package com.tc.util.io;

import com.tc.exception.TCRuntimeException;
import com.tc.logging.TCLogger;
import com.tc.logging.TCLogging;
import com.tc.net.core.SecurityInfo;
import com.tc.security.PwProvider;
import com.tc.security.TCAuthenticationException;
import com.tc.security.TCAuthorizationException;
import com.tc.util.Assert;
import com.tc.util.concurrent.ThreadUtil;
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLConnection;
import java.net.URLEncoder;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import sun.misc.BASE64Encoder;

/* loaded from: input_file:com/tc/util/io/ServerURL.class */
public class ServerURL {
    private static final TCLogger logger = TCLogging.getLogger((Class<?>) ServerURL.class);
    private static final boolean DISABLE_HOSTNAME_VERIFIER = Boolean.getBoolean("tc.ssl.disableHostnameVerifier");
    private static final boolean TRUST_ALL_CERTS = Boolean.getBoolean("tc.ssl.trustAllCerts");
    private final URL theURL;
    private final int timeout;
    private final SecurityInfo securityInfo;

    public ServerURL(String str, int i, String str2, SecurityInfo securityInfo) throws MalformedURLException {
        this(str, i, str2, -1, securityInfo);
    }

    public ServerURL(String str, int i, String str2, int i2, SecurityInfo securityInfo) throws MalformedURLException {
        this.timeout = i2;
        this.securityInfo = securityInfo;
        this.theURL = new URL(securityInfo.isSecure() ? "https" : "http", str, i, str2);
    }

    public InputStream openStream() throws IOException {
        return openStream(null);
    }

    public String getHeaderField(String str, PwProvider pwProvider, boolean z) throws IOException {
        for (int i = 0; i < 3; i++) {
            URLConnection createSecureConnection = createSecureConnection(pwProvider);
            createSecureConnection.connect();
            switch (((HttpURLConnection) createSecureConnection).getResponseCode()) {
                case 401:
                    throw new TCAuthenticationException("Authentication error connecting to " + createSecureConnection.getURL() + " - invalid credentials (tried user " + this.securityInfo.getUsername() + ")");
                case 403:
                    throw new TCAuthorizationException("Authorization error connecting to " + createSecureConnection.getURL() + " - does the user '" + this.securityInfo.getUsername() + "' have the required roles?");
                default:
                    String headerField = createSecureConnection.getHeaderField(str);
                    if (headerField != null || !z) {
                        return headerField;
                    }
                    logger.info("Retrying connection since header field was null");
                    ThreadUtil.reallySleep(50L);
                    break;
            }
        }
        throw new RuntimeException("Cannot retrieve " + str + " header from server url: " + this.theURL);
    }

    public InputStream openStream(PwProvider pwProvider) throws IOException {
        URLConnection createSecureConnection = createSecureConnection(pwProvider);
        try {
            return createSecureConnection.getInputStream();
        } catch (IOException e) {
            if (createSecureConnection instanceof HttpURLConnection) {
                switch (((HttpURLConnection) createSecureConnection).getResponseCode()) {
                    case 401:
                        throw new TCAuthenticationException("Authentication error connecting to " + createSecureConnection.getURL() + " - invalid credentials (tried user " + this.securityInfo.getUsername() + ")", e);
                    case 403:
                        throw new TCAuthorizationException("Authorization error connecting to " + createSecureConnection.getURL() + " - does the user '" + this.securityInfo.getUsername() + "' have the required roles?", e);
                }
            }
            throw e;
        }
    }

    private URLConnection createSecureConnection(PwProvider pwProvider) {
        if (this.securityInfo.isSecure()) {
            Assert.assertNotNull("Secured URL '" + this.theURL + "', yet PwProvider instance", pwProvider);
        }
        try {
            URLConnection openConnection = this.theURL.openConnection();
            if (this.securityInfo.isSecure()) {
                if (this.securityInfo.getUsername() != null) {
                    String str = "tc://" + URLEncoder.encode(this.securityInfo.getUsername(), "UTF-8").replace("+", "%20") + "@" + this.theURL.getHost() + ":" + this.theURL.getPort();
                    try {
                        char[] passwordFor = pwProvider.getPasswordFor(new URI(str));
                        Assert.assertNotNull("No password for " + this.theURL + " found!", passwordFor);
                        openConnection.addRequestProperty("Authorization", "Basic " + new BASE64Encoder().encode((this.securityInfo.getUsername() + ":" + new String(passwordFor)).getBytes()));
                    } catch (URISyntaxException e) {
                        throw new TCRuntimeException("Couldn't create URI to connect to " + str, e);
                    }
                }
                if (DISABLE_HOSTNAME_VERIFIER || TRUST_ALL_CERTS) {
                    tweakSecureConnectionSettings(openConnection);
                }
            }
            if (this.timeout > -1) {
                openConnection.setConnectTimeout(this.timeout);
                openConnection.setReadTimeout(this.timeout);
            }
            return openConnection;
        } catch (IOException e2) {
            throw new IllegalStateException(e2);
        }
    }

    public String toString() {
        return this.theURL.toString();
    }

    public String getUsername() {
        if (this.securityInfo.isSecure()) {
            return this.securityInfo.getUsername();
        }
        return null;
    }

    private static void tweakSecureConnectionSettings(URLConnection uRLConnection) {
        try {
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) uRLConnection;
            if (DISABLE_HOSTNAME_VERIFIER) {
                httpsURLConnection.setHostnameVerifier(new HostnameVerifier() { // from class: com.tc.util.io.ServerURL.1
                    @Override // javax.net.ssl.HostnameVerifier
                    public boolean verify(String str, SSLSession sSLSession) {
                        return true;
                    }
                });
            }
            TrustManager[] trustManagerArr = null;
            if (TRUST_ALL_CERTS) {
                trustManagerArr = new TrustManager[]{new X509TrustManager() { // from class: com.tc.util.io.ServerURL.2
                    @Override // javax.net.ssl.X509TrustManager
                    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public X509Certificate[] getAcceptedIssuers() {
                        return null;
                    }
                }};
            }
            try {
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(null, trustManagerArr, null);
                httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
            } catch (Exception e) {
                throw new RuntimeException("unable to create SSL connection from " + uRLConnection.getURL(), e);
            }
        } catch (ClassCastException e2) {
            throw new IllegalStateException("Unable to cast " + uRLConnection + " to javax.net.ssl.HttpsURLConnection. Options tc.ssl.trustAllCerts and tc.ssl.disableHostnameVerifier are causing this issue.", e2);
        }
    }
}
