package net.i2p.util;

import gnu.getopt.Getopt;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.io.PipedInputStream;
import java.io.PipedOutputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Locale;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import net.i2p.I2PAppContext;
import net.i2p.client.streaming.impl.Connection;
import net.i2p.crypto.CertUtil;
import net.i2p.crypto.KeyStoreUtil;
import net.i2p.data.DataHelper;
import net.i2p.util.EepGet;
import org.cybergarage.soap.SOAP;

/* loaded from: classes.dex */
public class SSLEepGet extends EepGet {
    private static final String CERT_DIR = "certificates/ssl";
    private boolean _commandLine;
    private boolean _saveCerts;
    private final SSLContext _sslContext;
    private SavingTrustManager _stm;

    /* loaded from: classes.dex */
    public static class SSLState {
        private final SSLContext context;

        private SSLState(SSLContext sSLContext) {
            this.context = sSLContext;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class SavingTrustManager implements X509TrustManager {
        private X509Certificate[] chain;
        private final X509TrustManager tm;

        SavingTrustManager(X509TrustManager x509TrustManager) {
            this.tm = x509TrustManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            throw new CertificateException();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.chain = x509CertificateArr;
            this.tm.checkServerTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    public SSLEepGet(I2PAppContext i2PAppContext, OutputStream outputStream, String str) {
        this(i2PAppContext, outputStream, str, (SSLState) null);
    }

    public SSLEepGet(I2PAppContext i2PAppContext, OutputStream outputStream, String str, SSLState sSLState) {
        this(i2PAppContext, null, outputStream, str, null);
    }

    private SSLEepGet(I2PAppContext i2PAppContext, String str, OutputStream outputStream, String str2, SSLState sSLState) {
        super(i2PAppContext, false, null, -1, 0, -1L, -1L, str, outputStream, str2, true, null, null);
        if (sSLState == null || sSLState.context == null) {
            this._sslContext = initSSLContext();
        } else {
            this._sslContext = sSLState.context;
        }
        if (this._sslContext == null) {
            this._log.error("Failed to initialize custom SSL context, using default context");
        }
    }

    public SSLEepGet(I2PAppContext i2PAppContext, String str, String str2) {
        this(i2PAppContext, str, str2, (SSLState) null);
    }

    public SSLEepGet(I2PAppContext i2PAppContext, String str, String str2, SSLState sSLState) {
        this(i2PAppContext, str, null, str2, null);
    }

    private SSLContext initSSLContext() {
        KeyStore loadSystemKeyStore = KeyStoreUtil.loadSystemKeyStore();
        if (loadSystemKeyStore == null) {
            this._log.error("Key Store init error");
            return null;
        }
        if (this._log.shouldLog(20)) {
            this._log.info("Loaded " + KeyStoreUtil.countCerts(loadSystemKeyStore) + " default trusted certificates");
        }
        File file = new File(this._context.getBaseDir(), CERT_DIR);
        int addCerts = KeyStoreUtil.addCerts(file, loadSystemKeyStore);
        int i = addCerts;
        if (addCerts > 0 && this._log.shouldLog(20)) {
            this._log.info("Loaded " + addCerts + " trusted certificates from " + file.getAbsolutePath());
        }
        if (!this._context.getBaseDir().getAbsolutePath().equals(this._context.getConfigDir().getAbsolutePath())) {
            File file2 = new File(this._context.getConfigDir(), CERT_DIR);
            int addCerts2 = KeyStoreUtil.addCerts(file2, loadSystemKeyStore);
            i += addCerts2;
            if (addCerts2 > 0 && this._log.shouldLog(20)) {
                this._log.info("Loaded " + addCerts2 + " trusted certificates from " + file2.getAbsolutePath());
            }
        }
        if (!this._context.getBaseDir().getAbsolutePath().equals(new File(System.getProperty("user.dir")).getAbsolutePath())) {
            File file3 = new File(this._context.getConfigDir(), CERT_DIR);
            int addCerts3 = KeyStoreUtil.addCerts(file3, loadSystemKeyStore);
            i += addCerts3;
            if (addCerts3 > 0 && this._log.shouldLog(20)) {
                this._log.info("Loaded " + addCerts3 + " trusted certificates from " + file3.getAbsolutePath());
            }
        }
        if (this._log.shouldLog(20)) {
            this._log.info("Loaded total of " + i + " new trusted certificates");
        }
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(loadSystemKeyStore);
            this._stm = new SavingTrustManager((X509TrustManager) trustManagerFactory.getTrustManagers()[0]);
            sSLContext.init(null, new TrustManager[]{this._stm}, null);
            return sSLContext;
        } catch (GeneralSecurityException e) {
            this._log.error("Key Store update error", e);
            return null;
        }
    }

    public static void main(String[] strArr) {
        int i;
        boolean z = false;
        boolean z2 = false;
        Getopt getopt = new Getopt("ssleepget", strArr, SOAP.XMLNS);
        while (true) {
            try {
                i = getopt.getopt();
            } catch (Exception e) {
                e.printStackTrace();
                z2 = true;
            }
            if (i == -1) {
                if (z2 || strArr.length - getopt.getOptind() != 1) {
                    usage();
                    System.exit(1);
                }
                String str = strArr[getopt.getOptind()];
                String suggestName = suggestName(str);
                try {
                    SSLEepGet sSLEepGet = new SSLEepGet(I2PAppContext.getGlobalContext(), new FileOutputStream(suggestName), str);
                    if (z) {
                        sSLEepGet._saveCerts = true;
                    }
                    sSLEepGet._commandLine = true;
                    sSLEepGet.getClass();
                    sSLEepGet.addStatusListener(new EepGet.CLIStatusListener(1024, 40));
                    if (sSLEepGet.fetch(Connection.MAX_RESEND_DELAY, -1L, 60000L)) {
                        return;
                    }
                    System.exit(1);
                    return;
                } catch (IOException e2) {
                    System.err.println("Failed to create output file " + suggestName);
                    return;
                }
            }
            switch (i) {
                case 115:
                    z = true;
                    break;
                default:
                    z2 = true;
                    break;
            }
        }
    }

    private static void saveCerts(String str, SavingTrustManager savingTrustManager) {
        X509Certificate[] x509CertificateArr = savingTrustManager.chain;
        if (x509CertificateArr == null) {
            System.out.println("Could not obtain server certificate chain");
            return;
        }
        for (int i = 0; i < x509CertificateArr.length; i++) {
            X509Certificate x509Certificate = x509CertificateArr[i];
            String str2 = str + '-' + (i + 1) + ".crt";
            System.out.println("NOTE: Saving untrusted X509 certificate as " + str2);
            System.out.println("      Issuer:     " + x509Certificate.getIssuerX500Principal());
            System.out.println("      Valid From: " + x509Certificate.getNotBefore());
            System.out.println("      Valid To:   " + x509Certificate.getNotAfter());
            try {
                x509Certificate.checkValidity();
            } catch (Exception e) {
                System.out.println("      WARNING: Certificate is not currently valid, it cannot be used");
            }
            CertUtil.saveCert(x509Certificate, new File(str2));
        }
        System.out.println("NOTE: To trust them, copy the certificate file(s) to the certificates directory and rerun without the -s option");
        System.out.println("NOTE: EepGet failed, certificate error follows:");
    }

    private static void usage() {
        System.err.println("Usage: SSLEepGet https://url\nTo save unknown certs, use: SSLEepGet -s https://url");
    }

    @Override // net.i2p.util.EepGet
    protected void doFetch(SocketTimeout socketTimeout) throws IOException {
        this._headersRead = false;
        this._aborted = false;
        try {
            readHeaders();
            this._headersRead = true;
            if (this._aborted) {
                throw new IOException("Timed out reading the HTTP headers");
            }
            if (socketTimeout != null) {
                socketTimeout.resetTimer();
                if (this._fetchInactivityTimeout > 0) {
                    socketTimeout.setInactivityTimeout(this._fetchInactivityTimeout);
                } else {
                    socketTimeout.setInactivityTimeout(60000L);
                }
            }
            if (this._redirectLocation != null) {
                throw new IOException("Server redirect to " + this._redirectLocation + " not allowed");
            }
            if (this._log.shouldLog(10)) {
                this._log.debug("Headers read completely, reading " + this._bytesRemaining);
            }
            boolean z = this._bytesRemaining >= 0;
            I2PAppThread i2PAppThread = null;
            this._decompressException = null;
            if (this._isGzippedResponse) {
                PipedInputStream bigPipedInputStream = BigPipedInputStream.getInstance();
                PipedOutputStream pipedOutputStream = new PipedOutputStream(bigPipedInputStream);
                i2PAppThread = new I2PAppThread(new EepGet.Gunzipper(bigPipedInputStream, this._out), "EepGet Decompressor");
                this._out = pipedOutputStream;
                i2PAppThread.start();
            }
            int i = (int) this._bytesRemaining;
            byte[] bArr = new byte[16384];
            while (this._keepFetching && ((i > 0 || !z) && !this._aborted)) {
                int length = bArr.length;
                if (z && length > i) {
                    length = i;
                }
                int read = this._proxyIn.read(bArr, 0, length);
                if (read == -1) {
                    break;
                }
                if (socketTimeout != null) {
                    socketTimeout.resetTimer();
                }
                this._out.write(bArr, 0, read);
                this._bytesTransferred += read;
                i -= read;
                if (i == 0 && this._encodingChunked) {
                    int read2 = this._proxyIn.read();
                    if (read2 == 13) {
                        int read3 = this._proxyIn.read();
                        if (read3 == 10) {
                            i = (int) readChunkLength();
                        } else {
                            this._out.write(read2);
                            this._out.write(read3);
                            this._bytesTransferred += 2;
                            i -= 2;
                            read += 2;
                        }
                    } else {
                        this._out.write(read2);
                        this._bytesTransferred++;
                        i--;
                        read++;
                    }
                }
                if (socketTimeout != null) {
                    socketTimeout.resetTimer();
                }
                if (this._bytesRemaining >= read) {
                    this._bytesRemaining -= read;
                }
                if (read > 0) {
                    for (int i2 = 0; i2 < this._listeners.size(); i2++) {
                        this._listeners.get(i2).bytesTransferred(this._alreadyTransferred, read, this._bytesTransferred, this._encodingChunked ? -1L : this._bytesRemaining, this._url);
                    }
                    this._alreadyTransferred += read;
                }
            }
            if (this._out != null) {
                this._out.close();
            }
            this._out = null;
            if (this._isGzippedResponse) {
                try {
                    i2PAppThread.join();
                } catch (InterruptedException e) {
                }
                if (this._decompressException != null) {
                    this._keepFetching = false;
                    throw this._decompressException;
                }
            }
            if (this._aborted) {
                throw new IOException("Timed out reading the HTTP data");
            }
            if (socketTimeout != null) {
                socketTimeout.cancel();
            }
            if (this._transferFailed) {
                for (int i3 = 0; i3 < this._listeners.size(); i3++) {
                    this._listeners.get(i3).attemptFailed(this._url, this._bytesTransferred, this._bytesRemaining, this._currentAttempt, this._numRetries, new Exception("Attempt failed"));
                }
                return;
            }
            if (this._bytesRemaining != -1 && i != 0) {
                throw new IOException("Disconnection on attempt " + this._currentAttempt + " after " + this._bytesTransferred);
            }
            for (int i4 = 0; i4 < this._listeners.size(); i4++) {
                this._listeners.get(i4).transferComplete(this._alreadyTransferred, this._bytesTransferred, this._encodingChunked ? -1L : this._bytesRemaining, this._url, this._outputFile, this._notModified);
            }
        } catch (Throwable th) {
            this._headersRead = true;
            throw th;
        }
    }

    public SSLState getSSLState() {
        return new SSLState(this._sslContext);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.i2p.util.EepGet
    public void sendRequest(SocketTimeout socketTimeout) throws IOException {
        if (this._outputStream == null) {
            File file = new File(this._outputFile);
            if (file.exists()) {
                this._alreadyTransferred = file.length();
            }
        }
        String request = getRequest();
        URL url = new URL(this._actualURL);
        if (!"https".equals(url.getProtocol())) {
            throw new MalformedURLException("Only https supported: " + this._actualURL);
        }
        String host = url.getHost();
        if (host.toLowerCase(Locale.US).endsWith(".i2p")) {
            throw new MalformedURLException("I2P addresses unsupported");
        }
        int port = url.getPort();
        if (port == -1) {
            port = 443;
        }
        if (this._sslContext != null) {
            this._proxy = this._sslContext.getSocketFactory().createSocket(host, port);
        } else {
            this._proxy = SSLSocketFactory.getDefault().createSocket(host, port);
        }
        this._proxyIn = this._proxy.getInputStream();
        this._proxyOut = this._proxy.getOutputStream();
        try {
            this._proxyOut.write(DataHelper.getUTF8(request));
            this._proxyOut.flush();
            this._proxyIn = new BufferedInputStream(this._proxyIn);
            if (this._log.shouldLog(10)) {
                this._log.debug("Request flushed");
            }
        } catch (SSLHandshakeException e) {
            this._log.error("SSL negotiation error with " + host + ':' + port + " - self-signed certificate or untrusted certificate authority?", e);
            if (this._saveCerts && this._stm != null) {
                saveCerts(host, this._stm);
            } else if (this._commandLine) {
                System.out.println("FAILED (probably due to untrusted certificates) - Run with -s option to save certificates");
            }
            throw e;
        }
    }
}
