]", Integer.valueOf(i));
                createConnection.setConnectTimeout(i);
                InputStreamReader inputStreamReader = new InputStreamReader(createConnection.getInputStream(), "UTF-8");
                BufferedReader bufferedReader = new BufferedReader(inputStreamReader);
                Throwable th = null;
                try {
                    try {
                        bufferedReader.readLine();
                        if (createConnection instanceof HttpURLConnection) {
                            LOGGER.info("Response status code received: [{}]", Integer.valueOf(((HttpURLConnection) createConnection).getResponseCode()));
                        }
                        LOGGER.info("Successfully connected to url [{}]", str);
                        $closeResource(null, bufferedReader);
                        $closeResource(null, inputStreamReader);
                    } catch (Throwable th2) {
                        th = th2;
                        throw th2;
                    }
                } catch (Throwable th3) {
                    $closeResource(th, bufferedReader);
                    throw th3;
                }
            } catch (Exception e) {
                LOGGER.info("Could not connect to the host address [{}]", str);
                LOGGER.info("The error is: {}", e.getMessage());
                LOGGER.info("Here are the details:");
                LOGGER.error(consolidateExceptionMessages(e));
                testBadTlsConnection(str, str2);
            }
        } catch (Throwable th4) {
            $closeResource(r11, r10);
            throw th4;
        }
    }

    private URLConnection createConnection(String str, String str2) throws Exception {
        URLConnection openConnection;
        URL url = new URL(str);
        if (StringUtils.isNotBlank(str2)) {
            URL url2 = new URL(str2);
            LOGGER.info("Using proxy address [{}]", str2);
            openConnection = url.openConnection(new Proxy(Proxy.Type.HTTP, new InetSocketAddress(url2.getHost(), url2.getPort())));
        } else {
            openConnection = url.openConnection();
        }
        return openConnection;
    }

    private String consolidateExceptionMessages(Throwable th) {
        StringBuilder sb = new StringBuilder();
        Throwable th2 = th;
        while (true) {
            Throwable th3 = th2;
            if (th3 == null) {
                return sb.toString();
            }
            sb.append("  Caused by: ").append(th3.toString()).append(System.getProperty("line.separator"));
            th2 = th3.getCause();
        }
    }

    private void testBadTlsConnection(String str, String str2) {
        try {
            URLConnection createConnection = createConnection(str, str2);
            if (!(createConnection instanceof HttpsURLConnection)) {
                LOGGER.info("Not an TLS connection.");
                return;
            }
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) createConnection;
            httpsURLConnection.setSSLSocketFactory(getTheAllTrustingSSLContext().getSocketFactory());
            InputStreamReader inputStreamReader = new InputStreamReader(httpsURLConnection.getInputStream(), "UTF-8");
            Throwable th = null;
            try {
                try {
                    tlsConnectionReport(httpsURLConnection);
                    $closeResource(null, inputStreamReader);
                } catch (Throwable th2) {
                    th = th2;
                    throw th2;
                }
            } catch (Throwable th3) {
                $closeResource(th, inputStreamReader);
                throw th3;
            }
        } catch (Exception e) {
            LOGGER.error(e.getMessage());
        }
    }

    private void tlsConnectionReport(HttpsURLConnection httpsURLConnection) {
        String str;
        X509TrustManager[] systemTrustManagers = getSystemTrustManagers();
        try {
            Certificate[] serverCertificates = httpsURLConnection.getServerCertificates();
            X509Certificate[] x509CertificateArr = (X509Certificate[]) Arrays.copyOf(serverCertificates, serverCertificates.length, X509Certificate[].class);
            LOGGER.info("Server provided certs: ");
            for (X509Certificate x509Certificate : x509CertificateArr) {
                try {
                    x509Certificate.checkValidity();
                    str = CasWebflowConstants.TRANSITION_ID_TGT_VALID;
                } catch (Exception e) {
                    str = "invalid: " + e.getMessage();
                }
                LOGGER.info("  subject: {}", x509Certificate.getSubjectDN().getName());
                LOGGER.info("  issuer: {}", x509Certificate.getIssuerDN().getName());
                LOGGER.info("  expiration: {} - {} ({})", x509Certificate.getNotBefore(), x509Certificate.getNotAfter(), str);
                LOGGER.info("  trust anchor {}", checkTrustedCertStatus(x509Certificate, systemTrustManagers));
                LOGGER.info("---");
            }
        } catch (SSLPeerUnverifiedException e2) {
            LOGGER.error(e2.getMessage(), (Throwable) e2);
            throw new RuntimeException(e2);
        }
    }

    private static X509TrustManager[] getSystemTrustManagers() {
        TrustManagerFactory trustManagerFactory = null;
        try {
            trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
        } catch (Exception e) {
            LOGGER.trace(e.getMessage(), (Throwable) e);
        }
        LOGGER.info("Detected Truststore: {}", trustManagerFactory.getProvider().getName());
        ArrayList arrayList = new ArrayList();
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if (trustManager instanceof X509TrustManager) {
                X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
                LOGGER.info("Trusted issuers found: {}", Integer.valueOf(x509TrustManager.getAcceptedIssuers().length));
                arrayList.add(x509TrustManager);
            }
        }
        return (X509TrustManager[]) arrayList.toArray(new X509TrustManager[0]);
    }

    private String checkTrustedCertStatus(X509Certificate x509Certificate, X509TrustManager[] x509TrustManagerArr) {
        for (X509TrustManager x509TrustManager : x509TrustManagerArr) {
            for (X509Certificate x509Certificate2 : x509TrustManager.getAcceptedIssuers()) {
                try {
                    x509Certificate.verify(x509Certificate2.getPublicKey());
                    return "Matches found: " + x509Certificate2.getIssuerDN().getName();
                } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException e) {
                    LOGGER.trace("{}: {}", x509Certificate2.getIssuerDN().getName(), e.getMessage());
                }
            }
        }
        return "Not matched in trust store (which is expected of the host certificate that is part of a chain)";
    }

    private SSLContext getTheAllTrustingSSLContext() {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, new TrustManager[]{new X509TrustManager() { // from class: org.apereo.cas.shell.commands.ValidateEndpointCommand.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        }}, null);
        return sSLContext;
    }

    private static /* synthetic */ void $closeResource(Throwable th, AutoCloseable autoCloseable) {
        if (th == null) {
            autoCloseable.close();
            return;
        }
        try {
            autoCloseable.close();
        } catch (Throwable th2) {
            th.addSuppressed(th2);
        }
    }
}
