package com.google.appengine.api.urlfetch.dev;

import com.google.appengine.api.urlfetch.URLFetchServicePb;
import com.google.appengine.repackaged.com.google.common.collect.ImmutableMap;
import com.google.appengine.repackaged.com.google.protobuf.ByteString;
import com.google.appengine.repackaged.org.apache.http.Header;
import com.google.appengine.repackaged.org.apache.http.HttpEntity;
import com.google.appengine.repackaged.org.apache.http.HttpHost;
import com.google.appengine.repackaged.org.apache.http.HttpResponse;
import com.google.appengine.repackaged.org.apache.http.client.HttpClient;
import com.google.appengine.repackaged.org.apache.http.client.methods.HttpDelete;
import com.google.appengine.repackaged.org.apache.http.client.methods.HttpGet;
import com.google.appengine.repackaged.org.apache.http.client.methods.HttpHead;
import com.google.appengine.repackaged.org.apache.http.client.methods.HttpPost;
import com.google.appengine.repackaged.org.apache.http.client.methods.HttpPut;
import com.google.appengine.repackaged.org.apache.http.client.methods.HttpRequestBase;
import com.google.appengine.repackaged.org.apache.http.client.methods.HttpUriRequest;
import com.google.appengine.repackaged.org.apache.http.client.params.ClientPNames;
import com.google.appengine.repackaged.org.apache.http.client.params.HttpClientParams;
import com.google.appengine.repackaged.org.apache.http.client.protocol.RequestAddCookies;
import com.google.appengine.repackaged.org.apache.http.conn.scheme.PlainSocketFactory;
import com.google.appengine.repackaged.org.apache.http.conn.scheme.Scheme;
import com.google.appengine.repackaged.org.apache.http.conn.scheme.SchemeRegistry;
import com.google.appengine.repackaged.org.apache.http.conn.ssl.SSLSocketFactory;
import com.google.appengine.repackaged.org.apache.http.entity.ByteArrayEntity;
import com.google.appengine.repackaged.org.apache.http.impl.client.DefaultHttpClient;
import com.google.appengine.repackaged.org.apache.http.impl.conn.ProxySelectorRoutePlanner;
import com.google.appengine.repackaged.org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;
import com.google.appengine.repackaged.org.apache.http.params.BasicHttpParams;
import com.google.appengine.repackaged.org.apache.http.params.HttpConnectionParams;
import com.google.appengine.repackaged.org.apache.http.protocol.BasicHttpContext;
import com.google.appengine.tools.development.AbstractLocalRpcService;
import com.google.appengine.tools.development.LatencyPercentiles;
import com.google.appengine.tools.development.LocalRpcService;
import com.google.appengine.tools.development.LocalServiceContext;
import com.google.apphosting.api.ApiProxy;
import com.google.auto.service.AutoService;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.ProxySelector;
import java.net.SocketTimeoutException;
import java.net.URL;
import java.security.AccessController;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

@AutoService({LocalRpcService.class})
/* loaded from: input_file:com/google/appengine/api/urlfetch/dev/LocalURLFetchService.class */
public class LocalURLFetchService extends AbstractLocalRpcService {
    private static final int DEFAULT_TIMEOUT_IN_MS = 600000;
    static final int DEFAULT_MAX_RESPONSE_LENGTH = 33554432;
    static final int DEFAULT_MAX_REDIRECTS = 5;
    public static final String PACKAGE = "urlfetch";
    private static final int TEMPORARY_RESPONSE_BUFFER_LENGTH = 4096;
    private static final String REUSE_COOKIES_LOCALLY_PROPERTY = "appengine.urlfetch.reuseCookiesLocally";
    private HttpClient validatingClient;
    private HttpClient nonValidatingClient;
    private static final ImmutableMap<URLFetchServicePb.URLFetchRequest.RequestMethod, MethodFactory> METHOD_FACTORY_MAP = buildMethodFactoryMap();
    private static final String TRUST_STORE_LOCATION = "/com/google/appengine/api/urlfetch/dev/cacerts";
    int maxResponseLength = DEFAULT_MAX_RESPONSE_LENGTH;
    int maxRedirects = 5;
    Logger logger = Logger.getLogger(LocalURLFetchService.class.getName());
    private int timeoutInMs = DEFAULT_TIMEOUT_IN_MS;

    /* loaded from: input_file:com/google/appengine/api/urlfetch/dev/LocalURLFetchService$MethodFactory.class */
    private interface MethodFactory {
        HttpRequestBase buildMethod(URLFetchServicePb.URLFetchRequest uRLFetchRequest);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/google/appengine/api/urlfetch/dev/LocalURLFetchService$ReuseCookiesLocallyHolder.class */
    public static class ReuseCookiesLocallyHolder {
        static final boolean INSTANCE = Boolean.getBoolean(LocalURLFetchService.REUSE_COOKIES_LOCALLY_PROPERTY);

        private ReuseCookiesLocallyHolder() {
        }
    }

    private static ImmutableMap<URLFetchServicePb.URLFetchRequest.RequestMethod, MethodFactory> buildMethodFactoryMap() {
        return ImmutableMap.builder().put(URLFetchServicePb.URLFetchRequest.RequestMethod.GET, uRLFetchRequest -> {
            return new HttpGet(uRLFetchRequest.getUrl());
        }).put(URLFetchServicePb.URLFetchRequest.RequestMethod.DELETE, uRLFetchRequest2 -> {
            return new HttpDelete(uRLFetchRequest2.getUrl());
        }).put(URLFetchServicePb.URLFetchRequest.RequestMethod.HEAD, uRLFetchRequest3 -> {
            return new HttpHead(uRLFetchRequest3.getUrl());
        }).put(URLFetchServicePb.URLFetchRequest.RequestMethod.POST, uRLFetchRequest4 -> {
            HttpPost httpPost = new HttpPost(uRLFetchRequest4.getUrl());
            if (uRLFetchRequest4.hasPayload()) {
                httpPost.setEntity(new ByteArrayEntity(uRLFetchRequest4.getPayload().toByteArray()));
            }
            return httpPost;
        }).put(URLFetchServicePb.URLFetchRequest.RequestMethod.PUT, uRLFetchRequest5 -> {
            HttpPut httpPut = new HttpPut(uRLFetchRequest5.getUrl());
            if (uRLFetchRequest5.hasPayload()) {
                httpPut.setEntity(new ByteArrayEntity(uRLFetchRequest5.getPayload().toByteArray()));
            }
            return httpPut;
        }).put(URLFetchServicePb.URLFetchRequest.RequestMethod.PATCH, uRLFetchRequest6 -> {
            HttpPatch httpPatch = new HttpPatch(uRLFetchRequest6.getUrl());
            if (uRLFetchRequest6.hasPayload()) {
                httpPatch.setEntity(new ByteArrayEntity(uRLFetchRequest6.getPayload().toByteArray()));
            }
            return httpPatch;
        }).build();
    }

    @Override // com.google.appengine.tools.development.LocalRpcService
    public String getPackage() {
        return PACKAGE;
    }

    public void setTimeoutInMs(int i) {
        this.timeoutInMs = i;
    }

    private KeyStore getTrustStore() throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException {
        InputStream resourceAsStream = getClass().getResourceAsStream(TRUST_STORE_LOCATION);
        Throwable th = null;
        try {
            if (resourceAsStream == null) {
                throw new IOException("Couldn't get trust store stream");
            }
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(resourceAsStream, null);
            if (resourceAsStream != null) {
                if (0 != 0) {
                    try {
                        resourceAsStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    resourceAsStream.close();
                }
            }
            return keyStore;
        } catch (Throwable th3) {
            if (resourceAsStream != null) {
                if (0 != 0) {
                    try {
                        resourceAsStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    resourceAsStream.close();
                }
            }
            throw th3;
        }
    }

    private Scheme createValidatingScheme() throws Exception {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(null, null);
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(getTrustStore());
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(keyManagers, trustManagers, null);
        SSLSocketFactory sSLSocketFactory = new SSLSocketFactory(sSLContext);
        sSLSocketFactory.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
        return new Scheme("https", sSLSocketFactory, 443);
    }

    private Scheme createNonvalidatingScheme() throws KeyManagementException, NoSuchAlgorithmException {
        X509TrustManager x509TrustManager = new X509TrustManager() { // from class: com.google.appengine.api.urlfetch.dev.LocalURLFetchService.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        };
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, new TrustManager[]{x509TrustManager}, null);
        return new Scheme("https", new SSLSocketFactory(sSLContext, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER), 443);
    }

    public HttpClient createHttpClient(boolean z) {
        Scheme scheme = null;
        if (z) {
            try {
                scheme = createValidatingScheme();
            } catch (Exception e) {
                z = false;
                this.logger.log(Level.WARNING, "Encountered exception trying to initialize SSL. SSL certificate validation will be disabled", (Throwable) e);
            }
        }
        if (!z) {
            try {
                scheme = createNonvalidatingScheme();
            } catch (KeyManagementException e2) {
                this.logger.log(Level.WARNING, "Encountered exception trying to initialize SSL. All HTTPS fetches will be disabled.", (Throwable) e2);
                scheme = null;
            } catch (NoSuchAlgorithmException e3) {
                this.logger.log(Level.WARNING, "Encountered exception trying to initialize SSL. All HTTPS fetches will be disabled.", (Throwable) e3);
                scheme = null;
            }
        }
        Scheme scheme2 = new Scheme(HttpHost.DEFAULT_SCHEME_NAME, PlainSocketFactory.getSocketFactory(), 80);
        SchemeRegistry schemeRegistry = new SchemeRegistry();
        if (scheme != null) {
            schemeRegistry.register(scheme);
        }
        schemeRegistry.register(scheme2);
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient(new ThreadSafeClientConnManager(new BasicHttpParams(), schemeRegistry), new BasicHttpParams());
        if (!ReuseCookiesLocallyHolder.INSTANCE) {
            defaultHttpClient.removeRequestInterceptorByClass(RequestAddCookies.class);
        }
        defaultHttpClient.getParams().setIntParameter(ClientPNames.MAX_REDIRECTS, this.maxRedirects);
        defaultHttpClient.setRedirectStrategy(new AllMethodsRedirectStrategy());
        defaultHttpClient.setRoutePlanner(new ProxySelectorRoutePlanner(defaultHttpClient.getConnectionManager().getSchemeRegistry(), ProxySelector.getDefault()));
        return defaultHttpClient;
    }

    @Override // com.google.appengine.tools.development.AbstractLocalRpcService, com.google.appengine.tools.development.LocalRpcService
    public void init(LocalServiceContext localServiceContext, Map<String, String> map) {
    }

    @Override // com.google.appengine.tools.development.AbstractLocalRpcService, com.google.appengine.tools.development.LocalRpcService
    public void start() {
    }

    @Override // com.google.appengine.tools.development.AbstractLocalRpcService, com.google.appengine.tools.development.LocalRpcService
    public void stop() {
    }

    private byte[] responseToByteArray(HttpEntity httpEntity) throws IOException {
        InputStream content = httpEntity.getContent();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[4096];
        while (true) {
            int read = content.read(bArr);
            if (read == -1) {
                return byteArrayOutputStream.toByteArray();
            }
            byteArrayOutputStream.write(bArr, 0, read);
        }
    }

    @LatencyPercentiles(latency50th = 5)
    public URLFetchServicePb.URLFetchResponse fetch(LocalRpcService.Status status, URLFetchServicePb.URLFetchRequest uRLFetchRequest) {
        if (status == null) {
            throw new NullPointerException("status cannot be null.");
        }
        if (uRLFetchRequest == null) {
            throw new NullPointerException("request cannot be null.");
        }
        if (!hasValidURL(uRLFetchRequest)) {
            throw new ApiProxy.ApplicationException(URLFetchServicePb.URLFetchServiceError.ErrorCode.INVALID_URL.getNumber(), "Invalid URL: " + uRLFetchRequest.getUrl());
        }
        MethodFactory methodFactory = (MethodFactory) METHOD_FACTORY_MAP.get(uRLFetchRequest.getMethod());
        if (methodFactory == null) {
            throw new ApiProxy.ApplicationException(URLFetchServicePb.URLFetchServiceError.ErrorCode.INVALID_URL.getNumber(), "Unsupported method: " + uRLFetchRequest.getMethod());
        }
        HttpRequestBase buildMethod = methodFactory.buildMethod(uRLFetchRequest);
        BasicHttpParams basicHttpParams = new BasicHttpParams();
        HttpClientParams.setRedirecting(basicHttpParams, uRLFetchRequest.getFollowRedirects());
        HttpConnectionParams.setConnectionTimeout(basicHttpParams, this.timeoutInMs);
        HttpConnectionParams.setSoTimeout(basicHttpParams, this.timeoutInMs);
        buildMethod.setParams(basicHttpParams);
        boolean z = false;
        for (URLFetchServicePb.URLFetchRequest.Header header : uRLFetchRequest.getHeaderList()) {
            if (!header.getKey().equalsIgnoreCase("Content-Length")) {
                buildMethod.addHeader(header.getKey(), header.getValue());
                if (header.getKey().equalsIgnoreCase("Content-Type")) {
                    z = true;
                }
            }
        }
        if (!z && uRLFetchRequest.getMethod() == URLFetchServicePb.URLFetchRequest.RequestMethod.POST && uRLFetchRequest.hasPayload()) {
            buildMethod.addHeader("Content-Type", "application/x-www-form-urlencoded");
        }
        URLFetchServicePb.URLFetchResponse.Builder newBuilder = URLFetchServicePb.URLFetchResponse.newBuilder();
        try {
            HttpResponse doPrivilegedExecute = doPrivilegedExecute(uRLFetchRequest, buildMethod, newBuilder);
            int statusCode = doPrivilegedExecute.getStatusLine().getStatusCode();
            if (statusCode < 100 || statusCode >= 600) {
                throw new ApiProxy.ApplicationException(URLFetchServicePb.URLFetchServiceError.ErrorCode.FETCH_ERROR.getNumber(), "Status code " + statusCode + " unknown when making " + buildMethod.getMethod() + " request to URL: " + uRLFetchRequest.getUrl());
            }
            HttpEntity entity = doPrivilegedExecute.getEntity();
            if (entity != null) {
                byte[] responseToByteArray = responseToByteArray(entity);
                if (responseToByteArray.length > this.maxResponseLength) {
                    responseToByteArray = Arrays.copyOf(responseToByteArray, this.maxResponseLength);
                    newBuilder.setContentWasTruncated(true);
                }
                newBuilder.setContent(ByteString.copyFrom(responseToByteArray));
            }
            httpclientHeadersToPbHeaders(doPrivilegedExecute.getAllHeaders(), newBuilder);
            return newBuilder.build();
        } catch (SocketTimeoutException e) {
            throw new ApiProxy.ApplicationException(URLFetchServicePb.URLFetchServiceError.ErrorCode.DEADLINE_EXCEEDED.getNumber(), "http method " + buildMethod.getMethod() + " against URL " + uRLFetchRequest.getUrl() + " timed out.");
        } catch (SSLException e2) {
            throw new ApiProxy.ApplicationException(URLFetchServicePb.URLFetchServiceError.ErrorCode.SSL_CERTIFICATE_ERROR.getNumber(), "Couldn't validate the server's SSL certificate for URL " + uRLFetchRequest.getUrl() + ": " + e2.getMessage());
        } catch (IOException e3) {
            if (e3.getCause() == null || !e3.getCause().getMessage().matches("Maximum redirects \\([0-9]+\\) exceeded")) {
                throw new ApiProxy.ApplicationException(URLFetchServicePb.URLFetchServiceError.ErrorCode.FETCH_ERROR.getNumber(), "Received exception executing http method " + buildMethod.getMethod() + " against URL " + uRLFetchRequest.getUrl() + ": " + e3.getMessage());
            }
            throw new ApiProxy.ApplicationException(URLFetchServicePb.URLFetchServiceError.ErrorCode.TOO_MANY_REDIRECTS.getNumber(), "Received exception executing http method " + buildMethod.getMethod() + " against URL " + uRLFetchRequest.getUrl() + ": " + e3.getCause().getMessage());
        }
    }

    private HttpResponse doPrivilegedExecute(final URLFetchServicePb.URLFetchRequest uRLFetchRequest, final HttpRequestBase httpRequestBase, final URLFetchServicePb.URLFetchResponse.Builder builder) throws IOException {
        try {
            return (HttpResponse) AccessController.doPrivileged(new PrivilegedExceptionAction<HttpResponse>() { // from class: com.google.appengine.api.urlfetch.dev.LocalURLFetchService.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public HttpResponse run() throws IOException {
                    BasicHttpContext basicHttpContext = new BasicHttpContext();
                    HttpResponse execute = (uRLFetchRequest.hasMustValidateServerCertificate() && uRLFetchRequest.getMustValidateServerCertificate()) ? LocalURLFetchService.this.getValidatingClient().execute(httpRequestBase, basicHttpContext) : LocalURLFetchService.this.getNonValidatingClient().execute(httpRequestBase, basicHttpContext);
                    builder.setStatusCode(execute.getStatusLine().getStatusCode());
                    String str = ((HttpHost) basicHttpContext.getAttribute("http.target_host")).toURI() + ((HttpUriRequest) basicHttpContext.getAttribute("http.request")).getURI();
                    if (!str.equals(httpRequestBase.getURI().toString())) {
                        builder.setFinalUrl(str);
                    }
                    return execute;
                }
            });
        } catch (PrivilegedActionException e) {
            Throwable cause = e.getCause();
            if (cause instanceof IOException) {
                throw ((IOException) cause);
            }
            throw new RuntimeException(e);
        }
    }

    boolean isAllowedPort(int i) {
        return i == -1 || (i >= 80 && i <= 90) || ((i >= 440 && i <= 450) || i >= 1024);
    }

    boolean hasValidURL(URLFetchServicePb.URLFetchRequest uRLFetchRequest) {
        if (!uRLFetchRequest.hasUrl() || uRLFetchRequest.getUrl().length() == 0) {
            return false;
        }
        try {
            URL url = new URL(uRLFetchRequest.getUrl());
            if (!url.getProtocol().equals(HttpHost.DEFAULT_SCHEME_NAME) && !url.getProtocol().equals("https")) {
                return false;
            }
            if (isAllowedPort(url.getPort())) {
                return true;
            }
            this.logger.log(Level.WARNING, String.format("urlfetch received %s ; port %s is not allowed in production!", url, Integer.valueOf(url.getPort())));
            return true;
        } catch (MalformedURLException e) {
            return false;
        }
    }

    void httpclientHeadersToPbHeaders(Header[] headerArr, URLFetchServicePb.URLFetchResponse.Builder builder) {
        for (Header header : headerArr) {
            builder.addHeader(URLFetchServicePb.URLFetchResponse.Header.newBuilder().setKey(header.getName()).setValue(header.getValue()));
        }
    }

    @Override // com.google.appengine.tools.development.AbstractLocalRpcService, com.google.appengine.tools.development.LocalRpcService
    public Double getMaximumDeadline(boolean z) {
        return Double.valueOf(z ? 600.0d : 60.0d);
    }

    @Override // com.google.appengine.tools.development.AbstractLocalRpcService, com.google.appengine.tools.development.LocalRpcService
    public Integer getMaxApiRequestSize() {
        return 10485760;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized HttpClient getNonValidatingClient() {
        if (this.nonValidatingClient == null) {
            this.nonValidatingClient = createHttpClient(false);
        }
        return this.nonValidatingClient;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized HttpClient getValidatingClient() {
        if (this.validatingClient == null) {
            this.validatingClient = createHttpClient(true);
        }
        return this.validatingClient;
    }
}
