package org.apache.ambari.server.controller.internal;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLConnection;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.ambari.server.configuration.ComponentSSLConfiguration;
import org.apache.ambari.server.controller.utilities.StreamProvider;
import org.apache.ambari.server.utils.URLCredentialsHider;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.IOUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ambari/server/controller/internal/URLStreamProvider.class */
public class URLStreamProvider implements StreamProvider {
    public static final String COOKIE = "Cookie";
    private static final String WWW_AUTHENTICATE = "WWW-Authenticate";
    private static final String NEGOTIATE = "Negotiate";
    private static final String AUTHORIZATION = "Authorization";
    private static final String BASIC_AUTH = "Basic %s";
    private static final Logger LOG = LoggerFactory.getLogger(URLStreamProvider.class);
    private boolean setupTruststoreForHttps;
    private final int connTimeout;
    private final int readTimeout;
    private final String trustStorePath;
    private final String trustStorePassword;
    private final String trustStoreType;
    private volatile SSLSocketFactory sslSocketFactory;
    private AppCookieManager appCookieManager;

    /* loaded from: input_file:org/apache/ambari/server/controller/internal/URLStreamProvider$TrustAllHostnameVerifier.class */
    public static class TrustAllHostnameVerifier implements HostnameVerifier {
        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            return true;
        }
    }

    /* loaded from: input_file:org/apache/ambari/server/controller/internal/URLStreamProvider$TrustAllManager.class */
    public static class TrustAllManager implements X509TrustManager {
        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }
    }

    public URLStreamProvider(int i, int i2, ComponentSSLConfiguration componentSSLConfiguration) {
        this(i, i2, componentSSLConfiguration.getTruststorePath(), componentSSLConfiguration.getTruststorePassword(), componentSSLConfiguration.getTruststoreType());
    }

    public URLStreamProvider(int i, int i2, String str, String str2, String str3) {
        this.sslSocketFactory = null;
        this.appCookieManager = null;
        this.connTimeout = i;
        this.readTimeout = i2;
        this.trustStorePath = str;
        this.trustStorePassword = str2;
        this.trustStoreType = str3;
        this.setupTruststoreForHttps = true;
    }

    public void setSetupTruststoreForHttps(boolean z) {
        this.setupTruststoreForHttps = z;
    }

    public boolean getSetupTruststoreForHttps() {
        return this.setupTruststoreForHttps;
    }

    @Override // org.apache.ambari.server.controller.utilities.StreamProvider
    public InputStream readFrom(String str, String str2, String str3) throws IOException {
        return processURL(str, str2, str3, (Map<String, List<String>>) null).getInputStream();
    }

    @Override // org.apache.ambari.server.controller.utilities.StreamProvider
    public InputStream readFrom(String str) throws IOException {
        return readFrom(str, "GET", null);
    }

    public HttpURLConnection processURL(String str, String str2, String str3, Map<String, List<String>> map) throws IOException {
        return processURL(str, str2, str3 == null ? null : str3.getBytes(), map);
    }

    public HttpURLConnection processURL(String str, String str2, InputStream inputStream, Map<String, List<String>> map) throws IOException {
        return processURL(str, str2, inputStream == null ? null : IOUtils.toByteArray(inputStream), map);
    }

    public HttpURLConnection processURL(String str, String str2, byte[] bArr, Map<String, List<String>> map) throws IOException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("readFrom spec:{}", URLCredentialsHider.hideCredentials(str));
        }
        URL url = new URL(str);
        HttpURLConnection sSLConnection = (str.startsWith("https") && this.setupTruststoreForHttps) ? getSSLConnection(url) : getConnection(url);
        AppCookieManager appCookieManager = getAppCookieManager();
        String cachedAppCookie = appCookieManager.getCachedAppCookie(str);
        if (cachedAppCookie != null) {
            LOG.debug("Using cached app cookie for URL:{}", URLCredentialsHider.hideCredentials(str));
            if (map == null || map.isEmpty()) {
                map = Collections.singletonMap(COOKIE, Collections.singletonList(cachedAppCookie));
            } else {
                map = new HashMap(map);
                List<String> list = map.get(COOKIE);
                map.put(COOKIE, Collections.singletonList(appendCookie((list == null || list.isEmpty()) ? null : list.get(0), cachedAppCookie)));
            }
        }
        sSLConnection.setConnectTimeout(this.connTimeout);
        sSLConnection.setReadTimeout(this.readTimeout);
        sSLConnection.setDoOutput(true);
        sSLConnection.setRequestMethod(str2);
        if (map != null) {
            for (Map.Entry<String, List<String>> entry : map.entrySet()) {
                String obj = entry.getValue().toString();
                sSLConnection.setRequestProperty(entry.getKey(), obj.substring(1, obj.length() - 1));
            }
        }
        if (bArr != null) {
            sSLConnection.getOutputStream().write(bArr);
        }
        if (url.getUserInfo() != null) {
            sSLConnection.setRequestProperty(AUTHORIZATION, String.format(BASIC_AUTH, new String(new Base64().encode(url.getUserInfo().getBytes()))));
        }
        int responseCode = sSLConnection.getResponseCode();
        if (responseCode != 401) {
            if (responseCode == 404 || responseCode == 403) {
                LOG.error(String.format("Received HTTP %s response from URL: %s", Integer.valueOf(responseCode), URLCredentialsHider.hideCredentials(str)));
            }
            return sSLConnection;
        }
        String headerField = sSLConnection.getHeaderField(WWW_AUTHENTICATE);
        if (LOG.isInfoEnabled()) {
            LOG.info("Received WWW-Authentication header:" + headerField + ", for URL:" + URLCredentialsHider.hideCredentials(str));
        }
        if (headerField == null || !headerField.trim().startsWith(NEGOTIATE)) {
            LOG.error("Unsupported WWW-Authentication header:" + headerField + ", for URL:" + URLCredentialsHider.hideCredentials(str));
            return sSLConnection;
        }
        HttpURLConnection sSLConnection2 = str.startsWith("https") ? getSSLConnection(url) : getConnection(url);
        sSLConnection2.setRequestProperty(COOKIE, appCookieManager.getAppCookie(str, true));
        sSLConnection2.setConnectTimeout(this.connTimeout);
        sSLConnection2.setReadTimeout(this.readTimeout);
        sSLConnection2.setDoOutput(true);
        return sSLConnection2;
    }

    public synchronized AppCookieManager getAppCookieManager() {
        if (this.appCookieManager == null) {
            this.appCookieManager = new AppCookieManager();
        }
        return this.appCookieManager;
    }

    public static String appendCookie(String str, String str2) {
        return (str == null || str.length() == 0) ? str2 : str + "; " + str2;
    }

    protected HttpURLConnection getConnection(URL url) throws IOException {
        URLConnection openConnection = url.openConnection();
        if (!this.setupTruststoreForHttps) {
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) openConnection;
            TrustManager[] trustManagerArr = {new TrustAllManager()};
            TrustAllHostnameVerifier trustAllHostnameVerifier = new TrustAllHostnameVerifier();
            try {
                SSLContext sSLContext = SSLContext.getInstance("SSL");
                sSLContext.init(null, trustManagerArr, new SecureRandom());
                httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
                httpsURLConnection.setHostnameVerifier(trustAllHostnameVerifier);
            } catch (KeyManagementException | NoSuchAlgorithmException e) {
                throw new IllegalStateException("Cannot create unverified ssl context.", e);
            }
        }
        return (HttpURLConnection) openConnection;
    }

    protected HttpsURLConnection getSSLConnection(URL url) throws IOException, IllegalStateException {
        if (this.sslSocketFactory == null) {
            synchronized (this) {
                if (this.sslSocketFactory == null) {
                    if (this.trustStorePath == null || this.trustStorePassword == null) {
                        String format = String.format("Can't get secure connection to %s.  Truststore path or password is not set.", URLCredentialsHider.hideCredentials(url.toString()));
                        LOG.error(format);
                        throw new IllegalStateException(format);
                    }
                    FileInputStream fileInputStream = null;
                    try {
                        try {
                            FileInputStream fileInputStream2 = new FileInputStream(new File(this.trustStorePath));
                            KeyStore keyStore = KeyStore.getInstance(this.trustStoreType == null ? KeyStore.getDefaultType() : this.trustStoreType);
                            keyStore.load(fileInputStream2, this.trustStorePassword.toCharArray());
                            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                            trustManagerFactory.init(keyStore);
                            SSLContext sSLContext = SSLContext.getInstance("TLS");
                            sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
                            this.sslSocketFactory = sSLContext.getSocketFactory();
                            if (fileInputStream2 != null) {
                                fileInputStream2.close();
                            }
                        } catch (Throwable th) {
                            if (0 != 0) {
                                fileInputStream.close();
                            }
                            throw th;
                        }
                    } catch (Exception e) {
                        throw new IOException("Can't get connection.", e);
                    }
                }
            }
        }
        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) url.openConnection();
        httpsURLConnection.setSSLSocketFactory(this.sslSocketFactory);
        return httpsURLConnection;
    }
}
