package de.werum.sis.idev.connect.https;

import de.werum.sis.idev.connect.IncompleteRequestException;
import de.werum.sis.idev.connect.SendException;
import de.werum.sis.idev.connect.config.Config;
import java.io.File;
import java.io.FileFilter;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.Socket;
import java.net.URI;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.http.HttpHost;
import org.apache.http.HttpResponse;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.NTCredentials;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.auth.params.AuthPNames;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.params.AuthPolicy;
import org.apache.http.conn.params.ConnRoutePNames;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.entity.mime.MultipartEntity;
import org.apache.http.entity.mime.content.ContentBody;
import org.apache.http.entity.mime.content.StringBody;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.params.CoreConnectionPNames;
import org.apache.http.params.HttpParams;
import org.apache.http.util.EntityUtils;
import org.apache.log4j.Logger;
import org.apache.logging.log4j.core.net.ssl.SslConfigurationDefaults;
import org.apache.logging.log4j.message.ParameterizedMessage;

/* loaded from: input_file:de/werum/sis/idev/connect/https/HttpsProtocolHandler.class */
public class HttpsProtocolHandler {
    private static final String CERTIFICATE_EXT_PEM = "pem";
    private static final String CERTIFICATE_EXT_DER = "der";
    private static final String CUSTOM_CERTIFICATE_PREFIX = "CUSTOM";
    private Config config;
    private Logger logger = Logger.getLogger(getClass());
    static final /* synthetic */ boolean $assertionsDisabled;

    public HttpsProtocolHandler(Config config) {
        this.config = config;
    }

    public Config getConfig() {
        return this.config;
    }

    public void sendRequest(HttpsRequestHandler httpsRequestHandler) throws SendException, IncompleteRequestException, IOException {
        this.logger.debug("enter sendRequest");
        if (!$assertionsDisabled && getConfig() == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && httpsRequestHandler == null) {
            throw new AssertionError();
        }
        httpsRequestHandler.checkRequest();
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        this.logger.debug("Senden der Anfrage an folgende URL: " + getConfig().getUrl());
        MultipartEntity multipartEntity = new MultipartEntity();
        try {
            if (getConfig().getProxyHost() != null && getConfig().getProxyHost().length() > 0) {
                this.logger.debug("Proxy fuer HTTPS-Verbindung: " + getConfig().getProxyHost() + ParameterizedMessage.ERROR_MSG_SEPARATOR + getConfig().getProxyPort());
                defaultHttpClient.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, new HttpHost(getConfig().getProxyHost(), getConfig().getProxyPort()));
                if (getConfig().getProxyUser() != null && getConfig().getProxyUser().length() > 0) {
                    this.logger.debug("Authentifizierung am Proxy-Server als Benutzer '" + getConfig().getProxyUser() + "'");
                    defaultHttpClient.getCredentialsProvider().setCredentials(new AuthScope(getConfig().getProxyHost(), getConfig().getProxyPort()), (getConfig().getProxyDomain() == null || getConfig().getProxyDomain().length() <= 0) ? new UsernamePasswordCredentials(getConfig().getProxyUser(), getConfig().getProxyPassword()) : new NTCredentials(getConfig().getProxyUser(), getConfig().getProxyPassword(), getConfig().getProxyWorkstation(), getConfig().getProxyDomain()));
                    if (!getConfig().isProxyAuthMethodAuto()) {
                        ArrayList arrayList = new ArrayList(1);
                        if (getConfig().isProxyAuthMethodBasic()) {
                            arrayList.add(AuthPolicy.BASIC);
                        } else if (getConfig().isProxyAuthMethodDigest()) {
                            arrayList.add(AuthPolicy.DIGEST);
                        } else if (getConfig().isProxyAuthMethodNTLM()) {
                            arrayList.add(AuthPolicy.NTLM);
                        }
                        defaultHttpClient.getParams().setParameter(AuthPNames.PROXY_AUTH_PREF, arrayList);
                        this.logger.debug("Authentifizierungsmethode auf " + getConfig().getProxyAuthMethod() + " gesetzt");
                    }
                }
            }
            this.logger.debug("Request-Parameter:");
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            this.logger.debug("kennung=" + getConfig().getUserName());
            linkedHashMap.put("kennung", new StringBody(getConfig().getUserName()));
            this.logger.debug("passwort=********");
            linkedHashMap.put("passwort", new StringBody(getConfig().getPassword()));
            this.logger.debug("aktion=" + httpsRequestHandler.getActionValue());
            linkedHashMap.put("aktion", new StringBody(httpsRequestHandler.getActionValue()));
            httpsRequestHandler.addParts(linkedHashMap);
            for (Map.Entry<String, ContentBody> entry : linkedHashMap.entrySet()) {
                multipartEntity.addPart(entry.getKey(), entry.getValue());
            }
            HttpPost httpPost = new HttpPost(getConfig().getUrl());
            httpPost.setEntity(multipartEntity);
            defaultHttpClient.getParams().setIntParameter(CoreConnectionPNames.CONNECTION_TIMEOUT, httpsRequestHandler.getTimeout());
            defaultHttpClient.getParams().setLongParameter("http.conn-manager.timeout", httpsRequestHandler.getTimeout());
            try {
                if (getConfig().getUrl().startsWith("https")) {
                    defaultHttpClient.getConnectionManager().getSchemeRegistry().register(getSslScheme(new URI(getConfig().getUrl()).getHost()));
                }
                HttpResponse execute = defaultHttpClient.execute(httpPost);
                int statusCode = execute.getStatusLine().getStatusCode();
                if (statusCode != 200) {
                    this.logger.error("Fehler beim Senden der Anfrage! (Statuscode: " + statusCode + ")");
                    throw new SendException(statusCode);
                }
                this.logger.info("Die Anfrage wurde erfolgreich an den Server gesendet.");
                httpsRequestHandler.handleResponse(execute);
            } catch (Exception e) {
                this.logger.error("Fehler beim Senden der Anfrage!", e);
                throw new SendException(e);
            }
        } finally {
            try {
                EntityUtils.consume(multipartEntity);
            } catch (Throwable th) {
            }
            try {
                defaultHttpClient.getConnectionManager().shutdown();
            } catch (Throwable th2) {
            }
        }
    }

    private Scheme getSslScheme(final String str) {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
            if (Config.getCertificateDir() != null) {
                sSLContext.init(null, getCustomCertificatesTrustManagers(), null);
            } else {
                sSLContext.init(null, null, null);
            }
            return new Scheme("https", 443, new SSLSocketFactory(sSLContext) { // from class: de.werum.sis.idev.connect.https.HttpsProtocolHandler.1
                @Override // org.apache.http.conn.ssl.SSLSocketFactory, org.apache.http.conn.scheme.SchemeSocketFactory
                public Socket createSocket(HttpParams httpParams) throws IOException {
                    Socket createSocket = super.createSocket(httpParams);
                    try {
                        createSocket.getClass().getMethod("setHost", String.class).invoke(createSocket, str);
                    } catch (Throwable th) {
                        HttpsProtocolHandler.this.logger.warn("Explizites Setzen des Hosts fuer SNI-Reverse-Proxy-Fix fehlgeschlagen.", th);
                    }
                    return createSocket;
                }
            });
        } catch (KeyManagementException e) {
            throw new RuntimeException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException(e2);
        }
    }

    private TrustManager[] getCustomCertificatesTrustManagers() {
        try {
            KeyStore keyStore = KeyStore.getInstance(SslConfigurationDefaults.KEYSTORE_TYPE);
            keyStore.load(null, null);
            loadCustomCertificates(CertificateFactory.getInstance("X.509"), keyStore);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            return trustManagerFactory.getTrustManagers();
        } catch (Exception e) {
            this.logger.error("Fehler beim Einlesen der Server-Zertifikate:", e);
            throw new RuntimeException(e.toString());
        }
    }

    private void loadCustomCertificates(CertificateFactory certificateFactory, KeyStore keyStore) {
        this.logger.debug("enter loadCustomCertificates");
        String certificateDir = Config.getCertificateDir();
        if (certificateDir != null) {
            this.logger.debug("Suche nach benutzerspezifischen Zertifikaten");
            this.logger.debug("Verzeichnis: " + certificateDir);
            File[] listFiles = new File(certificateDir).listFiles(new FileFilter() { // from class: de.werum.sis.idev.connect.https.HttpsProtocolHandler.2
                @Override // java.io.FileFilter
                public boolean accept(File file) {
                    boolean z = false;
                    HttpsProtocolHandler.this.logger.debug("Pruefe Datei " + file.getName());
                    String name = file.getName();
                    int lastIndexOf = name.lastIndexOf(46);
                    if (lastIndexOf > 0 && name.length() > lastIndexOf + 1) {
                        String substring = name.substring(lastIndexOf + 1);
                        if (substring.equalsIgnoreCase(HttpsProtocolHandler.CERTIFICATE_EXT_PEM) || substring.equalsIgnoreCase(HttpsProtocolHandler.CERTIFICATE_EXT_DER)) {
                            HttpsProtocolHandler.this.logger.debug("Zertifikat gefunden");
                            z = true;
                        }
                    }
                    return z;
                }
            });
            if (listFiles != null) {
                for (int i = 0; i < listFiles.length; i++) {
                    try {
                        this.logger.debug("Lese Zertifikat " + listFiles[i]);
                        FileInputStream fileInputStream = new FileInputStream(listFiles[i]);
                        X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(fileInputStream);
                        try {
                            fileInputStream.close();
                        } catch (Exception e) {
                            this.logger.warn("Fehler beim Schliessen der Datei " + listFiles[i] + ParameterizedMessage.ERROR_MSG_SEPARATOR, e);
                        }
                        this.logger.debug("Fuege Zertifikat zum KeyStore hinzu.");
                        keyStore.setCertificateEntry(CUSTOM_CERTIFICATE_PREFIX + i, x509Certificate);
                        this.logger.info("Zertifikat " + listFiles[i] + " hinzugefuegt.");
                    } catch (FileNotFoundException e2) {
                        this.logger.warn("Fehler beim Lesen der Datei " + listFiles[i], e2);
                    } catch (KeyStoreException e3) {
                        this.logger.warn("Das Zertifikat " + listFiles[i] + " konnte nicht zum KeyStore hinzugefuegt werden", e3);
                    } catch (CertificateException e4) {
                        this.logger.warn("Fehler beim Lesen des Zertifikats " + listFiles[i], e4);
                    }
                }
            }
        }
    }

    static {
        $assertionsDisabled = !HttpsProtocolHandler.class.desiredAssertionStatus();
    }
}
