package net.sourceforge.plantuml.security;

import java.awt.image.BufferedImage;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.Proxy;
import java.net.URL;
import java.net.URLConnection;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.Callable;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.ThreadFactory;
import java.util.concurrent.TimeUnit;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.net.ssl.HttpsURLConnection;
import javax.swing.ImageIcon;
import net.sourceforge.plantuml.StringUtils;
import net.sourceforge.plantuml.log.Logme;
import net.sourceforge.plantuml.security.authentication.SecurityAuthentication;
import net.sourceforge.plantuml.security.authentication.SecurityCredentials;

/* loaded from: input_file:net/sourceforge/plantuml/security/SURL.class */
public class SURL {
    public static final String WITHOUT_AUTHENTICATION = "<none>";
    private final URL internal;
    private final String securityIdentifier;
    private static final Pattern PATTERN_USERINFO = Pattern.compile("(^https?://)([-_0-9a-zA-Z]+@)([^@]*)$");
    private static final ExecutorService EXE = Executors.newCachedThreadPool(new ThreadFactory() { // from class: net.sourceforge.plantuml.security.SURL.1
        @Override // java.util.concurrent.ThreadFactory
        public Thread newThread(Runnable runnable) {
            Thread newThread = Executors.defaultThreadFactory().newThread(runnable);
            newThread.setDaemon(true);
            return newThread;
        }
    });
    private static final Map<String, Long> BAD_HOSTS = new ConcurrentHashMap();

    private SURL(URL url, String str) {
        this.internal = (URL) Objects.requireNonNull(url);
        this.securityIdentifier = (String) Objects.requireNonNull(str);
    }

    public static SURL create(String str) {
        if (str == null) {
            return null;
        }
        if (!str.startsWith("http://") && !str.startsWith("https://")) {
            return null;
        }
        try {
            return create(new URL(str));
        } catch (MalformedURLException e) {
            Logme.error(e);
            return null;
        }
    }

    public static SURL create(URL url) throws MalformedURLException {
        if (url == null) {
            throw new MalformedURLException("URL cannot be null");
        }
        String userInfo = url.getUserInfo();
        return (userInfo == null || userInfo.indexOf(58) > 0) ? new SURL(url, "<none>") : SecurityUtils.existsSecurityCredentials(userInfo) ? new SURL(removeUserInfo(url), userInfo) : new SURL(url, "<none>");
    }

    public BufferedImage readRasterImageFromURL() {
        if (!isUrlOk()) {
            return null;
        }
        try {
            byte[] bytes = getBytes();
            if (bytes == null || bytes.length == 0) {
                return null;
            }
            return SecurityUtils.readRasterImage(new ImageIcon(bytes));
        } catch (Exception e) {
            Logme.error(e);
            return null;
        }
    }

    public boolean isUrlOk() {
        if (SecurityUtils.getSecurityProfile() == SecurityProfile.SANDBOX) {
            return false;
        }
        if (SecurityUtils.getSecurityProfile() == SecurityProfile.LEGACY || SecurityUtils.getSecurityProfile() == SecurityProfile.UNSECURE || isInUrlAllowList()) {
            return true;
        }
        if (SecurityUtils.getSecurityProfile() != SecurityProfile.INTERNET || forbiddenURL(cleanPath(this.internal.toString()))) {
            return false;
        }
        int port = this.internal.getPort();
        return port == 80 || port == 443 || port == -1;
    }

    static SURL createWithoutUser(URL url) throws MalformedURLException {
        return new SURL(removeUserInfo(url), "<none>");
    }

    static void resetBadHosts() {
        BAD_HOSTS.clear();
    }

    public String toString() {
        return this.internal.toString();
    }

    private boolean forbiddenURL(String str) {
        if (str.contains("@")) {
            return true;
        }
        return !(str.startsWith("https://") || str.startsWith("http://")) || str.matches("^https?://[-#.0-9:\\[\\]+]+/.*") || str.matches("^https?://[^.]+/.*") || str.matches("^https?://[^.]+$");
    }

    private boolean isInUrlAllowList() {
        String cleanPath = cleanPath(this.internal.toString());
        if (cleanPath.contains("@")) {
            return false;
        }
        Iterator<String> it = getUrlAllowList().iterator();
        while (it.hasNext()) {
            if (cleanPath.startsWith(cleanPath(it.next()))) {
                return true;
            }
        }
        return false;
    }

    private String cleanPath(String str) {
        return removeUserInfoFromUrlPath(str).trim().toLowerCase(Locale.US).replace(":80/", "").replace(":443/", "");
    }

    private List<String> getUrlAllowList() {
        String str = SecurityUtils.getenv(SecurityUtils.ALLOWLIST_URL);
        return str == null ? Collections.emptyList() : Arrays.asList(StringUtils.eventuallyRemoveStartingAndEndingDoubleQuote(str).split(";"));
    }

    public byte[] getBytes() {
        byte[] bArr;
        if (!isUrlOk()) {
            return null;
        }
        SecurityCredentials loadSecurityCredentials = SecurityUtils.loadSecurityCredentials(this.securityIdentifier);
        SecurityAuthentication create = SecurityUtils.getAuthenticationManager(loadSecurityCredentials).create(loadSecurityCredentials);
        try {
            String host = this.internal.getHost();
            Long l = BAD_HOSTS.get(host);
            if (l != null) {
                if (System.currentTimeMillis() - l.longValue() < 60000) {
                    return null;
                }
                BAD_HOSTS.remove(host);
            }
            try {
                bArr = (byte[]) EXE.submit(requestWithGetAndResponse(this.internal, loadSecurityCredentials.getProxy(), create, null)).get(SecurityUtils.getSecurityProfile().getTimeout(), TimeUnit.MILLISECONDS);
            } catch (Exception e) {
                System.err.println("issue " + host + " " + e);
            }
            if (bArr != null) {
                loadSecurityCredentials.eraseCredentials();
                create.eraseCredentials();
                return bArr;
            }
            BAD_HOSTS.put(host, Long.valueOf(System.currentTimeMillis()));
            loadSecurityCredentials.eraseCredentials();
            create.eraseCredentials();
            return null;
        } finally {
            loadSecurityCredentials.eraseCredentials();
            create.eraseCredentials();
        }
    }

    private byte[] getBytes(Proxy proxy, SecurityAuthentication securityAuthentication, Map<String, Object> map) {
        if (!isUrlOk()) {
            return null;
        }
        try {
            return (byte[]) EXE.submit(requestWithGetAndResponse(this.internal, proxy, securityAuthentication, map)).get(SecurityUtils.getSecurityProfile().getTimeout(), TimeUnit.MILLISECONDS);
        } catch (Exception e) {
            System.err.println("SURL response issue to " + this.internal.getHost() + " " + e);
            return null;
        }
    }

    public byte[] getBytesOnPost(Proxy proxy, SecurityAuthentication securityAuthentication, String str, Map<String, Object> map) {
        if (!isUrlOk()) {
            return null;
        }
        try {
            return (byte[]) EXE.submit(requestWithPostAndResponse(this.internal, proxy, securityAuthentication, str, map)).get(SecurityUtils.getSecurityProfile().getTimeout(), TimeUnit.MILLISECONDS);
        } catch (Exception e) {
            System.err.println("SURL response issue to " + this.internal.getHost() + " " + e);
            return null;
        }
    }

    private static Callable<byte[]> requestWithGetAndResponse(final URL url, final Proxy proxy, final SecurityAuthentication securityAuthentication, final Map<String, Object> map) {
        return new Callable<byte[]>() { // from class: net.sourceforge.plantuml.security.SURL.2
            private HttpURLConnection openConnection(URL url2) throws IOException {
                URLConnection openConnection = proxy == null ? url2.openConnection() : url2.openConnection(proxy);
                if (openConnection == null) {
                    return null;
                }
                HttpURLConnection httpURLConnection = (HttpURLConnection) openConnection;
                SURL.applyEndpointAccessAuthentication(httpURLConnection, securityAuthentication);
                SURL.applyAdditionalHeaders(httpURLConnection, map);
                return httpURLConnection;
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public byte[] call() throws IOException {
                HttpURLConnection openConnection = openConnection(url);
                int responseCode = openConnection.getResponseCode();
                if (responseCode == 302 || responseCode == 301) {
                    openConnection = openConnection(new URL(openConnection.getHeaderField("Location")));
                }
                return SURL.retrieveResponseAsBytes(openConnection);
            }
        };
    }

    private static Callable<byte[]> requestWithPostAndResponse(final URL url, final Proxy proxy, final SecurityAuthentication securityAuthentication, final String str, final Map<String, Object> map) {
        return new Callable<byte[]>() { // from class: net.sourceforge.plantuml.security.SURL.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public byte[] call() throws IOException {
                URLConnection openConnection = proxy == null ? url.openConnection() : url.openConnection(proxy);
                if (openConnection == null) {
                    return null;
                }
                boolean isNotEmpty = StringUtils.isNotEmpty(str);
                HttpURLConnection httpURLConnection = (HttpURLConnection) openConnection;
                httpURLConnection.setRequestMethod("POST");
                if (isNotEmpty) {
                    httpURLConnection.setDoOutput(true);
                }
                SURL.applyEndpointAccessAuthentication(httpURLConnection, securityAuthentication);
                SURL.applyAdditionalHeaders(httpURLConnection, map);
                Charset extractCharset = SURL.extractCharset(httpURLConnection.getRequestProperty("Content-Type"));
                if (isNotEmpty) {
                    SURL.sendRequestAsBytes(httpURLConnection, str.getBytes(extractCharset != null ? extractCharset : StandardCharsets.UTF_8));
                }
                return SURL.retrieveResponseAsBytes(httpURLConnection);
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Charset extractCharset(String str) {
        if (StringUtils.isEmpty(str)) {
            return null;
        }
        Matcher matcher = Pattern.compile("(?i)\\bcharset=\\s*\"?([^\\s;\"]*)").matcher(str);
        if (!matcher.find()) {
            return null;
        }
        try {
            return Charset.forName(matcher.group(1));
        } catch (Exception e) {
            Logme.error(e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static byte[] retrieveResponseAsBytes(HttpURLConnection httpURLConnection) throws IOException {
        int responseCode = httpURLConnection.getResponseCode();
        if (responseCode >= 400) {
            InputStream errorStream = httpURLConnection.getErrorStream();
            try {
                throw new IOException("HTTP error " + responseCode + " with " + new String(retrieveData(errorStream), StandardCharsets.UTF_8));
            } catch (Throwable th) {
                if (errorStream != null) {
                    try {
                        errorStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        InputStream inputStream = httpURLConnection.getInputStream();
        try {
            byte[] retrieveData = retrieveData(inputStream);
            if (inputStream != null) {
                inputStream.close();
            }
            return retrieveData;
        } catch (Throwable th3) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }

    private static byte[] retrieveData(InputStream inputStream) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[1024];
        while (true) {
            int read = inputStream.read(bArr);
            if (read <= 0) {
                byteArrayOutputStream.close();
                return byteArrayOutputStream.toByteArray();
            }
            byteArrayOutputStream.write(bArr, 0, read);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void sendRequestAsBytes(HttpURLConnection httpURLConnection, byte[] bArr) throws IOException {
        httpURLConnection.setFixedLengthStreamingMode(bArr.length);
        OutputStream outputStream = httpURLConnection.getOutputStream();
        try {
            outputStream.write(bArr);
            if (outputStream != null) {
                outputStream.close();
            }
        } catch (Throwable th) {
            if (outputStream != null) {
                try {
                    outputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public InputStream openStream() {
        byte[] bytes;
        if (!isUrlOk() || (bytes = getBytes()) == null) {
            return null;
        }
        return new ByteArrayInputStream(bytes);
    }

    public boolean isAuthorizationConfigured() {
        return !"<none>".equals(this.securityIdentifier);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void applyEndpointAccessAuthentication(URLConnection uRLConnection, SecurityAuthentication securityAuthentication) {
        if (securityAuthentication.isPublic()) {
            return;
        }
        if (!(uRLConnection instanceof HttpsURLConnection) && !SecurityUtils.isNonSSLAuthenticationAllowed()) {
            throw new IllegalStateException("The transport of authentication data over an unencrypted http connection is not allowed");
        }
        SecurityUtils.getAccessInterceptor(securityAuthentication).apply(securityAuthentication, uRLConnection);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void applyAdditionalHeaders(URLConnection uRLConnection, Map<String, Object> map) {
        if (map == null || map.isEmpty()) {
            return;
        }
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            Object value = entry.getValue();
            if (value instanceof String) {
                uRLConnection.setRequestProperty(entry.getKey(), (String) value);
            } else if (value instanceof List) {
                for (Object obj : (List) value) {
                    if (obj != null) {
                        uRLConnection.addRequestProperty(entry.getKey(), obj.toString());
                    }
                }
            }
        }
    }

    private static URL removeUserInfo(URL url) throws MalformedURLException {
        return new URL(removeUserInfoFromUrlPath(url.toExternalForm()));
    }

    private static String removeUserInfoFromUrlPath(String str) {
        Matcher matcher = PATTERN_USERINFO.matcher(str);
        return matcher.find() ? matcher.replaceFirst("$1$3") : str;
    }
}
