package org.openecard.common.io;

import ch.qos.logback.core.CoreConstants;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.Socket;
import java.net.SocketException;
import java.security.GeneralSecurityException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.annotation.Nonnegative;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.openecard.apache.http.HttpStatus;
import org.openecard.apache.http.protocol.HTTP;
import org.openecard.bouncycastle.asn1.cmp.PKIFailureInfo;
import org.openecard.bouncycastle.crypto.tls.TlsProtocolHandler;
import org.openecard.bouncycastle.util.encoders.Base64;
import org.openecard.crypto.tls.ClientCertDefaultTlsClient;
import org.openecard.crypto.tls.SocketWrapper;
import org.openecard.crypto.tls.TlsNoAuthentication;
import org.openecard.crypto.tls.verify.JavaSecVerifier;

/* loaded from: input_file:org/openecard/common/io/HttpConnectProxy.class */
public final class HttpConnectProxy extends Proxy {
    private final String proxyScheme;
    private final boolean proxyValidate;
    private final String proxyHost;
    private final int proxyPort;
    private final String proxyUser;
    private final String proxyPass;

    public HttpConnectProxy(@Nonnull String str, boolean z, @Nonnull String str2, @Nonnegative int i, @Nullable String str3, @Nullable String str4) {
        super(Proxy.Type.HTTP, new InetSocketAddress(str2, i));
        this.proxyScheme = str;
        this.proxyValidate = z;
        this.proxyHost = str2;
        this.proxyPort = i;
        this.proxyUser = str3;
        this.proxyPass = str4;
    }

    @Nonnull
    public Socket getSocket(@Nonnull String str, @Nonnegative int i) throws IOException {
        Socket connectSocket = connectSocket();
        connectSocket.getOutputStream().write(makeRequestStr(str, i).getBytes());
        InputStream inputStream = connectSocket.getInputStream();
        validateResponse(getResponse(inputStream));
        if (inputStream.available() > 0) {
            inputStream.skip(inputStream.available());
        }
        return connectSocket;
    }

    private Socket connectSocket() throws IOException {
        Socket socket = new Socket();
        InetSocketAddress inetSocketAddress = new InetSocketAddress(this.proxyHost, this.proxyPort);
        socket.setKeepAlive(true);
        socket.setSoTimeout(300000);
        socket.connect(inetSocketAddress, CoreConstants.MILLIS_IN_ONE_MINUTE);
        if (!"HTTPS".equals(this.proxyScheme)) {
            return socket;
        }
        ClientCertDefaultTlsClient clientCertDefaultTlsClient = new ClientCertDefaultTlsClient(this.proxyHost);
        TlsNoAuthentication tlsNoAuthentication = new TlsNoAuthentication();
        tlsNoAuthentication.setHostname(this.proxyHost);
        if (this.proxyValidate) {
            try {
                tlsNoAuthentication.setCertificateVerifier(new JavaSecVerifier());
            } catch (GeneralSecurityException e) {
                throw new IOException("Failed to load certificate verifier.", e);
            }
        }
        clientCertDefaultTlsClient.setAuthentication(tlsNoAuthentication);
        TlsProtocolHandler tlsProtocolHandler = new TlsProtocolHandler(socket.getInputStream(), socket.getOutputStream());
        tlsProtocolHandler.connect(clientCertDefaultTlsClient);
        return new SocketWrapper(socket, tlsProtocolHandler.getInputStream(), tlsProtocolHandler.getOutputStream());
    }

    private String makeRequestStr(String str, int i) {
        StringBuilder sb = new StringBuilder(PKIFailureInfo.badRecipientNonce);
        sb.append("CONNECT ").append(str).append(":").append(i).append(" HTTP/1.0\r\n");
        if (this.proxyUser != null && !this.proxyUser.isEmpty() && this.proxyPass != null && !this.proxyPass.isEmpty()) {
            sb.append("Proxy-Authorization: Basic ").append(new String(Base64.encode(String.format("%s:%s", this.proxyUser, this.proxyPass).getBytes()))).append("\r\n");
        }
        sb.append("\r\n");
        return sb.toString();
    }

    private String getResponse(InputStream inputStream) throws IOException {
        byte[] bArr = new byte[512];
        int read = inputStream.read(bArr, 0, bArr.length);
        if (read == 0) {
            throw new SocketException("Invalid response from proxy.");
        }
        return new String(bArr, 0, read, HTTP.UTF_8);
    }

    private void validateResponse(String str) throws IOException {
        Matcher matcher = Pattern.compile("HTTP/1\\.(1|0) (\\d{3}) (.*)\\r\\n(?s).*").matcher(str);
        if (!matcher.matches()) {
            throw new HttpConnectProxyException("Invalid HTTP response from proxy.", HttpStatus.SC_INTERNAL_SERVER_ERROR, "Response malformed.");
        }
        String group = matcher.group(2);
        String group2 = matcher.group(3);
        int parseInt = Integer.parseInt(group);
        if (parseInt != 200) {
            throw new HttpConnectProxyException("Failed to create proxy socket.", parseInt, group2);
        }
    }
}
