package org.apache.tika.client;

import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashSet;
import java.util.Set;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.apache.commons.math3.analysis.interpolation.MicrosphereInterpolator;
import org.apache.http.HeaderElement;
import org.apache.http.HttpHeaders;
import org.apache.http.HttpHost;
import org.apache.http.HttpRequest;
import org.apache.http.HttpResponse;
import org.apache.http.ProtocolException;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.Credentials;
import org.apache.http.auth.NTCredentials;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.HttpClient;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.ConnectionKeepAliveStrategy;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.auth.BasicSchemeFactory;
import org.apache.http.impl.auth.NTLMSchemeFactory;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.client.LaxRedirectStrategy;
import org.apache.http.impl.conn.DefaultProxyRoutePlanner;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.message.BasicHeaderElementIterator;
import org.apache.http.protocol.HTTP;
import org.apache.http.protocol.HttpContext;
import org.apache.http.ssl.SSLContexts;
import org.apache.tika.exception.TikaConfigException;
import org.apache.tika.utils.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/tika/client/HttpClientFactory.class */
public class HttpClientFactory {
    public static final String AES_ENV_VAR = "AES_KEY";
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) HttpClientFactory.class);
    private String proxyHost;
    private int proxyPort;
    private String userName;
    private String password;
    private String ntDomain;
    private AES aes = null;
    private Set<String> allowedHostsForRedirect = new HashSet();
    private int maxConnectionsPerRoute = 1000;
    private int maxConnections = MicrosphereInterpolator.DEFAULT_MICROSPHERE_ELEMENTS;
    private int requestTimeout = 120000;
    private int connectTimeout = 120000;
    private int socketTimeout = 120000;
    private int keepAliveOnBadKeepAliveValueMs = 1000;
    private String authScheme = "basic";
    private boolean credentialsAESEncrypted = false;
    private boolean disableContentCompression = false;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/tika/client/HttpClientFactory$AES.class */
    public static class AES {
        private final SecretKeySpec secretKey;
        private byte[] key;

        private AES() throws TikaConfigException {
            this.secretKey = setKey(System.getenv(HttpClientFactory.AES_ENV_VAR));
        }

        private SecretKeySpec setKey(String str) throws TikaConfigException {
            try {
                this.key = str.getBytes(StandardCharsets.UTF_8);
                this.key = MessageDigest.getInstance(MessageDigestAlgorithms.SHA_1).digest(this.key);
                this.key = Arrays.copyOf(this.key, 16);
                return new SecretKeySpec(this.key, "AES");
            } catch (NoSuchAlgorithmException e) {
                throw new TikaConfigException("bad key", e);
            }
        }

        public String encrypt(String str) throws TikaConfigException {
            try {
                Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
                cipher.init(1, this.secretKey);
                return Base64.getEncoder().encodeToString(cipher.doFinal(str.getBytes(StandardCharsets.UTF_8)));
            } catch (InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
                throw new TikaConfigException("bad encryption info", e);
            }
        }

        public String decrypt(String str) throws TikaConfigException {
            try {
                Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5PADDING");
                cipher.init(2, this.secretKey);
                return new String(cipher.doFinal(Base64.getDecoder().decode(str)), StandardCharsets.UTF_8);
            } catch (InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
                throw new TikaConfigException("bad encryption info", e);
            }
        }
    }

    /* loaded from: input_file:org/apache/tika/client/HttpClientFactory$CustomRedirectStrategy.class */
    private static class CustomRedirectStrategy extends LaxRedirectStrategy {
        private static final Logger LOG = LoggerFactory.getLogger((Class<?>) CustomRedirectStrategy.class);
        private final Set<String> allowedHosts;

        public CustomRedirectStrategy(Set<String> set) {
            this.allowedHosts = set;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.apache.http.impl.client.DefaultRedirectStrategy
        public URI createLocationURI(String str) throws ProtocolException {
            String str2 = str;
            try {
                new URI(str2);
            } catch (URISyntaxException e) {
                LOG.warn("Redirected URL: [ " + str2 + " ] will be encoded");
                try {
                    str2 = URLEncoder.encode(str2, StandardCharsets.UTF_8.name());
                } catch (UnsupportedEncodingException e2) {
                    LOG.warn("Well, that didn't work out... :(");
                }
            }
            return super.createLocationURI(str2);
        }

        @Override // org.apache.http.impl.client.DefaultRedirectStrategy, org.apache.http.client.RedirectStrategy
        public boolean isRedirected(HttpRequest httpRequest, HttpResponse httpResponse, HttpContext httpContext) throws ProtocolException {
            boolean isRedirected = super.isRedirected(httpRequest, httpResponse, httpContext);
            if (isRedirected) {
                String value = httpResponse.getFirstHeader(HttpHeaders.LOCATION).getValue();
                if (StringUtils.isBlank(value)) {
                    return false;
                }
                try {
                    URI uri = new URI(value);
                    if (!this.allowedHosts.isEmpty() && !this.allowedHosts.contains(uri.getHost())) {
                        LOG.info("Not allowing external redirect. OriginalUrl={}, RedirectLocation={}", httpRequest.getRequestLine().getUri(), value);
                        return false;
                    }
                } catch (URISyntaxException e) {
                    return true;
                }
            }
            return isRedirected;
        }
    }

    public String getProxyHost() {
        return this.proxyHost;
    }

    public void setProxyHost(String str) {
        this.proxyHost = str;
    }

    public int getProxyPort() {
        return this.proxyPort;
    }

    public void setProxyPort(int i) {
        this.proxyPort = i;
    }

    public Set<String> getAllowedHostsForRedirect() {
        return this.allowedHostsForRedirect;
    }

    public void setAllowedHostsForRedirect(Set<String> set) {
        this.allowedHostsForRedirect = set;
    }

    public int getMaxConnectionsPerRoute() {
        return this.maxConnectionsPerRoute;
    }

    public void setMaxConnectionsPerRoute(int i) {
        this.maxConnectionsPerRoute = i;
    }

    public int getMaxConnections() {
        return this.maxConnections;
    }

    public void setMaxConnections(int i) {
        this.maxConnections = i;
    }

    public int getRequestTimeout() {
        return this.requestTimeout;
    }

    public void setRequestTimeout(int i) {
        this.requestTimeout = i;
    }

    public int getConnectTimeout() {
        return this.connectTimeout;
    }

    public void setConnectTimeout(int i) {
        this.connectTimeout = i;
    }

    public int getSocketTimeout() {
        return this.socketTimeout;
    }

    public void setSocketTimeout(int i) {
        this.socketTimeout = i;
    }

    public int getKeepAliveOnBadKeepAliveValueMs() {
        return this.keepAliveOnBadKeepAliveValueMs;
    }

    public void setKeepAliveOnBadKeepAliveValueMs(int i) {
        this.keepAliveOnBadKeepAliveValueMs = i;
    }

    public String getUserName() {
        return this.userName;
    }

    public void setUserName(String str) {
        this.userName = str;
    }

    public String getPassword() {
        return this.password;
    }

    public void setPassword(String str) {
        this.password = str;
    }

    public String getNtDomain() {
        return this.ntDomain;
    }

    public void setNtDomain(String str) {
        this.ntDomain = str;
    }

    public String getAuthScheme() {
        return this.authScheme;
    }

    public void setAuthScheme(String str) {
        this.authScheme = str;
    }

    public void setCredentialsAESEncrypted(boolean z) throws TikaConfigException {
        if (z) {
            if (System.getenv(AES_ENV_VAR) == null) {
                throw new TikaConfigException("must specify aes key in the environment variable: AES_KEY");
            }
            if (z) {
                this.aes = new AES();
            }
        }
        this.credentialsAESEncrypted = z;
    }

    public void setDisableContentCompression(boolean z) {
        this.disableContentCompression = z;
    }

    public HttpClientFactory copy() throws TikaConfigException {
        HttpClientFactory httpClientFactory = new HttpClientFactory();
        httpClientFactory.setAllowedHostsForRedirect(new HashSet(this.allowedHostsForRedirect));
        httpClientFactory.setAuthScheme(this.authScheme);
        httpClientFactory.setConnectTimeout(this.connectTimeout);
        httpClientFactory.setCredentialsAESEncrypted(this.credentialsAESEncrypted);
        httpClientFactory.setDisableContentCompression(this.disableContentCompression);
        httpClientFactory.setKeepAliveOnBadKeepAliveValueMs(this.keepAliveOnBadKeepAliveValueMs);
        httpClientFactory.setMaxConnectionsPerRoute(this.maxConnectionsPerRoute);
        httpClientFactory.setMaxConnections(this.maxConnections);
        httpClientFactory.setNtDomain(this.ntDomain);
        httpClientFactory.setPassword(this.password);
        httpClientFactory.setProxyHost(this.proxyHost);
        httpClientFactory.setProxyPort(this.proxyPort);
        httpClientFactory.setRequestTimeout(this.requestTimeout);
        httpClientFactory.setSocketTimeout(this.socketTimeout);
        return httpClientFactory;
    }

    public HttpClient build() throws TikaConfigException {
        LOG.info("http client does not verify ssl at this point.  If you need that, please open a ticket.");
        try {
            SSLConnectionSocketFactory sSLConnectionSocketFactory = new SSLConnectionSocketFactory(SSLContexts.custom().loadTrustMaterial((KeyStore) null, (x509CertificateArr, str) -> {
                return true;
            }).build(), NoopHostnameVerifier.INSTANCE);
            PoolingHttpClientConnectionManager poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager((Registry<ConnectionSocketFactory>) RegistryBuilder.create().register("https", sSLConnectionSocketFactory).register("http", new PlainConnectionSocketFactory()).build());
            poolingHttpClientConnectionManager.setDefaultMaxPerRoute(this.maxConnectionsPerRoute);
            poolingHttpClientConnectionManager.setMaxTotal(this.maxConnections);
            HttpClientBuilder custom = HttpClients.custom();
            if (this.disableContentCompression) {
                custom.disableContentCompression();
            }
            addCredentialsProvider(custom);
            addProxy(custom);
            return custom.setConnectionManager(poolingHttpClientConnectionManager).setRedirectStrategy(new CustomRedirectStrategy(this.allowedHostsForRedirect)).setDefaultRequestConfig(RequestConfig.custom().setTargetPreferredAuthSchemes(Arrays.asList("Basic", "NTLM")).setConnectionRequestTimeout(this.requestTimeout).setConnectionRequestTimeout(this.connectTimeout).setSocketTimeout(this.socketTimeout).build()).setKeepAliveStrategy(getKeepAliveStrategy()).setSSLSocketFactory(sSLConnectionSocketFactory).setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE).build();
        } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException e) {
            throw new TikaConfigException("", e);
        }
    }

    private void addProxy(HttpClientBuilder httpClientBuilder) {
        if (StringUtils.isBlank(this.proxyHost)) {
            return;
        }
        httpClientBuilder.setRoutePlanner(new DefaultProxyRoutePlanner(new HttpHost(this.proxyHost, this.proxyPort)));
    }

    private void addCredentialsProvider(HttpClientBuilder httpClientBuilder) throws TikaConfigException {
        if (StringUtils.isBlank(this.userName) && StringUtils.isBlank(this.password)) {
            return;
        }
        if ((StringUtils.isBlank(this.userName) && StringUtils.isBlank(this.password)) || (StringUtils.isBlank(this.password) && StringUtils.isBlank(this.userName))) {
            throw new IllegalArgumentException("can't have one of 'username', 'password' null and the other not");
        }
        String decrypt = decrypt(this.userName);
        String decrypt2 = decrypt(this.password);
        String decrypt3 = decrypt(this.ntDomain);
        BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
        Credentials credentials = null;
        Registry registry = null;
        if (this.authScheme.equals("basic")) {
            credentials = new UsernamePasswordCredentials(decrypt, decrypt2);
            registry = RegistryBuilder.create().register("basic", new BasicSchemeFactory()).build();
        } else if (this.authScheme.equals("ntlm")) {
            if (StringUtils.isBlank(this.ntDomain)) {
                throw new IllegalArgumentException("must specify 'ntDomain'");
            }
            credentials = new NTCredentials(decrypt, decrypt2, null, decrypt3);
            registry = RegistryBuilder.create().register("ntlm", new NTLMSchemeFactory()).build();
        }
        basicCredentialsProvider.setCredentials(AuthScope.ANY, credentials);
        httpClientBuilder.setDefaultCredentialsProvider(basicCredentialsProvider);
        httpClientBuilder.setDefaultAuthSchemeRegistry(registry);
    }

    private String decrypt(String str) throws TikaConfigException {
        return (this.aes == null || str == null) ? str : this.aes.decrypt(str);
    }

    public ConnectionKeepAliveStrategy getKeepAliveStrategy() {
        return (httpResponse, httpContext) -> {
            BasicHeaderElementIterator basicHeaderElementIterator = new BasicHeaderElementIterator(httpResponse.headerIterator(HTTP.CONN_KEEP_ALIVE));
            while (basicHeaderElementIterator.hasNext()) {
                HeaderElement nextElement = basicHeaderElementIterator.nextElement();
                String name = nextElement.getName();
                String value = nextElement.getValue();
                if (value != null && name != null && name.equalsIgnoreCase("timeout")) {
                    try {
                        return Long.parseLong(value) * 1000;
                    } catch (NumberFormatException e) {
                    }
                }
            }
            return this.keepAliveOnBadKeepAliveValueMs;
        };
    }
}
