package org.gpel.client.http.apache_http_client;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.URI;
import java.net.UnknownHostException;
import java.security.InvalidKeyException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.HostConfiguration;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpConnection;
import org.apache.commons.httpclient.HttpMethod;
import org.apache.commons.httpclient.SimpleHttpConnectionManager;
import org.apache.commons.httpclient.UsernamePasswordCredentials;
import org.apache.commons.httpclient.auth.AuthScope;
import org.apache.commons.httpclient.methods.EntityEnclosingMethod;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.methods.InputStreamRequestEntity;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.methods.PutMethod;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import org.apache.commons.httpclient.protocol.ControllerThreadSocketFactory;
import org.apache.commons.httpclient.protocol.Protocol;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
import org.gpel.GpelConstants;
import org.gpel.GpelVersion;
import org.gpel.client.GcException;
import org.gpel.client.GcResourceNotFoundException;
import org.gpel.client.GcUtil;
import org.gpel.client.GcWebResourceType;
import org.gpel.client.GpelUserCredentials;
import org.gpel.client.http.GcHttpException;
import org.gpel.client.http.GcHttpRequest;
import org.gpel.client.http.GcHttpResponse;
import org.gpel.client.http.GcHttpTransport;
import org.gpel.client.security.GpelUserX509Credential;
import org.gpel.logger.GLogger;
import org.xmlpull.infoset.XmlElement;
import org.xmlpull.infoset.XmlInfosetBuilder;

/* loaded from: input_file:org/gpel/client/http/apache_http_client/Transport.class */
public class Transport implements GcHttpTransport {
    private static final XmlInfosetBuilder builder = GpelConstants.BUILDER;
    private static final GLogger logger = GLogger.getLogger();
    private HttpClient secureClient;
    private HttpClient unsecureClient;
    private GpelUserCredentials userCredentials;
    private GpelUserX509Credential x509credentials;

    /* loaded from: input_file:org/gpel/client/http/apache_http_client/Transport$LimitedTrustSSLProtocolSocketFactory.class */
    private static class LimitedTrustSSLProtocolSocketFactory implements SecureProtocolSocketFactory {
        private SSLContext sslcontext = SSLContext.getInstance("TLS");

        public LimitedTrustSSLProtocolSocketFactory(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr) throws KeyManagementException, NoSuchAlgorithmException {
            this.sslcontext.init(keyManagerArr, trustManagerArr, null);
        }

        private SSLContext getSSLContext() {
            return this.sslcontext;
        }

        public Socket createSocket(String str, int i, InetAddress inetAddress, int i2, HttpConnectionParams httpConnectionParams) throws IOException, UnknownHostException, ConnectTimeoutException {
            if (httpConnectionParams == null) {
                throw new IllegalArgumentException("Parameters may not be null");
            }
            int connectionTimeout = httpConnectionParams.getConnectionTimeout();
            return connectionTimeout == 0 ? createSocket(str, i, inetAddress, i2) : ControllerThreadSocketFactory.createSocket(this, str, i, inetAddress, i2, connectionTimeout);
        }

        public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException, UnknownHostException {
            return (SSLSocket) getSSLContext().getSocketFactory().createSocket(str, i, inetAddress, i2);
        }

        public Socket createSocket(String str, int i) throws IOException, UnknownHostException {
            return getSSLContext().getSocketFactory().createSocket(str, i);
        }

        public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException, UnknownHostException {
            return getSSLContext().getSocketFactory().createSocket(socket, str, i, z);
        }
    }

    /* loaded from: input_file:org/gpel/client/http/apache_http_client/Transport$OneChainKeyManager.class */
    public static class OneChainKeyManager extends X509ExtendedKeyManager {
        private X509Certificate[] certChain;
        private PrivateKey privateKey;

        public OneChainKeyManager(X509Certificate[] x509CertificateArr, PrivateKey privateKey) {
            if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                throw new IllegalArgumentException();
            }
            this.certChain = x509CertificateArr;
            if (privateKey == null) {
                throw new IllegalArgumentException();
            }
            this.privateKey = privateKey;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return "default";
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return this.certChain;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return new String[]{"default"};
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return this.privateKey;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            return null;
        }
    }

    /* loaded from: input_file:org/gpel/client/http/apache_http_client/Transport$TrustAllX509TrustManager.class */
    public static class TrustAllX509TrustManager implements X509TrustManager {
        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }
    }

    /* loaded from: input_file:org/gpel/client/http/apache_http_client/Transport$TrustedListX509TrustManager.class */
    public static class TrustedListX509TrustManager implements X509TrustManager {
        private X509Certificate[] trustedCerts;

        public TrustedListX509TrustManager(X509Certificate[] x509CertificateArr) {
            if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                throw new IllegalArgumentException();
            }
            this.trustedCerts = x509CertificateArr;
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.trustedCerts;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            checkTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            checkTrusted(x509CertificateArr, str);
        }

        private void checkTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                throw new CertificateException("missing certificate chain to verify");
            }
            X509Certificate x509Certificate = x509CertificateArr[0];
            x509Certificate.checkValidity();
            x509Certificate.getSubjectAlternativeNames();
            for (int i = 1; i < x509CertificateArr.length; i++) {
                X509Certificate x509Certificate2 = x509CertificateArr[i];
                x509Certificate2.checkValidity();
                Principal subjectDN = x509Certificate2.getSubjectDN();
                X509Certificate x509Certificate3 = x509CertificateArr[i - 1];
                Principal issuerDN = x509Certificate3.getIssuerDN();
                if (!subjectDN.equals(issuerDN)) {
                    throw new CertificateException("certificate chain invalid: issuer " + issuerDN + " is not the same as next certificate subject " + subjectDN + " (previous=" + x509Certificate3 + " current=" + x509Certificate2 + ")");
                }
                try {
                    x509Certificate3.verify(x509Certificate2.getPublicKey());
                } catch (InvalidKeyException e) {
                    throw new CertificateException(e);
                } catch (NoSuchAlgorithmException e2) {
                    throw new CertificateException(e2);
                } catch (NoSuchProviderException e3) {
                    throw new CertificateException(e3);
                } catch (SignatureException e4) {
                    throw new CertificateException(e4);
                }
            }
            X509Certificate x509Certificate4 = x509CertificateArr[x509CertificateArr.length - 1];
            for (int i2 = 0; i2 < this.trustedCerts.length; i2++) {
                X509Certificate x509Certificate5 = this.trustedCerts[i2];
                try {
                    x509Certificate5.checkValidity();
                    x509Certificate4.verify(x509Certificate5.getPublicKey());
                    return;
                } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateExpiredException e5) {
                }
            }
            throw new CertificateException("could not find trusted CA to verify " + x509Certificate4);
        }
    }

    public Transport() {
        this.unsecureClient = new HttpClient();
    }

    public Transport(GpelUserCredentials gpelUserCredentials) {
        this();
        if (gpelUserCredentials == null) {
            throw new IllegalArgumentException();
        }
        this.userCredentials = gpelUserCredentials;
    }

    public Transport(GpelUserX509Credential gpelUserX509Credential) {
        if (gpelUserX509Credential == null) {
            throw new IllegalArgumentException();
        }
        this.x509credentials = gpelUserX509Credential;
        PrivateKey userPrivateKey = gpelUserX509Credential.getUserPrivateKey();
        KeyManager[] keyManagerArr = userPrivateKey != null ? new KeyManager[]{new OneChainKeyManager(gpelUserX509Credential.getUserCertChain(), userPrivateKey)} : null;
        X509Certificate[] certificatesTrustedByUser = gpelUserX509Credential.getCertificatesTrustedByUser();
        try {
            final Protocol protocol = new Protocol("https", new LimitedTrustSSLProtocolSocketFactory(keyManagerArr, certificatesTrustedByUser == null ? new TrustManager[]{new TrustAllX509TrustManager()} : new TrustManager[]{new TrustedListX509TrustManager(certificatesTrustedByUser)}), 443);
            SimpleHttpConnectionManager simpleHttpConnectionManager = new SimpleHttpConnectionManager();
            this.secureClient = new HttpClient(new SimpleHttpConnectionManager() { // from class: org.gpel.client.http.apache_http_client.Transport.1
                public HttpConnection getConnectionWithTimeout(HostConfiguration hostConfiguration, long j) {
                    HttpConnection connectionWithTimeout = super.getConnectionWithTimeout(hostConfiguration, j);
                    connectionWithTimeout.setProtocol(protocol);
                    return connectionWithTimeout;
                }
            });
            this.unsecureClient = new HttpClient(simpleHttpConnectionManager);
        } catch (KeyManagementException e) {
            throw new GcHttpException("failed to create secure transport ", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new GcHttpException("failed to create secure transport ", e2);
        }
    }

    @Override // org.gpel.client.http.GcHttpTransport
    public XmlElement getXml(URI uri) throws GcException {
        return getXml(uri, true);
    }

    public HttpClient getClientForLocation(URI uri) throws GcHttpException {
        return (this.secureClient == null || !"https".equals(uri.getScheme())) ? this.unsecureClient : this.secureClient;
    }

    @Override // org.gpel.client.http.GcHttpTransport
    public XmlElement getXml(URI uri, boolean z) throws GcHttpException {
        GetMethod getMethod = new GetMethod(uri.toString());
        getMethod.setRequestHeader("User-Agent", GpelVersion.getUserAgent());
        try {
            try {
                HttpClient clientForLocation = getClientForLocation(uri);
                if (z) {
                    requireCredentials(clientForLocation, getMethod, uri);
                }
                clientForLocation.executeMethod(getMethod);
                XmlElement parseFragmentFromString = builder.parseFragmentFromString(getMethod.getResponseBodyAsString());
                getMethod.releaseConnection();
                return parseFragmentFromString;
            } catch (IOException e) {
                throw new GcException("HTTP transport get XML failed for " + uri + " (withBasicAuthz=" + z + ")", e);
            }
        } catch (Throwable th) {
            getMethod.releaseConnection();
            throw th;
        }
    }

    @Override // org.gpel.client.http.GcHttpTransport
    public GcHttpResponse perform(GcHttpRequest gcHttpRequest) throws GcHttpException {
        try {
            HttpMethod createHttpMethodFor = createHttpMethodFor(gcHttpRequest);
            try {
                try {
                    HttpClient clientForLocation = getClientForLocation(gcHttpRequest.getLocation());
                    if (gcHttpRequest.useAuthz()) {
                        requireCredentials(clientForLocation, createHttpMethodFor, gcHttpRequest.getLocation());
                    }
                    clientForLocation.executeMethod(createHttpMethodFor);
                    GcHttpResponse extractResponse = extractResponse(gcHttpRequest, createHttpMethodFor);
                    if (createHttpMethodFor != null) {
                        createHttpMethodFor.releaseConnection();
                    }
                    return extractResponse;
                } catch (Throwable th) {
                    if (createHttpMethodFor != null) {
                        createHttpMethodFor.releaseConnection();
                    }
                    throw th;
                }
            } catch (IOException e) {
                throw new GcHttpException("HTTP transport failed accessing " + gcHttpRequest.getLocation(), e);
            }
        } catch (IllegalStateException e2) {
            throw new GcHttpException("failed to create HTTP method for " + gcHttpRequest, e2);
        }
    }

    private HttpMethod createHttpMethodFor(GcHttpRequest gcHttpRequest) throws GcHttpException {
        GetMethod postMethod;
        long length;
        ByteArrayInputStream byteArrayInputStream;
        String uri = gcHttpRequest.getLocation().toString();
        GcHttpRequest.Method method = gcHttpRequest.getMethod();
        if (GcHttpRequest.Method.GET.equals(method)) {
            postMethod = new GetMethod(uri);
        } else if (GcHttpRequest.Method.PUT.equals(gcHttpRequest.getMethod())) {
            postMethod = new PutMethod(uri);
        } else {
            if (!GcHttpRequest.Method.POST.equals(gcHttpRequest.getMethod())) {
                throw new GcHttpException("unknown method " + method);
            }
            postMethod = new PostMethod(uri);
        }
        postMethod.setRequestHeader("User-Agent", GpelVersion.getUserAgent());
        if (gcHttpRequest.hasContent()) {
            if (gcHttpRequest.getXmlContent() != null) {
                try {
                    byte[] bytes = builder.serializeToString(gcHttpRequest.getXmlContent()).getBytes("UTF8");
                    length = bytes.length;
                    byteArrayInputStream = new ByteArrayInputStream(bytes);
                } catch (UnsupportedEncodingException e) {
                    throw new GcHttpException("could not get text content as UTF8", e);
                }
            } else if (gcHttpRequest.getTextContent() != null) {
                try {
                    byte[] bytes2 = gcHttpRequest.getTextContent().getBytes(GcUtil.DEFAULT_CHARSET);
                    length = bytes2.length;
                    byteArrayInputStream = new ByteArrayInputStream(bytes2);
                } catch (UnsupportedEncodingException e2) {
                    throw new GcHttpException("could not get text content as UTF8", e2);
                }
            } else {
                if (gcHttpRequest.getBinaryContent() == null) {
                    throw new IllegalStateException("content missing");
                }
                byte[] binaryContent = gcHttpRequest.getBinaryContent();
                length = binaryContent.length;
                byteArrayInputStream = new ByteArrayInputStream(binaryContent);
            }
            ((EntityEnclosingMethod) postMethod).setRequestEntity(new InputStreamRequestEntity(byteArrayInputStream, length, gcHttpRequest.getContentType()));
        }
        return postMethod;
    }

    private void requireCredentials(HttpClient httpClient, HttpMethod httpMethod, URI uri) {
        if (this.userCredentials != null) {
            httpClient.getParams().setAuthenticationPreemptive(true);
            httpMethod.setDoAuthentication(true);
            httpClient.getState().setCredentials(new AuthScope(uri.getHost(), uri.getPort()), new UsernamePasswordCredentials(this.userCredentials.getUserName(), this.userCredentials.getUserPassword()));
        }
    }

    private GcHttpResponse extractResponse(GcHttpRequest gcHttpRequest, HttpMethod httpMethod) throws GcHttpException {
        GcHttpResponse gcHttpResponse;
        try {
            int statusCode = httpMethod.getStatusCode();
            if (statusCode != 200 && statusCode != 201 && statusCode != 202) {
                String responseBodyAsString = httpMethod.getResponseBodyAsString();
                String str = GLogger.PROPERTY_PREFIX;
                if (responseBodyAsString != null) {
                    str = "\n" + responseBodyAsString;
                }
                if (statusCode == 404) {
                    throw new GcResourceNotFoundException("could not get resource from " + gcHttpRequest.getLocation() + str, gcHttpRequest.getLocation());
                }
                throw new GcHttpException("HTTP failed with status " + statusCode + " (" + httpMethod.getStatusLine() + ")" + str);
            }
            URI create = URI.create(httpMethod.getURI().toString());
            if (httpMethod.getResponseHeader("Location") != null) {
                create = URI.create(httpMethod.getResponseHeader("Location").getValue());
            }
            if (httpMethod.getResponseHeader("Content-type") != null) {
                String value = httpMethod.getResponseHeader("Content-type").getValue();
                GcWebResourceType categorizeContentType = GcUtil.categorizeContentType(value);
                if (categorizeContentType != GcWebResourceType.XML) {
                    throw new IllegalStateException("unsupported " + categorizeContentType);
                }
                byte[] responseBody = httpMethod.getResponseBody();
                logger.finest("responseBody=" + new String(responseBody, "UTF8"));
                gcHttpResponse = new GcHttpResponse(create, value, builder.parseFragmentFromInputStream(new ByteArrayInputStream(responseBody)));
            } else {
                gcHttpResponse = new GcHttpResponse(create);
            }
            return gcHttpResponse;
        } catch (IOException e) {
            throw new GcHttpException("HTTP transport response processing failed", e);
        }
    }
}
