package org.openslx.dozmod.util;

import com.btr.proxy.search.ProxySearch;
import com.btr.proxy.search.wpad.WpadProxySearchStrategy;
import com.btr.proxy.util.Logger;
import java.net.ProxySelector;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.ssl.SSLContext;
import org.apache.hc.client5.http.classic.methods.HttpGet;
import org.apache.hc.client5.http.config.ConnectionConfig;
import org.apache.hc.client5.http.config.RequestConfig;
import org.apache.hc.client5.http.config.TlsConfig;
import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse;
import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder;
import org.apache.hc.core5.http.ClassicHttpRequest;
import org.apache.hc.core5.http.ssl.TLS;
import org.apache.hc.core5.util.Timeout;
import org.apache.logging.log4j.Level;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.openslx.bwlp.thrift.iface.MasterServer;
import org.openslx.dozmod.App;
import org.openslx.dozmod.authentication.ShibbolethEcp;
import org.openslx.thrifthelper.ThriftManager;
import org.openslx.util.Util;

/* loaded from: input_file:org/openslx/dozmod/util/ProxyConfigurator.class */
public class ProxyConfigurator {
    private static final List<TLS[]> TLS_CHECKLIST;
    private static SSLContext thriftCtx;
    private static final Logger LOGGER = LogManager.getLogger((Class<?>) ProxyConfigurator.class);
    private static final AtomicReference<CloseableHttpClient> apacheClient = new AtomicReference<>();
    private static final Timeout TIMEOUT_CONNECT = Timeout.ofSeconds(8L);
    private static final Timeout TIMEOUT_SOCKET = Timeout.ofSeconds(8L);
    private static final Timeout TIMEOUT_REQUEST = Timeout.ofSeconds(3L);

    /* renamed from: org.openslx.dozmod.util.ProxyConfigurator$2, reason: invalid class name */
    /* loaded from: input_file:org/openslx/dozmod/util/ProxyConfigurator$2.class */
    static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$com$btr$proxy$util$Logger$LogLevel = new int[Logger.LogLevel.values().length];

        static {
            try {
                $SwitchMap$com$btr$proxy$util$Logger$LogLevel[Logger.LogLevel.ERROR.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$btr$proxy$util$Logger$LogLevel[Logger.LogLevel.WARNING.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$btr$proxy$util$Logger$LogLevel[Logger.LogLevel.INFO.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    private static void tryAllThriftVariants() {
        thriftCtx = null;
        for (TLS[] tlsArr : TLS_CHECKLIST) {
            if (tlsArr != null) {
                try {
                    SSLContext sSLContext = SSLContext.getInstance(tlsArr[0].id);
                    sSLContext.init(null, null, null);
                    MasterServer.Client newMasterClient = ThriftManager.getNewMasterClient(sSLContext, App.getMasterServerAddress(), App.THRIFT_SSL_PORT, 4000);
                    if (newMasterClient != null) {
                        newMasterClient.ping();
                        try {
                            newMasterClient.getInputProtocol().getTransport().close();
                            newMasterClient.getOutputProtocol().getTransport().close();
                        } catch (Throwable th) {
                        }
                        thriftCtx = sSLContext;
                        return;
                    }
                    continue;
                } catch (Exception e) {
                }
            }
        }
    }

    private static void tryAllHttpsVariants() {
        HttpClientBuilder createDefaultBuilder;
        apacheClient.set(null);
        for (TLS[] tlsArr : TLS_CHECKLIST) {
            if (tlsArr == null) {
                try {
                    createDefaultBuilder = createDefaultBuilder();
                } catch (Exception e) {
                }
            } else {
                createDefaultBuilder = createSlxBuilder(tlsArr);
            }
            CloseableHttpClient build = createDefaultBuilder.build();
            if (testHttpsMaster(build)) {
                apacheClient.set(build);
                return;
            }
            continue;
        }
    }

    public static void init() {
        tryAllThriftVariants();
        if (thriftCtx != null) {
            tryAllHttpsVariants();
        }
        if (apacheClient.get() != null) {
            LOGGER.info("Not setting up proxy because master server seems reachable.");
            return;
        }
        com.btr.proxy.util.Logger.setBackend(new Logger.LogBackEnd() { // from class: org.openslx.dozmod.util.ProxyConfigurator.1
            @Override // com.btr.proxy.util.Logger.LogBackEnd
            public void log(Class<?> cls, Logger.LogLevel logLevel, String str, Object... objArr) {
                Level level;
                switch (AnonymousClass2.$SwitchMap$com$btr$proxy$util$Logger$LogLevel[logLevel.ordinal()]) {
                    case 1:
                        level = Level.ERROR;
                        break;
                    case 2:
                        level = Level.WARN;
                        break;
                    case 3:
                        level = Level.INFO;
                        break;
                    default:
                        level = Level.DEBUG;
                        break;
                }
                LogManager.getLogger(cls).log(level, MessageFormat.format(str, objArr));
            }

            @Override // com.btr.proxy.util.Logger.LogBackEnd
            public boolean isLogginEnabled(Logger.LogLevel logLevel) {
                return true;
            }
        });
        LOGGER.info("Master server not directly reachable; trying to determine proxy");
        ProxySelector proxySelector = ProxySearch.getDefaultProxySearch().getProxySelector();
        if (proxySelector == null) {
            LOGGER.error("No suitable proxy settings found, trying WPAD...");
            proxySelector = new WpadProxySearchStrategy().getProxySelector();
        }
        if (proxySelector == null) {
            LOGGER.error("Could not find a suitable proxy!");
            return;
        }
        ProxySelector.setDefault(proxySelector);
        tryAllThriftVariants();
        tryAllHttpsVariants();
        if (thriftCtx == null || apacheClient.get() == null) {
            LOGGER.warn("Could not establish Thrift/HTTPS connection after auto-configuring Proxy config");
        } else {
            LOGGER.info("Proxy initialised.");
            Util.sleep(10);
        }
    }

    public static CloseableHttpClient getClient() {
        CloseableHttpClient closeableHttpClient = apacheClient.get();
        if (closeableHttpClient != null) {
            return closeableHttpClient;
        }
        CloseableHttpClient build = createDefaultBuilder().build();
        apacheClient.compareAndSet(null, build);
        return build;
    }

    private static HttpClientBuilder createDefaultBuilder() {
        return HttpClientBuilder.create().setConnectionManager(PoolingHttpClientConnectionManagerBuilder.create().setDefaultConnectionConfig(ConnectionConfig.custom().setConnectTimeout(TIMEOUT_CONNECT).setSocketTimeout(TIMEOUT_SOCKET).build()).setMaxConnPerRoute(4).build());
    }

    private static HttpClientBuilder createSlxBuilder(TLS[] tlsArr) {
        return HttpClientBuilder.create().setConnectionManager(PoolingHttpClientConnectionManagerBuilder.create().setSSLSocketFactory(SSLConnectionSocketFactoryBuilder.create().setTlsVersions(tlsArr).build()).setDefaultTlsConfig(TlsConfig.custom().setSupportedProtocols(tlsArr).build()).setDefaultConnectionConfig(ConnectionConfig.custom().setConnectTimeout(TIMEOUT_CONNECT).setSocketTimeout(TIMEOUT_SOCKET).build()).setMaxConnPerRoute(4).build());
    }

    private static boolean testHttpsMaster(CloseableHttpClient closeableHttpClient) {
        RequestConfig build = RequestConfig.custom().setConnectionRequestTimeout(TIMEOUT_REQUEST).build();
        HttpGet httpGet = new HttpGet(ShibbolethEcp.BWLP_SP.toString());
        httpGet.setConfig(build);
        httpGet.setHeader("Accept", "text/html, application/vnd.paos+xml");
        httpGet.setHeader("PAOS", "ver=\"urn:liberty:paos:2003-08\";\"urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp\"");
        try {
            CloseableHttpResponse execute = closeableHttpClient.execute((ClassicHttpRequest) httpGet);
            try {
                LOGGER.debug("Master-server replies with " + execute.getCode());
                int code = execute.getCode();
                boolean z = code >= 200 && code < 300;
                if (execute != null) {
                    execute.close();
                }
                return z;
            } catch (Throwable th) {
                if (execute != null) {
                    try {
                        execute.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (Exception e) {
            LOGGER.debug("Cannot reach master server via HTTPS", (Throwable) e);
            return false;
        }
    }

    public static SSLContext getThriftSslContext() {
        return thriftCtx;
    }

    static {
        ArrayList arrayList = new ArrayList();
        arrayList.add(null);
        boolean z = false;
        try {
            SSLContext.getInstance("TLSv1.3");
            z = true;
        } catch (Exception e) {
        }
        if (z) {
            arrayList.add(new TLS[]{TLS.V_1_3, TLS.V_1_2});
        }
        arrayList.add(new TLS[]{TLS.V_1_2});
        arrayList.add(new TLS[]{TLS.V_1_2, TLS.V_1_1});
        TLS_CHECKLIST = Collections.unmodifiableList(arrayList);
        try {
            if (z) {
                thriftCtx = SSLContext.getInstance("TLSv1.3");
            } else {
                thriftCtx = SSLContext.getInstance("TLSv1.2");
            }
            thriftCtx.init(null, null, null);
        } catch (KeyManagementException | NoSuchAlgorithmException e2) {
            LOGGER.warn("Error creating default SSL context for thrift", e2);
        }
    }
}
