package com.denimgroup.threadfix.remote;

import com.denimgroup.threadfix.logging.SanitizedLogger;
import com.denimgroup.threadfix.properties.PropertiesManager;
import com.denimgroup.threadfix.remote.response.ResponseParser;
import com.denimgroup.threadfix.remote.response.RestResponse;
import java.io.File;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLEncoder;
import javax.annotation.Nonnull;
import javax.net.ssl.SSLHandshakeException;
import org.apache.commons.httpclient.Header;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.methods.multipart.FilePart;
import org.apache.commons.httpclient.methods.multipart.MultipartRequestEntity;
import org.apache.commons.httpclient.methods.multipart.Part;
import org.apache.commons.httpclient.methods.multipart.StringPart;
import org.apache.commons.httpclient.protocol.Protocol;
import org.apache.commons.validator.routines.UrlValidator;

/* loaded from: input_file:com/denimgroup/threadfix/remote/HttpRestUtils.class */
public class HttpRestUtils {
    public static final String API_KEY_SEGMENT = "?apiKey=";

    @Nonnull
    final PropertiesManager propertiesManager;
    private boolean unsafeFlag = false;
    public static final String JAVA_KEY_STORE_FILE = getKeyStoreFile();
    private static int count = 0;
    private static final SanitizedLogger LOGGER = new SanitizedLogger(HttpRestUtils.class);

    public HttpRestUtils(@Nonnull PropertiesManager propertiesManager) {
        this.propertiesManager = propertiesManager;
        System.setProperty("javax.net.ssl.trustStore", JAVA_KEY_STORE_FILE);
    }

    @Nonnull
    public <T> RestResponse<T> httpPostFile(@Nonnull String str, @Nonnull File file, @Nonnull String[] strArr, @Nonnull String[] strArr2, @Nonnull Class<T> cls) {
        if (isUnsafeFlag()) {
            Protocol.registerProtocol("https", new Protocol("https", new AcceptAllTrustFactory(), 443));
        }
        String makePostUrl = makePostUrl(str);
        if (makePostUrl == null) {
            LOGGER.debug("The POST url could not be generated. Aborting request.");
            return ResponseParser.getErrorResponse("The POST url could not be generated and the request was not attempted.", 0);
        }
        PostMethod postMethod = new PostMethod(makePostUrl);
        postMethod.setRequestHeader("Accept", "application/json");
        RestResponse<T> restResponse = null;
        int i = -1;
        try {
            Part[] partArr = new Part[strArr.length + 2];
            partArr[strArr.length] = new FilePart("file", file);
            partArr[strArr.length + 1] = new StringPart("apiKey", this.propertiesManager.getKey());
            for (int i2 = 0; i2 < strArr.length; i2++) {
                partArr[i2] = new StringPart(strArr[i2], strArr2[i2]);
            }
            postMethod.setRequestEntity(new MultipartRequestEntity(partArr, postMethod.getParams()));
            postMethod.setContentChunked(true);
            i = new HttpClient().executeMethod(postMethod);
            if (i != 200) {
                LOGGER.warn("Request for '" + makePostUrl + "' status was " + i + ", not 200 as expected.");
            }
            if (i == 302) {
                printRedirectInformation(postMethod.getResponseHeader("Location"));
            }
            restResponse = ResponseParser.getRestResponse(postMethod.getResponseBodyAsStream(), i, cls);
        } catch (SSLHandshakeException e) {
            importCert(e);
        } catch (IOException e2) {
            LOGGER.error("There was an error and the POST request was not finished.", e2);
            restResponse = ResponseParser.getErrorResponse("There was an error and the POST request was not finished.", i);
        }
        return restResponse;
    }

    @Nonnull
    public <T> RestResponse<T> httpPost(@Nonnull String str, @Nonnull String[] strArr, @Nonnull String[] strArr2, @Nonnull Class<T> cls) {
        if (isUnsafeFlag()) {
            Protocol.registerProtocol("https", new Protocol("https", new AcceptAllTrustFactory(), 443));
        }
        String makePostUrl = makePostUrl(str);
        if (makePostUrl == null) {
            LOGGER.debug("The POST url could not be generated. Aborting request.");
            return ResponseParser.getErrorResponse("The POST url could not be generated and the request was not attempted.", 0);
        }
        PostMethod postMethod = new PostMethod(makePostUrl);
        postMethod.setRequestHeader("Accept", "application/json");
        int i = -1;
        RestResponse<T> restResponse = null;
        for (int i2 = 0; i2 < strArr.length; i2++) {
            try {
                if (strArr[i2] != null && strArr2[i2] != null) {
                    postMethod.addParameter(strArr[i2], strArr2[i2]);
                }
            } catch (SSLHandshakeException e) {
                importCert(e);
            } catch (IOException e2) {
                LOGGER.error("Encountered IOException while trying to post to " + str, e2);
                restResponse = ResponseParser.getErrorResponse("There was an error and the POST request was not finished.", i);
            }
        }
        addApiKey(postMethod);
        i = new HttpClient().executeMethod(postMethod);
        if (i != 200) {
            LOGGER.warn("Request for '" + makePostUrl + "' status was " + i + ", not 200 as expected.");
        }
        if (i == 302) {
            printRedirectInformation(postMethod.getResponseHeader("Location"));
        }
        restResponse = ResponseParser.getRestResponse(postMethod.getResponseBodyAsStream(), i, cls);
        return restResponse;
    }

    private void printRedirectInformation(Header header) {
        LOGGER.warn("Location header for 302 response was: " + header);
        if (header == null || header.getValue() == null) {
            return;
        }
        String value = header.getValue();
        if (value.contains("login.jsp")) {
            String str = value.substring(0, value.indexOf("login.jsp")) + "rest";
            LOGGER.info("Based on the Location header, the correct URL should be: " + str);
            LOGGER.info("Set it with -s url " + str);
        }
    }

    @Nonnull
    public <T> RestResponse<T> httpGet(@Nonnull String str, @Nonnull Class<T> cls) {
        return httpGet(str, "", cls);
    }

    @Nonnull
    public <T> RestResponse<T> httpGet(@Nonnull String str, @Nonnull String str2, @Nonnull Class<T> cls) {
        String makeGetUrl = makeGetUrl(str, str2);
        if (makeGetUrl == null) {
            LOGGER.debug("The GET url could not be generated. Aborting request.");
            return ResponseParser.getErrorResponse("The GET url could not be generated and the request was not attempted.", 0);
        }
        LOGGER.debug("Requesting " + makeGetUrl);
        if (isUnsafeFlag()) {
            Protocol.registerProtocol("https", new Protocol("https", new AcceptAllTrustFactory(), 443));
        }
        GetMethod getMethod = new GetMethod(makeGetUrl);
        getMethod.setRequestHeader("Accept", "application/json");
        int i = -1;
        RestResponse<T> restResponse = null;
        try {
            i = new HttpClient().executeMethod(getMethod);
            if (i != 200) {
                LOGGER.error("Status was not 200. It was " + i);
            }
            if (i == 302) {
                printRedirectInformation(getMethod.getResponseHeader("Location"));
            }
            restResponse = ResponseParser.getRestResponse(getMethod.getResponseBodyAsStream(), i, cls);
        } catch (SSLHandshakeException e) {
            importCert(e);
        } catch (IOException e2) {
            LOGGER.error("Encountered IOException while trying to post to " + str, e2);
            restResponse = ResponseParser.getErrorResponse("There was an error and the GET request was not finished.", i);
        }
        return restResponse;
    }

    @Nonnull
    private String makeGetUrl(@Nonnull String str, @Nonnull String str2) {
        String url = this.propertiesManager.getUrl();
        if (!new UrlValidator(new String[]{"http", "https"}, 8L).isValid(url)) {
            LOGGER.debug("Base url " + url + " is not a valid url. Cannot build GET url with path " + str + ". Returning null.");
            return null;
        }
        String key = this.propertiesManager.getKey();
        LOGGER.debug("Building GET url with path " + str + " and base url " + url);
        if (url.endsWith("/rest") && str.charAt(0) != '/') {
            url = url + "/";
        }
        String str3 = url + str + API_KEY_SEGMENT + key + "&" + str2;
        LOGGER.debug("Returning " + str3);
        return str3;
    }

    public static String encodeDoublePercent(String str) {
        if (str.contains("%")) {
            str = str.replaceAll("%", "%25");
        }
        return encode(str);
    }

    public static String encode(String str) {
        try {
            return URLEncoder.encode(str, "UTF-8");
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
            return null;
        }
    }

    @Nonnull
    private String makePostUrl(@Nonnull String str) {
        String url = this.propertiesManager.getUrl();
        if (!new UrlValidator(new String[]{"http", "https"}, 8L).isValid(url)) {
            LOGGER.debug("Base url " + url + " is not a valid url. Cannot build POST url with path " + str + ". Returning null.");
            return null;
        }
        LOGGER.debug("Building POST url with path " + str + " and base url " + url);
        if (url.endsWith("/rest") && str.charAt(0) != '/') {
            url = url + "/";
        }
        LOGGER.debug("Returning " + url + str);
        return url + str;
    }

    private void addApiKey(PostMethod postMethod) {
        if (this.propertiesManager.getKey() == null) {
            throw new IllegalStateException("Please set your key before using this tool. Use the -s key <key> option.");
        }
        postMethod.addParameter("apiKey", this.propertiesManager.getKey());
    }

    public boolean isUnsafeFlag() {
        return this.unsafeFlag;
    }

    public void setUnsafeFlag(boolean z) {
        this.unsafeFlag = z;
    }

    private URI getURI() throws URISyntaxException {
        return new URI(this.propertiesManager.getUrl());
    }

    private void importCert(SSLHandshakeException sSLHandshakeException) {
        if (count >= 2) {
            LOGGER.error("Unsigned certificate found. We tried to import it but was not successful.We recommend you import server certificate to the Java cacerts keystore, or add option -Dunsafe-ssl from command line to accept all unsigned certificates. Check out https://github.com/denimgroup/threadfix/wiki/Importing-Self-Signed-Certificates on how to import Self Signed Certificates.", sSLHandshakeException);
            return;
        }
        LOGGER.warn("Unsigned certificate found. Trying to import it to Java KeyStore.");
        try {
            URI uri = getURI();
            String host = uri.getHost();
            if (InstallCert.install(host.startsWith("www.") ? host.substring(4) : host, uri.getPort())) {
                count++;
                LOGGER.info("Successfully imported certificate. Please run your command again.");
            }
        } catch (Exception e) {
            LOGGER.error("Error when tried to import certificate. ", e);
        }
    }

    private static String getKeyStoreFile() {
        char c = File.separatorChar;
        File file = new File(System.getProperty("java.home") + c + "lib" + c + "security");
        File file2 = new File(file, "jssecacerts");
        if (!file2.isFile()) {
            file2 = new File(file, "cacerts");
        }
        return file2.getAbsolutePath();
    }
}
