package es.gob.afirma.core.misc.http;

import es.gob.afirma.core.misc.AOUtil;
import es.gob.afirma.core.misc.Base64;
import es.gob.afirma.core.misc.Platform;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.CookieHandler;
import java.net.CookieManager;
import java.net.CookiePolicy;
import java.net.HttpURLConnection;
import java.net.InetAddress;
import java.net.Proxy;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Map;
import java.util.Properties;
import java.util.StringTokenizer;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.callback.PasswordCallback;

/* loaded from: input_file:WEB-INF/lib/afirma-core-1.7.2.jar:es/gob/afirma/core/misc/http/UrlHttpManagerImpl.class */
public class UrlHttpManagerImpl implements UrlHttpManager {
    public static final String JAVA_PARAM_DISABLE_SSL_CHECKS = "disableSslChecks";
    public static final int DEFAULT_TIMEOUT = -1;
    private static final String HTTPS = "https";
    private static final String URN_SEPARATOR = ":";
    private static final String PROT_SEPARATOR = "://";
    private static final String KEYSTORE = "javax.net.ssl.keyStore";
    private static final String KEYSTORE_PASS = "javax.net.ssl.keyStorePassword";
    private static final String KEYSTORE_TYPE = "javax.net.ssl.keyStoreType";
    private static final String KEYSTORE_DEFAULT_TYPE = "JKS";
    private static final String KEYMANAGER_INSTANCE = "SunX509";
    private static final String SSL_CONTEXT = "SSL";
    private static final TrustManager[] DUMMY_TRUST_MANAGER;
    private static final Logger LOGGER = Logger.getLogger("es.gob.afirma");
    private static final HostnameVerifier DEFAULT_HOSTNAME_VERIFIER = HttpsURLConnection.getDefaultHostnameVerifier();
    private static final SSLSocketFactory DEFAULT_SSL_SOCKET_FACTORY = HttpsURLConnection.getDefaultSSLSocketFactory();
    private static KeyStore sslKeyStore = null;
    private static PasswordCallback sslKeyStorePasswordCallback = null;

    public static void setSslKeyStore(KeyStore keyStore) {
        sslKeyStore = keyStore;
    }

    public static void setSslKeyStorePasswordCallback(PasswordCallback passwordCallback) {
        sslKeyStorePasswordCallback = passwordCallback;
    }

    @Override // es.gob.afirma.core.misc.http.UrlHttpManager
    public byte[] readUrl(String str, UrlHttpMethod urlHttpMethod) throws IOException {
        return readUrl(str, -1, null, null, urlHttpMethod);
    }

    private static boolean isLocal(URL url) {
        if (url == null) {
            throw new IllegalArgumentException("La URL no puede ser nula");
        }
        try {
            return InetAddress.getByName(url.getHost()).isLoopbackAddress();
        } catch (Exception e) {
            LOGGER.warning("Error comprobando si una URL es el bucle local: " + e);
            return false;
        }
    }

    @Override // es.gob.afirma.core.misc.http.UrlHttpManager
    public byte[] readUrl(String str, int i, String str2, String str3, UrlHttpMethod urlHttpMethod) throws IOException {
        Properties properties = new Properties();
        if (str2 != null) {
            properties.setProperty("Content-Type", str2);
        }
        if (str3 != null) {
            properties.setProperty("Accept", str3);
        }
        return readUrl(str, i, urlHttpMethod, properties);
    }

    @Override // es.gob.afirma.core.misc.http.UrlHttpManager
    public byte[] readUrl(String str, int i, UrlHttpMethod urlHttpMethod, Properties properties) throws IOException {
        String encode;
        String str2;
        if (str == null) {
            throw new IllegalArgumentException("La URL a leer no puede ser nula");
        }
        URLName uRLName = new URLName(str);
        if (uRLName.getUsername() == null && uRLName.getPassword() == null) {
            str2 = str;
            encode = null;
        } else {
            encode = Base64.encode(((uRLName.getUsername() == null || uRLName.getPassword() == null) ? uRLName.getUsername() != null ? uRLName.getUsername() : uRLName.getPassword() : uRLName.getUsername() + URN_SEPARATOR + uRLName.getPassword()).getBytes());
            str2 = uRLName.getProtocol() + PROT_SEPARATOR + uRLName.getHost() + (uRLName.getPort() != -1 ? URN_SEPARATOR + Integer.toString(uRLName.getPort()) : "") + "/" + (uRLName.getFile() != null ? uRLName.getFile() : "");
        }
        String str3 = null;
        String str4 = null;
        if (UrlHttpMethod.POST.equals(urlHttpMethod) || UrlHttpMethod.PUT.equals(urlHttpMethod)) {
            StringTokenizer stringTokenizer = new StringTokenizer(str2, "?");
            str4 = stringTokenizer.nextToken();
            if (str2.contains("?")) {
                str3 = stringTokenizer.nextToken();
            }
        }
        URL url = new URL(str4 != null ? str4 : str2);
        boolean parseBoolean = Boolean.parseBoolean(System.getProperty(JAVA_PARAM_DISABLE_SSL_CHECKS, "false"));
        if (parseBoolean && url.getProtocol().equals(HTTPS)) {
            try {
                disableSslChecks();
            } catch (Exception e) {
                LOGGER.warning("No se ha podido ajustar la confianza SSL, es posible que no se pueda completar la conexion: " + e);
            }
        }
        HttpURLConnection httpURLConnection = (Platform.OS.ANDROID.equals(Platform.getOS()) || isLocal(url)) ? (HttpURLConnection) url.openConnection(Proxy.NO_PROXY) : (HttpURLConnection) url.openConnection();
        httpURLConnection.setUseCaches(false);
        httpURLConnection.setDefaultUseCaches(false);
        httpURLConnection.setRequestMethod(urlHttpMethod.toString());
        Properties properties2 = new Properties();
        if (properties != null) {
            properties2.putAll(properties);
        }
        if (encode != null && !properties2.containsKey("Authorization")) {
            httpURLConnection.addRequestProperty("Authorization", "Basic " + encode);
        }
        if (!properties2.containsKey("Accept")) {
            httpURLConnection.addRequestProperty("Accept", "*/*");
        }
        if (!properties2.containsKey("Connection")) {
            httpURLConnection.addRequestProperty("Connection", "keep-alive");
        }
        if (!properties2.containsKey("Host")) {
            httpURLConnection.addRequestProperty("Host", url.getHost());
        }
        if (!properties2.containsKey("Origin")) {
            httpURLConnection.addRequestProperty("Origin", url.getProtocol() + PROT_SEPARATOR + url.getHost());
        }
        for (Map.Entry entry : properties2.entrySet()) {
            httpURLConnection.addRequestProperty((String) entry.getKey(), (String) entry.getValue());
        }
        if (str3 != null) {
            httpURLConnection.setRequestProperty("Content-Length", String.valueOf(str3.getBytes(StandardCharsets.UTF_8).length));
            httpURLConnection.setDoOutput(true);
            OutputStream outputStream = httpURLConnection.getOutputStream();
            Throwable th = null;
            try {
                outputStream.write(str3.getBytes(StandardCharsets.UTF_8));
                if (outputStream != null) {
                    if (0 != 0) {
                        try {
                            outputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        outputStream.close();
                    }
                }
            } catch (Throwable th3) {
                if (outputStream != null) {
                    if (0 != 0) {
                        try {
                            outputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        outputStream.close();
                    }
                }
                throw th3;
            }
        }
        httpURLConnection.connect();
        int responseCode = httpURLConnection.getResponseCode();
        String num = Integer.toString(responseCode);
        if (num.startsWith("4") || num.startsWith("5")) {
            if (url.getProtocol().equals(HTTPS)) {
                enableSslChecks();
            }
            throw new HttpError(responseCode, httpURLConnection.getResponseMessage(), AOUtil.getDataFromInputStream(httpURLConnection.getErrorStream()), str2);
        }
        InputStream inputStream = httpURLConnection.getInputStream();
        Throwable th5 = null;
        try {
            try {
                byte[] dataFromInputStream = AOUtil.getDataFromInputStream(inputStream);
                if (inputStream != null) {
                    if (0 != 0) {
                        try {
                            inputStream.close();
                        } catch (Throwable th6) {
                            th5.addSuppressed(th6);
                        }
                    } else {
                        inputStream.close();
                    }
                }
                if (parseBoolean && url.getProtocol().equals(HTTPS)) {
                    enableSslChecks();
                }
                return dataFromInputStream;
            } finally {
            }
        } catch (Throwable th7) {
            if (inputStream != null) {
                if (th5 != null) {
                    try {
                        inputStream.close();
                    } catch (Throwable th8) {
                        th5.addSuppressed(th8);
                    }
                } else {
                    inputStream.close();
                }
            }
            throw th7;
        }
    }

    public static void enableSslChecks() {
        HttpsURLConnection.setDefaultSSLSocketFactory(DEFAULT_SSL_SOCKET_FACTORY);
        HttpsURLConnection.setDefaultHostnameVerifier(DEFAULT_HOSTNAME_VERIFIER);
        LOGGER.info("Habilitadas comprobaciones SSL");
    }

    public static void setTrustManager(TrustManager[] trustManagerArr, HostnameVerifier hostnameVerifier) throws KeyManagementException, NoSuchAlgorithmException {
        KeyManager[] keyManagerArr;
        if (trustManagerArr == null || trustManagerArr.length < 1) {
            throw new IllegalArgumentException("Es necesario proporcionar al menos un TrustManager");
        }
        if (hostnameVerifier == null) {
            throw new IllegalArgumentException("Es necesario proporcionar un HostnameVerifier");
        }
        SSLContext sSLContext = SSLContext.getInstance(SSL_CONTEXT);
        try {
            keyManagerArr = getKeyManager();
        } catch (Exception e) {
            LOGGER.log(Level.SEVERE, "No ha sido posible obtener el KeyManager con el KeyStore '" + System.getProperty(KEYSTORE) + "', se usara null: " + e, (Throwable) e);
            keyManagerArr = null;
        }
        sSLContext.init(keyManagerArr, trustManagerArr, new SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
        HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
    }

    public static void disableSslChecks() throws KeyManagementException, NoSuchAlgorithmException {
        setTrustManager(DUMMY_TRUST_MANAGER, new HostnameVerifier() { // from class: es.gob.afirma.core.misc.http.UrlHttpManagerImpl.2
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                return true;
            }
        });
        LOGGER.warning("Deshabilitadas comprobaciones SSL");
    }

    private static KeyManager[] getKeyManager() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException {
        KeyStore keyStore;
        char[] charArray;
        char[] charArray2;
        if (sslKeyStore != null) {
            LOGGER.info("Se usara el almacen de claves SSL proporcionado de forma directa: " + sslKeyStore.getType());
            keyStore = sslKeyStore;
            charArray2 = sslKeyStorePasswordCallback != null ? sslKeyStorePasswordCallback.getPassword() : new char[0];
        } else {
            String property = System.getProperty(KEYSTORE);
            String property2 = System.getProperty(KEYSTORE_PASS);
            String property3 = System.getProperty(KEYSTORE_TYPE);
            if (property == null || property.isEmpty()) {
                return null;
            }
            File file = new File(property);
            if (!file.isFile() || !file.canRead()) {
                LOGGER.warning("El KeyStore SSL no existe o no es legible: " + file.getAbsolutePath());
                return null;
            }
            keyStore = KeyStore.getInstance((property3 == null || property3.isEmpty()) ? KEYSTORE_DEFAULT_TYPE : property3);
            FileInputStream fileInputStream = new FileInputStream(file);
            Throwable th = null;
            if (property2 != null) {
                try {
                    try {
                        charArray = property2.toCharArray();
                    } catch (Throwable th2) {
                        th = th2;
                        throw th2;
                    }
                } catch (Throwable th3) {
                    if (fileInputStream != null) {
                        if (th != null) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    throw th3;
                }
            } else {
                charArray = null;
            }
            keyStore.load(fileInputStream, charArray);
            if (fileInputStream != null) {
                if (0 != 0) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            charArray2 = property2 != null ? property2.toCharArray() : new char[0];
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KEYMANAGER_INSTANCE);
        keyManagerFactory.init(keyStore, charArray2);
        return keyManagerFactory.getKeyManagers();
    }

    static {
        CookieManager cookieManager = new CookieManager();
        cookieManager.setCookiePolicy(CookiePolicy.ACCEPT_ALL);
        CookieHandler.setDefault(cookieManager);
        DUMMY_TRUST_MANAGER = new TrustManager[]{new X509TrustManager() { // from class: es.gob.afirma.core.misc.http.UrlHttpManagerImpl.1
            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }
        }};
    }
}
