package com.checkmarx.sdk.utils.scanner.client.httpClient;

import com.checkmarx.sdk.dto.LoginSettings;
import com.checkmarx.sdk.dto.TokenLoginResponse;
import com.checkmarx.sdk.dto.sca.ClientType;
import com.checkmarx.sdk.exception.CxHTTPClientException;
import com.checkmarx.sdk.exception.CxTokenExpiredException;
import com.checkmarx.sdk.exception.ScannerRuntimeException;
import com.google.gson.Gson;
import java.io.Closeable;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.UnknownHostException;
import java.nio.charset.StandardCharsets;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.auth.AuthSchemeProvider;
import org.apache.http.client.CookieStore;
import org.apache.http.client.HttpClient;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpEntityEnclosingRequestBase;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPatch;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.client.methods.HttpRequestBase;
import org.apache.http.client.methods.RequestBuilder;
import org.apache.http.client.utils.HttpClientUtils;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.TrustAllStrategy;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.cookie.Cookie;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.NoConnectionReuseStrategy;
import org.apache.http.impl.auth.BasicSchemeFactory;
import org.apache.http.impl.auth.DigestSchemeFactory;
import org.apache.http.impl.auth.win.WindowsNTLMSchemeFactory;
import org.apache.http.impl.auth.win.WindowsNegotiateSchemeFactory;
import org.apache.http.impl.client.BasicCookieStore;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.message.BasicHeader;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;
import org.slf4j.Logger;

/* loaded from: input_file:com/checkmarx/sdk/utils/scanner/client/httpClient/CxHttpClient.class */
public class CxHttpClient implements Closeable {
    private static final String HTTPS = "https";
    private static final String LOGIN_FAILED_MSG = "Fail to login with windows authentication: ";
    public static final String CSRF_TOKEN_HEADER = "CXCSRFToken";
    private static final String DEFAULT_GRANT_TYPE = "password";
    private static final String LOCATION_HEADER = "Location";
    private static final String AUTH_MESSAGE = "authenticate";
    private static final String CLIENT_SECRET_PROP = "client_secret";
    public static final String REFRESH_TOKEN_PROP = "refresh_token";
    private static final String PASSWORD_PROP = "password";
    public static final String CLIENT_ID_PROP = "client_id";
    private static final String KEY_USER = "user";
    private static final String KEY_DOMAIN = "domain";
    public static final String SSO_AUTHENTICATION = "auth/identity/externalLogin";
    public static final String REVOCATION = "auth/identity/connect/revocation";
    public static final String ORIGIN_HEADER = "cxOrigin";
    public static final String TEAM_PATH = "cxTeamPath";
    private HttpClient apacheClient;
    private Logger log;
    private TokenLoginResponse token;
    private String rootUri;
    private LoginSettings lastLoginSettings;
    private String teamPath;
    private CookieStore cookieStore = new BasicCookieStore();
    private HttpClientBuilder cb = HttpClients.custom();
    private final Map<String, String> customHeaders = new HashMap();

    public CxHttpClient(String str, boolean z, Logger logger) throws ScannerRuntimeException {
        this.log = logger;
        this.rootUri = str;
        this.cb.setDefaultRequestConfig(RequestConfig.custom().setCookieSpec("standard").build());
        setSSLTls("TLSv1.2", logger);
        SSLContextBuilder sSLContextBuilder = new SSLContextBuilder();
        SSLConnectionSocketFactory sSLConnectionSocketFactory = null;
        PoolingHttpClientConnectionManager poolingHttpClientConnectionManager = null;
        if (z) {
            try {
                sSLContextBuilder.loadTrustMaterial((KeyStore) null, new TrustSelfSignedStrategy());
                sSLConnectionSocketFactory = new SSLConnectionSocketFactory(sSLContextBuilder.build(), NoopHostnameVerifier.INSTANCE);
                poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager(RegistryBuilder.create().register("http", new PlainConnectionSocketFactory()).register(HTTPS, sSLConnectionSocketFactory).build());
                poolingHttpClientConnectionManager.setMaxTotal(100);
            } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException e) {
                logger.error(e.getMessage());
            }
            this.cb.setSSLSocketFactory(sSLConnectionSocketFactory);
            this.cb.setConnectionManager(poolingHttpClientConnectionManager);
        } else {
            this.cb.setConnectionManager(getHttpConnectionManager(false));
        }
        this.cb.setConnectionManagerShared(true);
        this.cb.setConnectionReuseStrategy(new NoConnectionReuseStrategy());
        this.cb.setDefaultAuthSchemeRegistry(getAuthSchemeProviderRegistry());
        this.apacheClient = this.cb.build();
    }

    public void setRootUri(String str) {
        this.rootUri = str;
    }

    public String getRootUri() {
        return this.rootUri;
    }

    private static HashMap<String, String> splitDomainAndTheUserName(String str) {
        String str2 = "";
        String str3 = "";
        if (str.contains("\\")) {
            String[] split = str.split("[\\\\]");
            if (split.length == 2) {
                str2 = split[0];
                str3 = split[1];
            }
        } else if (str.contains("/")) {
            String[] split2 = str.split("[/]");
            if (split2.length == 2) {
                str2 = split2[0];
                str3 = split2[1];
            }
        } else if (str.contains("@")) {
            String[] split3 = str.split("[@]");
            if (split3.length == 2) {
                str3 = split3[0];
                str2 = split3[1];
            }
        }
        HashMap<String, String> hashMap = new HashMap<>();
        hashMap.put(KEY_USER, str3);
        hashMap.put(KEY_DOMAIN, str2);
        return hashMap;
    }

    private static SSLConnectionSocketFactory getTrustAllSSLSocketFactory() {
        try {
            return new SSLConnectionSocketFactory(SSLContexts.custom().loadTrustMaterial((KeyStore) null, new TrustAllStrategy()).build(), NoopHostnameVerifier.INSTANCE);
        } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException e) {
            throw new ScannerRuntimeException("Fail to set trust all certificate, 'SSLConnectionSocketFactory'", e);
        }
    }

    private static PoolingHttpClientConnectionManager getHttpConnectionManager(boolean z) {
        PoolingHttpClientConnectionManager poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager(RegistryBuilder.create().register(HTTPS, z ? getTrustAllSSLSocketFactory() : new SSLConnectionSocketFactory(SSLContexts.createDefault())).register("http", new PlainConnectionSocketFactory()).build());
        poolingHttpClientConnectionManager.setMaxTotal(50);
        poolingHttpClientConnectionManager.setDefaultMaxPerRoute(5);
        return poolingHttpClientConnectionManager;
    }

    private static Registry<AuthSchemeProvider> getAuthSchemeProviderRegistry() {
        return RegistryBuilder.create().register("Digest", new DigestSchemeFactory()).register("Basic", new BasicSchemeFactory()).register("NTLM", new WindowsNTLMSchemeFactory((String) null)).register("Negotiate", new WindowsNegotiateSchemeFactory((String) null)).build();
    }

    public void login(LoginSettings loginSettings) throws IOException {
        this.lastLoginSettings = loginSettings;
        if (!loginSettings.getSessionCookies().isEmpty()) {
            setSessionCookies(loginSettings.getSessionCookies());
        } else if (loginSettings.getRefreshToken() != null) {
            this.token = getAccessTokenFromRefreshToken(loginSettings);
        } else {
            this.token = generateToken(loginSettings);
        }
    }

    public ArrayList<Cookie> ssoLegacyLogin() {
        HttpResponse httpResponse = null;
        try {
            try {
                httpResponse = this.apacheClient.execute(RequestBuilder.post().setUri(this.rootUri + "auth/ssologin").setConfig(RequestConfig.DEFAULT).setEntity(new StringEntity("", StandardCharsets.UTF_8)).build());
                HttpClientUtils.closeQuietly(httpResponse);
                setSessionCookies(this.cookieStore.getCookies());
                return new ArrayList<>(this.cookieStore.getCookies());
            } catch (IOException e) {
                String str = LOGIN_FAILED_MSG + e.getMessage();
                this.log.error(str);
                throw new ScannerRuntimeException(str);
            }
        } catch (Throwable th) {
            HttpClientUtils.closeQuietly(httpResponse);
            throw th;
        }
    }

    private void setSessionCookies(List<Cookie> list) {
        String str = null;
        String str2 = null;
        for (Cookie cookie : list) {
            if (cookie.getName().equals(CSRF_TOKEN_HEADER)) {
                str2 = cookie.getValue();
            }
            if (cookie.getName().equals("cxCookie")) {
                str = cookie.getValue();
            }
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicHeader(CSRF_TOKEN_HEADER, str2));
        arrayList.add(new BasicHeader("cookie", String.format("CXCSRFToken=%s; cxCookie=%s", str2, str)));
        System.out.println("CXCSRFToken: " + str2);
        System.out.printf("cookie: CXCSRFToken=%s; cxCookie=%s%n", str2, str);
        this.apacheClient = this.cb.setDefaultHeaders(arrayList).build();
    }

    private TokenLoginResponse ssoLogin() {
        RequestConfig build = RequestConfig.custom().setRedirectsEnabled(false).setAuthenticationEnabled(true).setCookieSpec("standard").build();
        try {
            return extractToken(this.apacheClient.execute(RequestBuilder.get().setUri(this.rootUri + this.apacheClient.execute(RequestBuilder.get().setUri(this.rootUri + "/auth/identity/" + this.apacheClient.execute(RequestBuilder.post().setUri(this.rootUri + SSO_AUTHENTICATION).setConfig(build).setHeader("Content-Type", ContentType.APPLICATION_FORM_URLENCODED.toString()).setEntity(generateSSOEntity()).build()).getHeaders(LOCATION_HEADER)[0].getValue()).setConfig(build).setHeader("Cookie", retrieveCookies()).setHeader("Upgrade-Insecure-Requests", "1").build()).getHeaders(LOCATION_HEADER)[0].getValue().replace("/CxRestAPI/", "")).setConfig(build).setHeader("Content-Type", ContentType.APPLICATION_FORM_URLENCODED.toString()).setHeader("Cookie", retrieveCookies()).build()));
        } catch (IOException e) {
            throw new ScannerRuntimeException(LOGIN_FAILED_MSG + e.getMessage());
        }
    }

    private TokenLoginResponse extractToken(HttpResponse httpResponse) {
        String value = httpResponse.getHeaders(LOCATION_HEADER)[0].getValue();
        if (value.contains("access_token")) {
            return (TokenLoginResponse) new Gson().fromJson(urlToJson(value), TokenLoginResponse.class);
        }
        throw new ScannerRuntimeException("Failed retrieving access token from server");
    }

    private String urlToJson(String str) {
        return "{\"" + str.replace("=", "\":\"").replace("&", "\",\"") + "\"}";
    }

    private String retrieveCookies() {
        List<Cookie> cookies = this.cookieStore.getCookies();
        StringBuilder sb = new StringBuilder();
        cookies.forEach(cookie -> {
            sb.append(cookie.getName()).append("=").append(cookie.getValue()).append(";");
        });
        return sb.toString();
    }

    public TokenLoginResponse generateToken(LoginSettings loginSettings) throws IOException {
        UrlEncodedFormEntity authRequest = getAuthRequest(loginSettings);
        HttpPost httpPost = new HttpPost(loginSettings.getAccessControlBaseUrl());
        try {
            return (TokenLoginResponse) request(httpPost, ContentType.APPLICATION_FORM_URLENCODED.toString(), authRequest, TokenLoginResponse.class, 200, AUTH_MESSAGE, false, false);
        } catch (ScannerRuntimeException e) {
            if (!e.getMessage().contains("invalid_scope")) {
                throw new ScannerRuntimeException(String.format("Failed to generate access token, failure error was: %s", e.getMessage()), e);
            }
            ClientType.RESOURCE_OWNER.setScopes("sast_rest_api");
            loginSettings.setClientTypeForPasswordAuth(ClientType.RESOURCE_OWNER);
            return (TokenLoginResponse) request(httpPost, ContentType.APPLICATION_FORM_URLENCODED.toString(), getAuthRequest(loginSettings), TokenLoginResponse.class, 200, AUTH_MESSAGE, false, false);
        }
    }

    private TokenLoginResponse getAccessTokenFromRefreshToken(LoginSettings loginSettings) throws IOException {
        try {
            return (TokenLoginResponse) request(new HttpPost(loginSettings.getAccessControlBaseUrl()), ContentType.APPLICATION_FORM_URLENCODED.toString(), getTokenRefreshingRequest(loginSettings), TokenLoginResponse.class, 200, AUTH_MESSAGE, false, false);
        } catch (ScannerRuntimeException e) {
            throw new ScannerRuntimeException(String.format("Failed to generate access token from refresh token. The error was: %s", e.getMessage()), e);
        }
    }

    public void revokeToken(String str) throws IOException {
        try {
            request(new HttpPost(this.rootUri + REVOCATION), ContentType.APPLICATION_FORM_URLENCODED.toString(), getRevocationRequest(ClientType.CLI, str), String.class, 200, "revocation", false, false);
        } catch (ScannerRuntimeException e) {
            throw new ScannerRuntimeException(String.format("Token revocation failure error was: %s", e.getMessage()), e);
        }
    }

    private static UrlEncodedFormEntity getRevocationRequest(ClientType clientType, String str) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair("token_type_hint", REFRESH_TOKEN_PROP));
        arrayList.add(new BasicNameValuePair("token", str));
        arrayList.add(new BasicNameValuePair(CLIENT_ID_PROP, clientType.getClientId()));
        arrayList.add(new BasicNameValuePair(CLIENT_SECRET_PROP, clientType.getClientSecret()));
        return new UrlEncodedFormEntity(arrayList, StandardCharsets.UTF_8);
    }

    private static UrlEncodedFormEntity getAuthRequest(LoginSettings loginSettings) {
        ClientType clientTypeForPasswordAuth = loginSettings.getClientTypeForPasswordAuth();
        String defaultString = StringUtils.defaultString(clientTypeForPasswordAuth.getGrantType(), "password");
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair("username", loginSettings.getUsername()));
        arrayList.add(new BasicNameValuePair("password", loginSettings.getPassword()));
        arrayList.add(new BasicNameValuePair("grant_type", defaultString));
        arrayList.add(new BasicNameValuePair("scope", clientTypeForPasswordAuth.getScopes()));
        arrayList.add(new BasicNameValuePair(CLIENT_ID_PROP, clientTypeForPasswordAuth.getClientId()));
        arrayList.add(new BasicNameValuePair(CLIENT_SECRET_PROP, clientTypeForPasswordAuth.getClientSecret()));
        if (!StringUtils.isEmpty(loginSettings.getTenant())) {
            arrayList.add(new BasicNameValuePair("acr_values", String.format("Tenant:%s", loginSettings.getTenant())));
        }
        return new UrlEncodedFormEntity(arrayList, StandardCharsets.UTF_8);
    }

    private static UrlEncodedFormEntity getTokenRefreshingRequest(LoginSettings loginSettings) throws UnsupportedEncodingException {
        ClientType clientTypeForRefreshToken = loginSettings.getClientTypeForRefreshToken();
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair("grant_type", REFRESH_TOKEN_PROP));
        arrayList.add(new BasicNameValuePair(CLIENT_ID_PROP, clientTypeForRefreshToken.getClientId()));
        arrayList.add(new BasicNameValuePair(CLIENT_SECRET_PROP, clientTypeForRefreshToken.getClientSecret()));
        arrayList.add(new BasicNameValuePair(REFRESH_TOKEN_PROP, loginSettings.getRefreshToken()));
        return new UrlEncodedFormEntity(arrayList, StandardCharsets.UTF_8.name());
    }

    public <T> T getRequest(String str, String str2, Class<T> cls, int i, String str3, boolean z) throws IOException {
        return (T) getRequest(this.rootUri, str, com.checkmarx.sdk.config.ContentType.CONTENT_TYPE_APPLICATION_JSON, str2, cls, i, str3, z);
    }

    public <T> T getRequest(String str, String str2, String str3, String str4, Class<T> cls, int i, String str5, boolean z) throws IOException {
        HttpGet httpGet = new HttpGet(str + str2);
        httpGet.addHeader("Accept", str3);
        return (T) request(httpGet, str4, null, cls, i, "get " + str5, z, true);
    }

    public <T> T postRequest(String str, String str2, HttpEntity httpEntity, Class<T> cls, int i, String str3) throws IOException {
        return (T) request(new HttpPost(this.rootUri + str), str2, httpEntity, cls, i, str3, false, true);
    }

    public <T> T putRequest(String str, String str2, HttpEntity httpEntity, Class<T> cls, int i, String str3) throws IOException {
        return (T) request(new HttpPut(this.rootUri + str), str2, httpEntity, cls, i, str3, false, true);
    }

    public void patchRequest(String str, String str2, HttpEntity httpEntity, int i, String str3) throws IOException {
        request(new HttpPatch(this.rootUri + str), str2, httpEntity, null, i, str3, false, true);
    }

    public void setTeamPathHeader(String str) {
        this.teamPath = str;
    }

    public void addCustomHeader(String str, String str2) {
        this.log.debug(String.format("Adding a custom header: %s: %s", str, str2));
        this.customHeaders.put(str, str2);
    }

    private <T> T request(HttpRequestBase httpRequestBase, String str, HttpEntity httpEntity, Class<T> cls, int i, String str2, boolean z, boolean z2) throws IOException {
        if (str != null) {
            httpRequestBase.addHeader("Content-type", str);
        }
        if (httpEntity != null && (httpRequestBase instanceof HttpEntityEnclosingRequestBase)) {
            ((HttpEntityEnclosingRequestBase) httpRequestBase).setEntity(httpEntity);
        }
        try {
            try {
                httpRequestBase.addHeader(TEAM_PATH, this.teamPath);
                if (this.token != null) {
                    httpRequestBase.addHeader("Authorization", this.token.getToken_type() + " " + this.token.getAccess_token());
                }
                for (Map.Entry<String, String> entry : this.customHeaders.entrySet()) {
                    httpRequestBase.addHeader(entry.getKey(), entry.getValue());
                }
                HttpResponse execute = this.apacheClient.execute(httpRequestBase);
                if (execute.getStatusLine().getStatusCode() == 401) {
                    throw new CxTokenExpiredException(HttpClientHelper.extractResponseBody(execute));
                }
                HttpClientHelper.validateResponse(execute, i, "Failed to " + str2);
                T t = (T) HttpClientHelper.convertToObject(execute, cls, z);
                httpRequestBase.releaseConnection();
                HttpClientUtils.closeQuietly(execute);
                return t;
            } catch (CxTokenExpiredException e) {
                if (z2) {
                    logTokenError(httpRequestBase, 0, e);
                    if (this.lastLoginSettings != null) {
                        login(this.lastLoginSettings);
                        T t2 = (T) request(httpRequestBase, str, httpEntity, cls, i, str2, z, false);
                        httpRequestBase.releaseConnection();
                        HttpClientUtils.closeQuietly((HttpResponse) null);
                        return t2;
                    }
                }
                throw e;
            } catch (UnknownHostException e2) {
                throw new CxHTTPClientException("Connection failed. Please recheck the hostname and credentials you provided and try again.");
            }
        } catch (Throwable th) {
            httpRequestBase.releaseConnection();
            HttpClientUtils.closeQuietly((HttpResponse) null);
            throw th;
        }
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        HttpClientUtils.closeQuietly(this.apacheClient);
    }

    private void setSSLTls(String str, Logger logger) {
        try {
            SSLContext sSLContext = SSLContext.getInstance(str);
            sSLContext.init(null, null, null);
            HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            logger.warn(String.format("Failed to set SSL TLS : %s", e.getMessage()));
        }
    }

    private StringEntity generateSSOEntity() {
        String format = MessageFormat.format("/CxRestAPI/auth/identity/connect/authorize/callback?client_id={0}&redirect_uri={1}%2Fcxwebclient%2FauthCallback.html%3F&response_type={2}&scope={3}&nonce={4}&prompt={5}", "cxsast_client", this.rootUri, "id_token%20token", "sast_api openid sast-permissions access-control-permissions access_control_api management_and_orchestration_api".replace(" ", "%20"), "9313f0902ba64e50bc564f5137f35a52", "true");
        try {
            ArrayList arrayList = new ArrayList();
            arrayList.add(new BasicNameValuePair("redirectUrl", format));
            arrayList.add(new BasicNameValuePair("providerid", "2"));
            return new UrlEncodedFormEntity(arrayList, StandardCharsets.UTF_8.name());
        } catch (UnsupportedEncodingException e) {
            throw new ScannerRuntimeException(e.getMessage());
        }
    }

    public void setToken(TokenLoginResponse tokenLoginResponse) {
        this.token = tokenLoginResponse;
    }

    private void logTokenError(HttpRequestBase httpRequestBase, int i, CxTokenExpiredException cxTokenExpiredException) {
        this.log.warn(String.format("Received status code %d for URL: %s with the message: %s", Integer.valueOf(i), httpRequestBase.getURI(), cxTokenExpiredException.getMessage()));
        this.log.info("Possible reason: access token has expired. Trying to request a new token...");
    }
}
