package org.owasp.dependencycheck.utils;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetSocketAddress;
import java.net.MalformedURLException;
import java.net.Proxy;
import java.net.ProxySelector;
import java.net.SocketAddress;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.charset.Charset;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.nio.file.StandardCopyOption;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import javax.net.ssl.SSLHandshakeException;
import org.apache.hc.client5.http.HttpResponseException;
import org.apache.hc.client5.http.auth.AuthScope;
import org.apache.hc.client5.http.auth.CredentialsStore;
import org.apache.hc.client5.http.auth.UsernamePasswordCredentials;
import org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider;
import org.apache.hc.client5.http.impl.auth.SystemDefaultCredentialsProvider;
import org.apache.hc.client5.http.impl.classic.BasicHttpClientResponseHandler;
import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager;
import org.apache.hc.client5.http.protocol.HttpClientContext;
import org.apache.hc.core5.http.ContentType;
import org.apache.hc.core5.http.Header;
import org.apache.hc.core5.http.HttpException;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.http.Method;
import org.apache.hc.core5.http.io.HttpClientResponseHandler;
import org.apache.hc.core5.http.io.entity.BasicHttpEntity;
import org.apache.hc.core5.http.io.entity.StringEntity;
import org.apache.hc.core5.http.message.BasicClassicHttpRequest;
import org.apache.hc.core5.http.message.BasicClassicHttpResponse;
import org.jetbrains.annotations.NotNull;
import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/owasp/dependencycheck/utils/Downloader.class */
public final class Downloader {
    private final HttpClientBuilder httpClientBuilder;
    private final HttpClientBuilder httpClientBuilderExplicitNoproxy;
    private Settings settings;
    private static final Logger LOGGER = LoggerFactory.getLogger(Downloader.class);
    private static final Downloader INSTANCE = new Downloader();

    /* loaded from: input_file:org/owasp/dependencycheck/utils/Downloader$SelectiveProxySelector.class */
    private static class SelectiveProxySelector extends ProxySelector {
        private final List<String> suffixMatch = new ArrayList();
        private final List<String> fullmatch = new ArrayList();
        private final Proxy configuredProxy;

        SelectiveProxySelector(Proxy proxy, String[] strArr) {
            for (String str : strArr) {
                if (str.startsWith("*")) {
                    this.suffixMatch.add(str.substring(1));
                } else {
                    this.fullmatch.add(str);
                }
            }
            this.configuredProxy = proxy;
        }

        @Override // java.net.ProxySelector
        public List<Proxy> select(URI uri) {
            String host = uri.getHost();
            if (this.fullmatch.contains(host)) {
                return Collections.singletonList(Proxy.NO_PROXY);
            }
            Iterator<String> it = this.suffixMatch.iterator();
            while (it.hasNext()) {
                if (host.endsWith(it.next())) {
                    return Collections.singletonList(Proxy.NO_PROXY);
                }
            }
            return List.of(this.configuredProxy);
        }

        @Override // java.net.ProxySelector
        public void connectFailed(URI uri, SocketAddress socketAddress, IOException iOException) {
        }
    }

    private Downloader() {
        PoolingHttpClientConnectionManager poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager();
        this.httpClientBuilder = HttpClientBuilder.create().useSystemProperties().setConnectionManager(poolingHttpClientConnectionManager).setConnectionManagerShared(true);
        this.httpClientBuilderExplicitNoproxy = HttpClientBuilder.create().useSystemProperties().setConnectionManager(poolingHttpClientConnectionManager).setConnectionManagerShared(true).setProxySelector(new ProxySelector() { // from class: org.owasp.dependencycheck.utils.Downloader.1
            @Override // java.net.ProxySelector
            public List<Proxy> select(URI uri) {
                return Collections.singletonList(Proxy.NO_PROXY);
            }

            @Override // java.net.ProxySelector
            public void connectFailed(URI uri, SocketAddress socketAddress, IOException iOException) {
            }
        });
    }

    public static Downloader getInstance() {
        return INSTANCE;
    }

    public void configure(Settings settings) throws InvalidSettingException {
        this.settings = settings;
        SystemDefaultCredentialsProvider systemDefaultCredentialsProvider = new SystemDefaultCredentialsProvider();
        if (settings.getString(Settings.KEYS.PROXY_SERVER) != null) {
            String string = settings.getString(Settings.KEYS.PROXY_SERVER);
            int i = settings.getInt(Settings.KEYS.PROXY_PORT, -1);
            String string2 = settings.getString(Settings.KEYS.PROXY_NON_PROXY_HOSTS);
            if (string2 == null || string2.isEmpty()) {
                this.httpClientBuilder.setProxy(new HttpHost(string, i));
            } else {
                this.httpClientBuilder.setProxySelector(new SelectiveProxySelector(new Proxy(Proxy.Type.HTTP, new InetSocketAddress(string, i)), string2.split("\\|")));
            }
            if (settings.getString(Settings.KEYS.PROXY_USERNAME) != null) {
                systemDefaultCredentialsProvider.setCredentials(new AuthScope((String) null, string, i, (String) null, (String) null), new UsernamePasswordCredentials(settings.getString(Settings.KEYS.PROXY_USERNAME), settings.getString(Settings.KEYS.PROXY_PASSWORD).toCharArray()));
            }
        }
        tryAddRetireJSCredentials(settings, systemDefaultCredentialsProvider);
        tryAddHostedSuppressionCredentials(settings, systemDefaultCredentialsProvider);
        tryAddKEVCredentials(settings, systemDefaultCredentialsProvider);
        tryAddNexusAnalyzerCredentials(settings, systemDefaultCredentialsProvider);
        tryAddNVDApiDatafeed(settings, systemDefaultCredentialsProvider);
        this.httpClientBuilder.setDefaultCredentialsProvider(systemDefaultCredentialsProvider);
        this.httpClientBuilderExplicitNoproxy.setDefaultCredentialsProvider(systemDefaultCredentialsProvider);
    }

    private void tryAddRetireJSCredentials(Settings settings, CredentialsStore credentialsStore) throws InvalidSettingException {
        if (settings.getString(Settings.KEYS.ANALYZER_RETIREJS_REPO_JS_PASSWORD) != null) {
            addUserPasswordCreds(settings, credentialsStore, Settings.KEYS.ANALYZER_RETIREJS_REPO_JS_USER, Settings.KEYS.ANALYZER_RETIREJS_REPO_JS_URL, Settings.KEYS.ANALYZER_RETIREJS_REPO_JS_PASSWORD, "RetireJS repo.js");
        }
    }

    private void tryAddHostedSuppressionCredentials(Settings settings, CredentialsStore credentialsStore) throws InvalidSettingException {
        if (settings.getString(Settings.KEYS.HOSTED_SUPPRESSIONS_PASSWORD) != null) {
            addUserPasswordCreds(settings, credentialsStore, Settings.KEYS.HOSTED_SUPPRESSIONS_USER, Settings.KEYS.HOSTED_SUPPRESSIONS_URL, Settings.KEYS.HOSTED_SUPPRESSIONS_PASSWORD, "Hosted suppressions");
        }
    }

    private void tryAddKEVCredentials(Settings settings, CredentialsStore credentialsStore) throws InvalidSettingException {
        if (settings.getString(Settings.KEYS.KEV_PASSWORD) != null) {
            addUserPasswordCreds(settings, credentialsStore, Settings.KEYS.KEV_USER, Settings.KEYS.KEV_URL, Settings.KEYS.KEV_PASSWORD, "Known Exploited Vulnerabilities");
        }
    }

    private void tryAddNexusAnalyzerCredentials(Settings settings, CredentialsStore credentialsStore) throws InvalidSettingException {
        if (settings.getString(Settings.KEYS.ANALYZER_NEXUS_PASSWORD) != null) {
            addUserPasswordCreds(settings, credentialsStore, Settings.KEYS.ANALYZER_NEXUS_USER, Settings.KEYS.ANALYZER_NEXUS_URL, Settings.KEYS.ANALYZER_NEXUS_PASSWORD, "Nexus Analyzer");
        }
    }

    private void tryAddNVDApiDatafeed(Settings settings, CredentialsStore credentialsStore) throws InvalidSettingException {
        if (settings.getString(Settings.KEYS.NVD_API_DATAFEED_PASSWORD) != null) {
            addUserPasswordCreds(settings, credentialsStore, Settings.KEYS.NVD_API_DATAFEED_USER, Settings.KEYS.NVD_API_DATAFEED_URL, Settings.KEYS.NVD_API_DATAFEED_PASSWORD, "NVD API Datafeed");
        }
    }

    private void addUserPasswordCreds(Settings settings, CredentialsStore credentialsStore, String str, String str2, String str3, String str4) throws InvalidSettingException {
        String string = settings.getString(str);
        String string2 = settings.getString(str2);
        char[] charArray = settings.getString(str3, "").toCharArray();
        if (string == null || string2 == null || charArray.length == 0) {
            throw new InvalidSettingException(str4 + " URL and username are required when setting " + str4 + " password");
        }
        try {
            addCredentials(credentialsStore, str4, new URL(string2), string, charArray);
        } catch (MalformedURLException e) {
            throw new InvalidSettingException(str4 + " URL must be a valid URL", e);
        }
    }

    private static void addCredentials(CredentialsStore credentialsStore, String str, URL url, String str2, char[] cArr) throws InvalidSettingException {
        String protocol = url.getProtocol();
        if ("file".equals(protocol)) {
            LOGGER.warn("Credentials are not supported for file-protocol, double-check your configuration options for {}.", str);
            return;
        }
        if ("http".equals(protocol)) {
            LOGGER.warn("Insecure configuration: Basic Credentials are configured to be used over a plain http connection for {}. Consider migrating to https to guard the credentials.", str);
        } else if (!"https".equals(protocol)) {
            throw new InvalidSettingException("Unsupported protocol in the " + str + " URL; only file, http and https are supported");
        }
        String host = url.getHost();
        int port = url.getPort();
        credentialsStore.setCredentials(new AuthScope(protocol, host, port, (String) null, (String) null), new UsernamePasswordCredentials(str2, cArr));
    }

    public void fetchFile(URL url, File file) throws DownloadFailedException, TooManyRequestsException, ResourceNotFoundException, URLConnectionFailureException {
        fetchFile(url, file, true);
    }

    public void fetchFile(URL url, File file, boolean z) throws DownloadFailedException, TooManyRequestsException, ResourceNotFoundException, URLConnectionFailureException {
        try {
            if ("file".equals(url.getProtocol())) {
                Files.copy(Paths.get(url.toURI()), file.toPath(), StandardCopyOption.REPLACE_EXISTING);
            } else {
                BasicClassicHttpRequest basicClassicHttpRequest = new BasicClassicHttpRequest(Method.GET, url.toURI());
                CloseableHttpClient build = z ? this.httpClientBuilder.build() : this.httpClientBuilderExplicitNoproxy.build();
                try {
                    build.execute(basicClassicHttpRequest, new SaveToFileResponseHandler(file));
                    if (build != null) {
                        build.close();
                    }
                } catch (Throwable th) {
                    if (build != null) {
                        try {
                            build.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            }
        } catch (SSLHandshakeException e) {
            if (!e.getMessage().contains("unable to find valid certification path to requested target")) {
                throw new DownloadFailedException(String.format("Download failed, unable to copy '%s' to '%s'; %s", url, file.getAbsolutePath(), e.getMessage()), e);
            }
            throw new URLConnectionFailureException(String.format("Unable to connect to '%s' - the Java trust store does not contain a trusted root for the cert. Please see https://github.com/jeremylong/InstallCert for one method of updating the trusted certificates.", url), e);
        } catch (IOException | RuntimeException | URISyntaxException e2) {
            throw new DownloadFailedException(String.format("Download failed, unable to copy '%s' to '%s'; %s", url, file.getAbsolutePath(), e2.getMessage()), e2);
        } catch (HttpResponseException e3) {
            wrapAndThrowHttpResponseException(url.toString(), e3);
        }
    }

    private static void wrapAndThrowHttpResponseException(String str, HttpResponseException httpResponseException) throws ResourceNotFoundException, TooManyRequestsException, DownloadFailedException {
        switch (httpResponseException.getStatusCode()) {
            case 404:
                throw new ResourceNotFoundException(String.format("%s - Server status: %d - Server reason: %s", str, Integer.valueOf(httpResponseException.getStatusCode()), httpResponseException.getReasonPhrase()), httpResponseException);
            case 429:
                throw new TooManyRequestsException(String.format("%s - Server status: %d - Server reason: %s", str, Integer.valueOf(httpResponseException.getStatusCode()), httpResponseException.getReasonPhrase()), httpResponseException);
            default:
                throw new DownloadFailedException(String.format("%s - Server status: %d - Server reason: %s", str, Integer.valueOf(httpResponseException.getStatusCode()), httpResponseException.getReasonPhrase()), httpResponseException);
        }
    }

    public void fetchFile(URL url, File file, boolean z, String str, String str2) throws DownloadFailedException, TooManyRequestsException, ResourceNotFoundException, URLConnectionFailureException {
        if ("file".equals(url.getProtocol()) || str == null || this.settings.getString(str) == null || str2 == null || this.settings.getString(str2) == null) {
            fetchFile(url, file, z);
            return;
        }
        String protocol = url.getProtocol();
        if (!"http".equals(protocol) && !"https".equals(protocol)) {
            throw new DownloadFailedException("Unsupported protocol in the URL; only file, http and https are supported");
        }
        try {
            HttpClientContext create = HttpClientContext.create();
            BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
            addCredentials(basicCredentialsProvider, url.toString(), url, this.settings.getString(str), this.settings.getString(str2).toCharArray());
            create.setCredentialsProvider(basicCredentialsProvider);
            CloseableHttpClient build = z ? this.httpClientBuilder.build() : this.httpClientBuilderExplicitNoproxy.build();
            try {
                build.execute(new BasicClassicHttpRequest(Method.GET, url.toURI()), create, new SaveToFileResponseHandler(file));
                if (build != null) {
                    build.close();
                }
            } catch (Throwable th) {
                if (build != null) {
                    try {
                        build.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (SSLHandshakeException e) {
            if (!e.getMessage().contains("unable to find valid certification path to requested target")) {
                throw new DownloadFailedException(String.format("Download failed, unable to copy '%s' to '%s'; %s", url, file.getAbsolutePath(), e.getMessage()), e);
            }
            throw new URLConnectionFailureException(String.format("Unable to connect to '%s' - the Java trust store does not contain a trusted root for the cert. Please see https://github.com/jeremylong/InstallCert for one method of updating the trusted certificates.", url), e);
        } catch (HttpResponseException e2) {
            wrapAndThrowHttpResponseException(url.toString(), e2);
        } catch (IOException | RuntimeException | URISyntaxException e3) {
            throw new DownloadFailedException(String.format("Download failed, unable to copy '%s' to '%s'; %s", url, file.getAbsolutePath(), e3.getMessage()), e3);
        }
    }

    public String postBasedFetchContent(URI uri, String str, ContentType contentType, List<Header> list) throws DownloadFailedException, TooManyRequestsException, ResourceNotFoundException, URLConnectionFailureException {
        try {
            if (uri.getScheme() == null || !uri.getScheme().toLowerCase(Locale.ROOT).matches("^https?")) {
                throw new IllegalArgumentException("Unsupported protocol in the URL; only http and https are supported");
            }
            BasicClassicHttpRequest basicClassicHttpRequest = new BasicClassicHttpRequest(Method.POST, uri);
            basicClassicHttpRequest.setEntity(new StringEntity(str, contentType));
            Iterator<Header> it = list.iterator();
            while (it.hasNext()) {
                basicClassicHttpRequest.addHeader(it.next());
            }
            CloseableHttpClient build = this.httpClientBuilder.build();
            try {
                String str2 = (String) build.execute(basicClassicHttpRequest, new BasicHttpClientResponseHandler());
                if (build != null) {
                    build.close();
                }
                return str2;
            } catch (Throwable th) {
                if (build != null) {
                    try {
                        build.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (SSLHandshakeException e) {
            if (e.getMessage().contains("unable to find valid certification path to requested target")) {
                throw new URLConnectionFailureException(String.format("Unable to connect to '%s' - the Java trust store does not contain a trusted root for the cert. Please see https://github.com/jeremylong/InstallCert for one method of updating the trusted certificates.", uri), e);
            }
            throw new DownloadFailedException(String.format("Download failed, error downloading '%s'; %s", uri, e.getMessage()), e);
        } catch (IOException | RuntimeException e2) {
            throw new DownloadFailedException(String.format("Download failed, error downloading '%s'; %s", uri, e2.getMessage()), e2);
        } catch (HttpResponseException e3) {
            wrapAndThrowHttpResponseException(uri.toString(), e3);
            throw new InternalError("wrapAndThrowHttpResponseException will always throw an exception but Java compiler fails to spot it");
        }
    }

    public String fetchContent(URL url, Charset charset) throws DownloadFailedException, TooManyRequestsException, ResourceNotFoundException {
        return fetchContent(url, true, charset);
    }

    public String fetchContent(URL url, boolean z, Charset charset) throws DownloadFailedException, TooManyRequestsException, ResourceNotFoundException {
        String str;
        try {
            if ("file".equals(url.getProtocol())) {
                str = Files.readString(Paths.get(url.toURI()), charset);
            } else {
                BasicClassicHttpRequest basicClassicHttpRequest = new BasicClassicHttpRequest(Method.GET, url.toURI());
                CloseableHttpClient build = z ? this.httpClientBuilder.build() : this.httpClientBuilderExplicitNoproxy.build();
                try {
                    str = (String) build.execute(basicClassicHttpRequest, new ExplicitEncodingToStringResponseHandler(charset));
                    if (build != null) {
                        build.close();
                    }
                } finally {
                }
            }
            return str;
        } catch (HttpResponseException e) {
            wrapAndThrowHttpResponseException(url.toString(), e);
            throw new InternalError("wrapAndThrowHttpResponseException will always throw an exception but Java compiler fails to spot it");
        } catch (IOException | RuntimeException | URISyntaxException e2) {
            throw new DownloadFailedException(String.format("Download failed, error downloading '%s'; %s", url, e2.getMessage()), e2);
        }
    }

    public <T> T fetchAndHandle(@NotNull URL url, @NotNull HttpClientResponseHandler<T> httpClientResponseHandler) throws IOException, TooManyRequestsException, ResourceNotFoundException {
        return (T) fetchAndHandle(url, httpClientResponseHandler, Collections.emptyList(), true);
    }

    public <T> T fetchAndHandle(@NotNull URL url, @NotNull HttpClientResponseHandler<T> httpClientResponseHandler, @NotNull List<Header> list) throws IOException, TooManyRequestsException, ResourceNotFoundException {
        return (T) fetchAndHandle(url, httpClientResponseHandler, list, true);
    }

    public <T> T fetchAndHandle(@NotNull URL url, @NotNull HttpClientResponseHandler<T> httpClientResponseHandler, @NotNull List<Header> list, boolean z) throws IOException, TooManyRequestsException, ResourceNotFoundException {
        Object execute;
        try {
            if ("file".equals(url.getProtocol())) {
                try {
                    InputStream newInputStream = Files.newInputStream(Paths.get(url.toURI()), new OpenOption[0]);
                    try {
                        BasicHttpEntity basicHttpEntity = new BasicHttpEntity(newInputStream, ContentType.APPLICATION_JSON);
                        BasicClassicHttpResponse basicClassicHttpResponse = new BasicClassicHttpResponse(200);
                        basicClassicHttpResponse.setEntity(basicHttpEntity);
                        execute = httpClientResponseHandler.handleResponse(basicClassicHttpResponse);
                        if (newInputStream != null) {
                            newInputStream.close();
                        }
                    } catch (Throwable th) {
                        if (newInputStream != null) {
                            try {
                                newInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                } catch (HttpException e) {
                    throw new IllegalStateException("HttpException encountered without HTTP traffic", e);
                }
            } else {
                String protocol = url.getProtocol();
                if (!"http".equals(protocol) && !"https".equals(protocol)) {
                    throw new DownloadFailedException("Unsupported protocol in the URL; only file, http and https are supported");
                }
                CloseableHttpClient build = z ? this.httpClientBuilder.build() : this.httpClientBuilderExplicitNoproxy.build();
                try {
                    BasicClassicHttpRequest basicClassicHttpRequest = new BasicClassicHttpRequest(Method.GET, url.toURI());
                    Iterator<Header> it = list.iterator();
                    while (it.hasNext()) {
                        basicClassicHttpRequest.addHeader(it.next());
                    }
                    execute = build.execute(basicClassicHttpRequest, httpClientResponseHandler);
                    if (build != null) {
                        build.close();
                    }
                } finally {
                }
            }
            return (T) execute;
        } catch (HttpResponseException e2) {
            switch (e2.getStatusCode()) {
                case 404:
                    throw new ResourceNotFoundException(String.format("%s - Server status: %d - Server reason: %s", url, Integer.valueOf(e2.getStatusCode()), e2.getReasonPhrase()));
                case 429:
                    throw new TooManyRequestsException(String.format("%s - Server status: %d - Server reason: %s", url, Integer.valueOf(e2.getStatusCode()), e2.getReasonPhrase()));
                default:
                    throw new IOException(String.format("%s - Server status: %d - Server reason: %s", url, Integer.valueOf(e2.getStatusCode()), e2.getReasonPhrase()));
            }
        } catch (RuntimeException | URISyntaxException e3) {
            throw new IOException(String.format("Download failed, unable to retrieve and parse '%s'; %s", url, e3.getMessage()), e3);
        }
    }
}
