package com.ghc.ghtester.rqm.common;

import com.ghc.ghtester.rqm.common.RQMConnection;
import com.ghc.ghtester.rqm.common.smartcard.KeyStoreKeyManagerProvider;
import com.ghc.ghtester.rqm.common.smartcard.SSLCertificateLoginInfo;
import com.ghc.ghtester.rqm.common.smartcard.SmartCardLoginInfo;
import com.ghc.ghtester.rqm.common.smartcard.TrustingSSLSocketFactory;
import com.ibm.greenhat.logging.Level;
import com.ibm.greenhat.logging.Logger;
import com.ibm.greenhat.logging.LoggerFactory;
import com.palominolabs.http.url.UrlBuilder;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.CharacterCodingException;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Locale;
import java.util.Map;
import javax.net.ssl.KeyManager;
import org.apache.http.Header;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.config.CookieSpecs;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.client.methods.HttpRequestBase;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.config.ConnectionConfig;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.config.SocketConfig;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContextBuilder;
import org.apache.http.conn.ssl.TrustStrategy;
import org.apache.http.entity.InputStreamEntity;
import org.apache.http.impl.auth.BasicScheme;
import org.apache.http.impl.auth.win.WindowsCredentialsProvider;
import org.apache.http.impl.auth.win.WindowsNegotiateSchemeFactory;
import org.apache.http.impl.client.BasicAuthCache;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.client.SystemDefaultCredentialsProvider;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.protocol.HTTP;
import org.apache.http.protocol.HttpContext;
import org.apache.http.util.EntityUtils;

/* loaded from: input_file:com/ghc/ghtester/rqm/common/RQMHttpClient.class */
public class RQMHttpClient {
    protected static final String AUTH_PATH = "j_security_check";
    private static final String AUTH_USERNAME = "j_username";
    private static final String AUTH_PASSWORD = "j_password";
    public static final String RQM_PREEMTIVE_AUTH = "com.greenhat.rqm.preemptive.auth";
    public static final String HTTP_GET = "GET";
    private static final String SPNEGO_ENABLED = " spnego-enabled";
    private static final String JAZZ_NATIVE_CLIENT = "Jazz Native Client spnego-enabled";
    private static final String SUN_JRE = "sun";
    private static final String ORACLE_JRE = "oracle";
    private static final String IBM_JRE = "ibm";
    private static final String SUBJECT_CREDS_ONLY_PROP = "javax.security.auth.useSubjectCredsOnly";
    private static final String JAAS_LOGIN_MODULE_PROP = "java.security.auth.login.config";
    private static final String KERBEROS_CONFIG_PROP = "java.security.krb5.conf";
    private static final String SMARTCARD_AUTHENTICATION_URI_PATH = "service/com.ibm.team.repository.service.internal.webuiInitializer.IWebUIInitializerRestService/initializationData";
    private final RQMConnection conn;
    private final URI serverUri;
    private HttpClientContext httpContext;
    private static /* synthetic */ int[] $SWITCH_TABLE$com$ghc$ghtester$rqm$common$RQMConnection$AuthType;
    private static final Logger logger = LoggerFactory.getLogger(RQMHttpClient.class);
    private static final String JAVA_VENDOR = System.getProperty("java.vendor").toLowerCase(Locale.ENGLISH);
    private static String SPNEGO_CONFIG_FILE_CONTENT = null;
    private static final String LS = System.getProperty("line.separator");
    private static final String SPNEGO_CONFIG_FILE_SUN = "com.sun.security.jgss.login {" + LS + "\tcom.sun.security.auth.module.Krb5LoginModule required renewTGT=true useTicketCache=true doNotPrompt=true;" + LS + "};" + LS + LS + "com.sun.security.jgss.initiate {" + LS + "\tcom.sun.security.auth.module.Krb5LoginModule required renewTGT=true useTicketCache=true doNotPrompt=true;" + LS + "};" + LS + LS + "com.sun.security.jgss.accept {" + LS + "\tcom.sun.security.auth.module.Krb5LoginModule required renewTGT=true useTicketCache=true doNotPrompt=true;" + LS + "};";
    private static final String SPNEGO_CONFIG_FILE_IBM = "com.ibm.security.jgss.login {" + LS + "\tcom.ibm.security.auth.module.Krb5LoginModule required renewable=true useDefaultCcache=true;" + LS + "};" + LS + LS + "com.ibm.security.jgss.initiate {" + LS + "\tcom.ibm.security.auth.module.Krb5LoginModule required renewable=true useDefaultCcache=true;" + LS + "};" + LS + LS + "com.ibm.security.jgss.accept {" + LS + "\tcom.ibm.security.auth.module.Krb5LoginModule required renewable=true useDefaultCcache=true;" + LS + "};";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/ghc/ghtester/rqm/common/RQMHttpClient$TrustAllHttpClients.class */
    public static class TrustAllHttpClients {
        private TrustAllHttpClients() {
        }

        public static HttpClientBuilder system() throws AssertionError {
            return trustAll(HttpClients.custom().useSystemProperties());
        }

        public static HttpClientBuilder trustAll(HttpClientBuilder httpClientBuilder) throws AssertionError {
            try {
                return httpClientBuilder.setHostnameVerifier(SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER).setSslcontext(new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() { // from class: com.ghc.ghtester.rqm.common.RQMHttpClient.TrustAllHttpClients.1
                    @Override // org.apache.http.ssl.TrustStrategy
                    public boolean isTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                        return true;
                    }
                }).build());
            } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException e) {
                throw new AssertionError(e);
            }
        }
    }

    public RQMHttpClient(RQMConnection rQMConnection) {
        this.conn = rQMConnection.m2clone();
        this.conn.validate();
        this.serverUri = URI.create(this.conn.getUrl());
        startNewSession();
        switch ($SWITCH_TABLE$com$ghc$ghtester$rqm$common$RQMConnection$AuthType()[this.conn.getAuthType().ordinal()]) {
            case 1:
            case 4:
            default:
                return;
            case 2:
                initializeKerberos();
                return;
            case 3:
                initializeSmartCard();
                return;
        }
    }

    public void startNewSession() {
        this.httpContext = HttpClientContext.create();
        setUpPreemptiveAuth(this.httpContext, this.serverUri);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String get(String str) throws IOException, RQMServiceException {
        HttpGet httpGet = new HttpGet(str);
        CloseableHttpClient createClient = createClient();
        try {
            CloseableHttpResponse executeMethod = executeMethod(createClient, httpGet);
            try {
                return EntityUtils.toString(executeMethod.getEntity());
            } finally {
                executeMethod.close();
            }
        } finally {
            createClient.close();
        }
    }

    private CloseableHttpClient createClient() {
        HttpClientBuilder system = TrustAllHttpClients.system();
        switch ($SWITCH_TABLE$com$ghc$ghtester$rqm$common$RQMConnection$AuthType()[this.conn.getAuthType().ordinal()]) {
            case 1:
                BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
                basicCredentialsProvider.setCredentials(new AuthScope(this.serverUri.getHost(), this.serverUri.getPort()), new UsernamePasswordCredentials(this.conn.getUser(), this.conn.getPassword()));
                system.setDefaultCredentialsProvider(basicCredentialsProvider).build();
                system.setDefaultRequestConfig(RequestConfig.custom().setCookieSpec(CookieSpecs.STANDARD).build());
                break;
            case 2:
                RegistryBuilder create = RegistryBuilder.create();
                create.register("Negotiate", new WindowsNegotiateSchemeFactory(null));
                system.setDefaultAuthSchemeRegistry(create.build()).build();
                system.setUserAgent(JAZZ_NATIVE_CLIENT);
                system.setDefaultCredentialsProvider(new WindowsCredentialsProvider(new SystemDefaultCredentialsProvider())).build();
                system.setDefaultRequestConfig(RequestConfig.custom().setCookieSpec(CookieSpecs.STANDARD).build());
                break;
            case 3:
            case 4:
                system = HttpClients.custom();
                try {
                    system.setConnectionManager(getConnectionManager());
                } catch (Exception e) {
                    logger.log(Level.ERROR, e, "Exception while creating connection manager: " + e.getMessage(), new Object[0]);
                }
                system.setDefaultCredentialsProvider(new BasicCredentialsProvider());
                system.setUserAgent(JAZZ_NATIVE_CLIENT);
                break;
        }
        return system.build();
    }

    private PoolingHttpClientConnectionManager getConnectionManager() throws GeneralSecurityException, IOException {
        TrustingSSLSocketFactory.setKeyManager(getKeyManagers());
        PoolingHttpClientConnectionManager poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager((Registry<ConnectionSocketFactory>) RegistryBuilder.create().register(HttpHost.DEFAULT_SCHEME_NAME, new PlainConnectionSocketFactory()).register("https", TrustingSSLSocketFactory.getInstance()).build());
        poolingHttpClientConnectionManager.setDefaultSocketConfig(SocketConfig.custom().setSoLinger(-1).setTcpNoDelay(true).build());
        poolingHttpClientConnectionManager.setDefaultConnectionConfig(ConnectionConfig.custom().setBufferSize(8192).build());
        int i = 10;
        String str = System.getenv("MAX_ADAPTER_CONNECTIONS");
        if (str != null) {
            i = Integer.parseInt(str);
        }
        logger.log(Level.DEBUG, "JFSHttpsClient: Max connections set to - " + i);
        poolingHttpClientConnectionManager.setDefaultMaxPerRoute(i);
        poolingHttpClientConnectionManager.setMaxTotal(i);
        return poolingHttpClientConnectionManager;
    }

    private void initializeSmartCard() {
        Security.addProvider(new KeyStoreKeyManagerProvider());
    }

    private KeyManager[] getKeyManagers() throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
        switch ($SWITCH_TABLE$com$ghc$ghtester$rqm$common$RQMConnection$AuthType()[this.conn.getAuthType().ordinal()]) {
            case 3:
                return new SmartCardLoginInfo(this.conn.getSmartCardAlias()).getKeyManagers();
            case 4:
                return new SSLCertificateLoginInfo(this.conn.getSslCertificatePath(), this.conn.getSslCertificatePassword()).getKeyManagers();
            default:
                return null;
        }
    }

    private void initializeKerberos() {
        try {
            executeJREVersionSpecificActions();
            setKerberosProperties(getLoginFilePath(), this.conn.getKerberosConfigPath());
        } catch (RQMServiceException e) {
            logger.log(Level.ERROR, e, "Unable to create 'login.conf' file for kerberos.", new Object[0]);
        }
    }

    private void setKerberosProperties(String str, String str2) {
        System.setProperty(JAAS_LOGIN_MODULE_PROP, str);
        if (str2 != null && !str2.isEmpty()) {
            System.setProperty(KERBEROS_CONFIG_PROP, str2);
        }
        System.setProperty(SUBJECT_CREDS_ONLY_PROP, "false");
    }

    private void executeJREVersionSpecificActions() throws RQMServiceException {
        if (JAVA_VENDOR.contains(SUN_JRE) || JAVA_VENDOR.contains(ORACLE_JRE)) {
            SPNEGO_CONFIG_FILE_CONTENT = SPNEGO_CONFIG_FILE_SUN;
        } else {
            if (!JAVA_VENDOR.contains(IBM_JRE)) {
                throw new RQMServiceException("Kerberos is supported on IBM or Oracle JRE.");
            }
            SPNEGO_CONFIG_FILE_CONTENT = SPNEGO_CONFIG_FILE_IBM;
        }
    }

    private String getLoginFilePath() throws RQMServiceException {
        File createTempFile;
        String property = System.getProperty(JAAS_LOGIN_MODULE_PROP);
        FileOutputStream fileOutputStream = null;
        try {
            try {
                if (property != null) {
                    createTempFile = new File(property);
                    if (!createTempFile.createNewFile()) {
                        if (0 != 0) {
                            try {
                                fileOutputStream.close();
                            } catch (IOException e) {
                                throw new RQMServiceException("Unable to close 'login.conf' file for kerberos.", e);
                            }
                        }
                        return property;
                    }
                } else {
                    createTempFile = File.createTempFile("login", ".conf");
                    createTempFile.deleteOnExit();
                }
                String absolutePath = createTempFile.getAbsolutePath();
                fileOutputStream = new FileOutputStream(createTempFile);
                fileOutputStream.write(SPNEGO_CONFIG_FILE_CONTENT.getBytes(HTTP.UTF_8));
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                    } catch (IOException e2) {
                        throw new RQMServiceException("Unable to close 'login.conf' file for kerberos.", e2);
                    }
                }
                return absolutePath;
            } catch (IOException e3) {
                throw new RQMServiceException("Unable to create 'login.conf' file for kerberos.", e3);
            }
        } catch (Throwable th) {
            if (fileOutputStream != null) {
                try {
                    fileOutputStream.close();
                } catch (IOException e4) {
                    throw new RQMServiceException("Unable to close 'login.conf' file for kerberos.", e4);
                }
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String post(String str, InputStream inputStream, Map<String, String> map) throws IOException, RQMServiceException {
        HttpPost httpPost = new HttpPost(str);
        setHeaders(httpPost, map);
        httpPost.setEntity(new InputStreamEntity(inputStream));
        CloseableHttpClient createClient = createClient();
        try {
            CloseableHttpResponse executeMethod = executeMethod(createClient, httpPost);
            try {
                return EntityUtils.toString(executeMethod.getEntity());
            } finally {
                executeMethod.close();
            }
        } finally {
            createClient.close();
        }
    }

    private void setHeaders(HttpRequestBase httpRequestBase, Map<String, String> map) {
        if (map != null) {
            for (String str : map.keySet()) {
                httpRequestBase.addHeader(str, map.get(str));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String put(String str, InputStream inputStream, Map<String, String> map) throws IOException, RQMServiceException {
        HttpPut httpPut = new HttpPut(str);
        setHeaders(httpPut, map);
        httpPut.setEntity(new InputStreamEntity(inputStream));
        CloseableHttpClient createClient = createClient();
        try {
            CloseableHttpResponse executeMethod = executeMethod(createClient, httpPut);
            try {
                return EntityUtils.toString(executeMethod.getEntity());
            } finally {
                executeMethod.close();
            }
        } finally {
            createClient.close();
        }
    }

    public static void setHTTPDebugEnabled(boolean z) {
        if (z) {
            System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
            System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true");
            System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.http", "DEBUG");
            System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.http.wire", "ERROR");
            return;
        }
        System.getProperties().remove("org.apache.commons.logging.Log");
        System.getProperties().remove("org.apache.commons.logging.simplelog.showdatetime");
        System.getProperties().remove("org.apache.commons.logging.simplelog.log.org.apache.http");
        System.getProperties().remove("org.apache.commons.logging.simplelog.log.org.apache.http.wire");
    }

    private void setUpPreemptiveAuth(HttpClientContext httpClientContext, URI uri) {
        if (Boolean.getBoolean(RQM_PREEMTIVE_AUTH)) {
            HttpHost httpHost = new HttpHost(uri.getHost(), uri.getPort(), uri.getScheme());
            BasicAuthCache basicAuthCache = new BasicAuthCache();
            basicAuthCache.put(httpHost, new BasicScheme());
            httpClientContext.setAuthCache(basicAuthCache);
        }
    }

    private CloseableHttpResponse executeMethod(CloseableHttpClient closeableHttpClient, HttpRequestBase httpRequestBase) throws IOException, RQMServiceException {
        if (!httpRequestBase.getMethod().equals("GET")) {
            checkForAuthChallenge();
        }
        for (int i = 0; i < 2; i++) {
            if (logger.isDebugEnabled()) {
                logger.log(Level.DEBUG, "Sending request to RQM: %s %s", new Object[]{httpRequestBase.getMethod(), httpRequestBase.getURI().toASCIIString().replaceFirst("\\?.*", "?<query string omitted>")});
            }
            setUpPreemptiveAuth(this.httpContext, httpRequestBase.getURI());
            CloseableHttpResponse execute = closeableHttpClient.execute((HttpUriRequest) httpRequestBase, (HttpContext) this.httpContext);
            int statusCode = execute.getStatusLine().getStatusCode();
            switch (statusCode) {
                case 200:
                case 201:
                    Header firstHeader = execute.getFirstHeader(RQMService.AUTH_HEADER);
                    if (firstHeader == null) {
                        logger.log(Level.DEBUG, "RQM response received, without auth challenge.");
                        return execute;
                    }
                    if (RQMService.AUTH_FAILED.equals(firstHeader.getValue())) {
                        logger.log(Level.DEBUG, "RQM auth failed");
                        EntityUtils.consume(execute.getEntity());
                        execute.close();
                        throw new RQMServiceAuthException();
                    }
                    if (!RQMService.AUTH_REQUIRED.equals(firstHeader.getValue())) {
                        logger.log(Level.DEBUG, "RQM auth header not recognised, ignoring: %s", new Object[]{firstHeader.getValue()});
                        return execute;
                    }
                    logger.log(Level.DEBUG, "RQM auth challenge received");
                    EntityUtils.consume(execute.getEntity());
                    execute.close();
                    appendAuthenticationToUri(httpRequestBase);
                default:
                    String entityUtils = EntityUtils.toString(execute.getEntity());
                    execute.close();
                    logger.log(Level.DEBUG, "Unexpected response code from RQM: %s, content: %s", new Object[]{Integer.valueOf(statusCode), entityUtils});
                    throw new RQMServiceHTTPException(statusCode, entityUtils);
            }
        }
        throw new RQMServiceAuthException();
    }

    private void appendAuthenticationToUri(HttpRequestBase httpRequestBase) {
        try {
            logger.log(Level.DEBUG, "Attempting authentication to RQM");
            logger.log(Level.DEBUG, "Original request URI which resulted in auth challenge: %s", new Object[]{httpRequestBase.getURI()});
            switch ($SWITCH_TABLE$com$ghc$ghtester$rqm$common$RQMConnection$AuthType()[this.conn.getAuthType().ordinal()]) {
                case 1:
                    UrlBuilder fromUri = UrlBuilder.fromUri(httpRequestBase.getURI().resolve(AUTH_PATH));
                    fromUri.queryParam(AUTH_USERNAME, this.conn.getUser());
                    fromUri.queryParam(AUTH_PASSWORD, this.conn.getPassword());
                    httpRequestBase.setURI(fromUri.toUri());
                    logger.log(Level.DEBUG, "Using BASIC authentication with user: " + this.conn.getUser());
                    return;
                case 2:
                    logger.log(Level.DEBUG, "Using KERBEROS authentication using config file='%s'", new Object[]{this.conn.getKerberosConfigPath()});
                    return;
                case 3:
                    String uri = this.serverUri.toString();
                    if (!uri.endsWith("/")) {
                        uri = String.valueOf(uri) + "/";
                    }
                    new HttpGet(String.valueOf(uri) + SMARTCARD_AUTHENTICATION_URI_PATH);
                    logger.log(Level.DEBUG, "Using SMARTCARD authentication using certificate alias='%s'", new Object[]{this.conn.getSmartCardAlias()});
                    return;
                case 4:
                    logger.log(Level.DEBUG, "Using SSLCERT authentication using keystore: '%s'", new Object[]{this.conn.getSslCertificatePath()});
                    break;
            }
        } catch (URISyntaxException | CharacterCodingException e) {
            throw new RuntimeException(e);
        }
    }

    private void checkForAuthChallenge() throws IOException, RQMServiceException {
        get(this.serverUri.toString());
    }

    static /* synthetic */ int[] $SWITCH_TABLE$com$ghc$ghtester$rqm$common$RQMConnection$AuthType() {
        int[] iArr = $SWITCH_TABLE$com$ghc$ghtester$rqm$common$RQMConnection$AuthType;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[RQMConnection.AuthType.valuesCustom().length];
        try {
            iArr2[RQMConnection.AuthType.BASIC.ordinal()] = 1;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[RQMConnection.AuthType.KERBEROS.ordinal()] = 2;
        } catch (NoSuchFieldError unused2) {
        }
        try {
            iArr2[RQMConnection.AuthType.SMARTCARD.ordinal()] = 3;
        } catch (NoSuchFieldError unused3) {
        }
        try {
            iArr2[RQMConnection.AuthType.SSLCERT.ordinal()] = 4;
        } catch (NoSuchFieldError unused4) {
        }
        $SWITCH_TABLE$com$ghc$ghtester$rqm$common$RQMConnection$AuthType = iArr2;
        return iArr2;
    }
}
