package net.i2p.util;

import gnu.getopt.Getopt;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.io.PipedInputStream;
import java.io.PipedOutputStream;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Locale;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import net.i2p.I2PAppContext;
import net.i2p.client.streaming.impl.Connection;
import net.i2p.crypto.CertUtil;
import net.i2p.crypto.KeyStoreUtil;
import net.i2p.data.DataHelper;
import net.i2p.util.EepGet;

/* loaded from: classes.dex */
public class SSLEepGet extends EepGet {
    private static final String CERT_DIR = "certificates/ssl";
    private boolean _bypassVerification;
    private boolean _commandLine;
    private int _saveCerts;
    private final SSLContext _sslContext;
    private SavingTrustManager _stm;

    /* loaded from: classes.dex */
    public class SSLState {
        private final SSLContext context;

        private SSLState(SSLContext sSLContext) {
            this.context = sSLContext;
        }

        /* synthetic */ SSLState(SSLContext sSLContext, byte b) {
            this(sSLContext);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public class SavingTrustManager implements X509TrustManager {
        private X509Certificate[] chain;
        private final X509TrustManager tm;

        SavingTrustManager(X509TrustManager x509TrustManager) {
            this.tm = x509TrustManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            throw new CertificateException();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            this.chain = x509CertificateArr;
            this.tm.checkServerTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    public SSLEepGet(I2PAppContext i2PAppContext, OutputStream outputStream, String str) {
        this(i2PAppContext, outputStream, str, (SSLState) null);
    }

    public SSLEepGet(I2PAppContext i2PAppContext, OutputStream outputStream, String str, SSLState sSLState) {
        this(i2PAppContext, null, outputStream, str, null);
    }

    private SSLEepGet(I2PAppContext i2PAppContext, String str, OutputStream outputStream, String str2, SSLState sSLState) {
        super(i2PAppContext, false, null, -1, 0, -1L, -1L, str, outputStream, str2, true, null, null);
        if (sSLState == null || sSLState.context == null) {
            this._sslContext = initSSLContext();
        } else {
            this._sslContext = sSLState.context;
        }
        if (this._sslContext == null) {
            this.b.error("Failed to initialize custom SSL context, using default context");
        }
    }

    public SSLEepGet(I2PAppContext i2PAppContext, String str, String str2) {
        this(i2PAppContext, str, str2, (SSLState) null);
    }

    public SSLEepGet(I2PAppContext i2PAppContext, String str, String str2, SSLState sSLState) {
        this(i2PAppContext, str, null, str2, null);
    }

    private SSLContext initSSLContext() {
        KeyStore loadSystemKeyStore = KeyStoreUtil.loadSystemKeyStore();
        if (loadSystemKeyStore == null) {
            this.b.error("Key Store init error");
            return null;
        }
        if (this.b.shouldLog(20)) {
            this.b.info("Loaded " + KeyStoreUtil.countCerts(loadSystemKeyStore) + " default trusted certificates");
        }
        File file = new File(this.a.getBaseDir(), CERT_DIR);
        int addCerts = KeyStoreUtil.addCerts(file, loadSystemKeyStore);
        if (addCerts > 0 && this.b.shouldLog(20)) {
            this.b.info("Loaded " + addCerts + " trusted certificates from " + file.getAbsolutePath());
        }
        if (!this.a.getBaseDir().getAbsolutePath().equals(this.a.getConfigDir().getAbsolutePath())) {
            File file2 = new File(this.a.getConfigDir(), CERT_DIR);
            int addCerts2 = KeyStoreUtil.addCerts(file2, loadSystemKeyStore);
            addCerts += addCerts2;
            if (addCerts2 > 0 && this.b.shouldLog(20)) {
                this.b.info("Loaded " + addCerts2 + " trusted certificates from " + file2.getAbsolutePath());
            }
        }
        if (!this.a.getBaseDir().getAbsolutePath().equals(new File(System.getProperty("user.dir")).getAbsolutePath())) {
            File file3 = new File(this.a.getConfigDir(), CERT_DIR);
            int addCerts3 = KeyStoreUtil.addCerts(file3, loadSystemKeyStore);
            addCerts += addCerts3;
            if (addCerts3 > 0 && this.b.shouldLog(20)) {
                this.b.info("Loaded " + addCerts3 + " trusted certificates from " + file3.getAbsolutePath());
            }
        }
        if (this.b.shouldLog(20)) {
            this.b.info("Loaded total of " + addCerts + " new trusted certificates");
        }
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(loadSystemKeyStore);
            this._stm = new SavingTrustManager((X509TrustManager) trustManagerFactory.getTrustManagers()[0]);
            sSLContext.init(null, new TrustManager[]{this._stm}, null);
            if (this.b.shouldLog(10)) {
                SSLEngine createSSLEngine = sSLContext.createSSLEngine();
                SSLParameters defaultSSLParameters = sSLContext.getDefaultSSLParameters();
                String[] supportedProtocols = createSSLEngine.getSupportedProtocols();
                Arrays.sort(supportedProtocols);
                this.b.debug("Supported protocols: " + supportedProtocols.length);
                for (String str : supportedProtocols) {
                    this.b.debug(str);
                }
                String[] enabledProtocols = createSSLEngine.getEnabledProtocols();
                Arrays.sort(enabledProtocols);
                this.b.debug("Enabled protocols: " + enabledProtocols.length);
                for (String str2 : enabledProtocols) {
                    this.b.debug(str2);
                }
                String[] protocols = defaultSSLParameters.getProtocols();
                String[] strArr = protocols == null ? new String[0] : protocols;
                this.b.debug("Default protocols: " + strArr.length);
                Arrays.sort(strArr);
                for (String str3 : strArr) {
                    this.b.debug(str3);
                }
                String[] supportedCipherSuites = createSSLEngine.getSupportedCipherSuites();
                Arrays.sort(supportedCipherSuites);
                this.b.debug("Supported ciphers: " + supportedCipherSuites.length);
                for (String str4 : supportedCipherSuites) {
                    this.b.debug(str4);
                }
                String[] enabledCipherSuites = createSSLEngine.getEnabledCipherSuites();
                Arrays.sort(enabledCipherSuites);
                this.b.debug("Enabled ciphers: " + enabledCipherSuites.length);
                for (String str5 : enabledCipherSuites) {
                    this.b.debug(str5);
                }
                String[] cipherSuites = defaultSSLParameters.getCipherSuites();
                String[] strArr2 = cipherSuites == null ? new String[0] : cipherSuites;
                this.b.debug("Default ciphers: " + strArr2.length);
                Arrays.sort(strArr2);
                for (String str6 : strArr2) {
                    this.b.debug(str6);
                }
            }
            return sSLContext;
        } catch (GeneralSecurityException e) {
            this.b.error("Key Store update error", e);
            return null;
        }
    }

    public static void main(String[] strArr) {
        int i;
        boolean z = false;
        Getopt getopt = new Getopt("ssleepget", strArr, "sz");
        boolean z2 = false;
        int i2 = 0;
        while (true) {
            try {
                i = getopt.getopt();
            } catch (RuntimeException e) {
                e.printStackTrace();
                z = true;
            }
            if (i == -1) {
                if (z || strArr.length - getopt.getOptind() != 1) {
                    usage();
                    System.exit(1);
                }
                String str = strArr[getopt.getOptind()];
                String suggestName = suggestName(str);
                try {
                    SSLEepGet sSLEepGet = new SSLEepGet(I2PAppContext.getGlobalContext(), new FileOutputStream(suggestName), str);
                    if (i2 > 0) {
                        sSLEepGet._saveCerts = i2;
                    }
                    if (z2) {
                        sSLEepGet._bypassVerification = true;
                    }
                    sSLEepGet._commandLine = true;
                    sSLEepGet.getClass();
                    sSLEepGet.addStatusListener(new EepGet.CLIStatusListener(1024, 40));
                    if (sSLEepGet.fetch(Connection.MAX_RESEND_DELAY, -1L, 60000L)) {
                        return;
                    }
                    System.exit(1);
                    return;
                } catch (IOException e2) {
                    System.err.println("Failed to create output file " + suggestName);
                    return;
                }
            }
            switch (i) {
                case 115:
                    i2++;
                    break;
                case 122:
                    z2 = true;
                    break;
                default:
                    z = true;
                    break;
            }
        }
    }

    private static void saveCerts(String str, SavingTrustManager savingTrustManager) {
        X509Certificate[] x509CertificateArr = savingTrustManager.chain;
        if (x509CertificateArr == null) {
            System.out.println("Could not obtain server certificate chain");
            return;
        }
        for (int i = 0; i < x509CertificateArr.length; i++) {
            X509Certificate x509Certificate = x509CertificateArr[i];
            String str2 = str + '-' + (i + 1) + ".crt";
            System.out.println("NOTE: Saving X509 certificate as " + str2);
            System.out.println("      Issuer:     " + x509Certificate.getIssuerX500Principal());
            System.out.println("      Valid From: " + x509Certificate.getNotBefore());
            System.out.println("      Valid To:   " + x509Certificate.getNotAfter());
            try {
                x509Certificate.checkValidity();
            } catch (GeneralSecurityException e) {
                System.out.println("      WARNING: Certificate is not currently valid, it cannot be used");
            }
            CertUtil.saveCert(x509Certificate, new File(str2));
        }
        System.out.println("NOTE: To trust them, copy the certificate file(s) to the certificates directory and rerun without the -s option");
    }

    private static void usage() {
        System.err.println("Usage: SSLEepGet [-sz] https://url\n  -s save unknown certs\n  -s -s save all certs\n  -z bypass hostname verification");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.i2p.util.EepGet
    public final void a(SocketTimeout socketTimeout) {
        if (this.f == null) {
            File file = new File(this.e);
            if (file.exists()) {
                this.p = file.length();
            }
        }
        String b = b();
        try {
            URI uri = new URI(this.h);
            if (!"https".equals(uri.getScheme())) {
                throw new MalformedURLException("Only https supported: " + this.h);
            }
            String host = uri.getHost();
            if (host == null) {
                throw new MalformedURLException("Bad URL");
            }
            if (host.toLowerCase(Locale.US).endsWith(".i2p")) {
                throw new MalformedURLException("I2P addresses unsupported");
            }
            int port = uri.getPort();
            int i = port == -1 ? 443 : port;
            if (this._sslContext != null) {
                this.l = this._sslContext.getSocketFactory().createSocket(host, i);
            } else {
                this.l = SSLSocketFactory.getDefault().createSocket(host, i);
            }
            if (this.B > 0) {
                this.l.setSoTimeout(this.B);
            }
            SSLSocket sSLSocket = (SSLSocket) this.l;
            I2PSSLSocketFactory.setProtocolsAndCiphers(sSLSocket);
            if (!this._bypassVerification) {
                try {
                    I2PSSLSocketFactory.verifyHostname(this.a, sSLSocket, host);
                } catch (SSLException e) {
                    if (this._saveCerts > 0 && this._stm != null) {
                        saveCerts(host, this._stm);
                    }
                    throw e;
                }
            }
            this.n = this.l.getInputStream();
            this.m = this.l.getOutputStream();
            try {
                this.m.write(DataHelper.getUTF8(b));
                this.m.flush();
                if (this._saveCerts > 1 && this._stm != null) {
                    saveCerts(host, this._stm);
                }
                this.n = new BufferedInputStream(this.n);
                if (this.b.shouldLog(10)) {
                    this.b.debug("Request flushed");
                }
            } catch (SSLException e2) {
                this.b.error("SSL negotiation error with " + host + ':' + i + " - self-signed certificate or untrusted certificate authority?", e2);
                if (this._saveCerts > 0 && this._stm != null) {
                    saveCerts(host, this._stm);
                } else if (this._commandLine) {
                    System.out.println("FAILED (probably due to untrusted certificates) - Run with -s option to save certificates");
                }
                throw e2;
            }
        } catch (URISyntaxException e3) {
            MalformedURLException malformedURLException = new MalformedURLException("Redirected to invalid URL");
            malformedURLException.initCause(e3);
            throw malformedURLException;
        }
    }

    @Override // net.i2p.util.EepGet
    protected final void b(SocketTimeout socketTimeout) {
        I2PAppThread i2PAppThread;
        this.A = false;
        a();
        if (this.A) {
            throw new IOException("Timed out reading the HTTP headers");
        }
        if (socketTimeout != null) {
            socketTimeout.resetTimer();
            if (this.C > 0) {
                socketTimeout.setInactivityTimeout(this.C);
            } else {
                socketTimeout.setInactivityTimeout(60000L);
            }
        }
        if (this.C > 0) {
            this.l.setSoTimeout(this.C);
        } else {
            this.l.setSoTimeout(60000);
        }
        if (this.E != null) {
            throw new IOException("Server redirect to " + this.E + " not allowed");
        }
        if (this.b.shouldLog(10)) {
            this.b.debug("Headers read completely, reading " + this.r);
        }
        boolean z = this.r >= 0;
        this.G = null;
        if (this.F) {
            PipedInputStream bigPipedInputStream = BigPipedInputStream.getInstance();
            PipedOutputStream pipedOutputStream = new PipedOutputStream(bigPipedInputStream);
            I2PAppThread i2PAppThread2 = new I2PAppThread(new EepGet.Gunzipper(bigPipedInputStream, this.o), "EepGet Decompressor");
            this.o = pipedOutputStream;
            i2PAppThread2.start();
            i2PAppThread = i2PAppThread2;
        } else {
            i2PAppThread = null;
        }
        int i = (int) this.r;
        byte[] bArr = new byte[16384];
        while (this.k && ((i > 0 || !z) && !this.A)) {
            int i2 = 16384;
            if (z && 16384 > i) {
                i2 = i;
            }
            int read = this.n.read(bArr, 0, i2);
            if (read == -1) {
                break;
            }
            if (socketTimeout != null) {
                socketTimeout.resetTimer();
            }
            this.o.write(bArr, 0, read);
            this.q += read;
            int i3 = i - read;
            if (i3 == 0 && this.w) {
                int read2 = this.n.read();
                if (read2 == 13) {
                    int read3 = this.n.read();
                    if (read3 == 10) {
                        i3 = (int) c();
                    } else {
                        this.o.write(read2);
                        this.o.write(read3);
                        this.q += 2;
                        i3 -= 2;
                        read += 2;
                    }
                } else {
                    this.o.write(read2);
                    this.q++;
                    i3--;
                    read++;
                }
            }
            if (socketTimeout != null) {
                socketTimeout.resetTimer();
            }
            if (this.r >= read) {
                this.r -= read;
            }
            if (read > 0) {
                int i4 = 0;
                while (true) {
                    int i5 = i4;
                    if (i5 >= this.i.size()) {
                        break;
                    }
                    ((EepGet.StatusListener) this.i.get(i5)).bytesTransferred(this.p, read, this.q, this.w ? -1L : this.r, this.g);
                    i4 = i5 + 1;
                }
                this.p += read;
            }
            i = i3;
        }
        if (this.o != null) {
            this.o.close();
        }
        this.o = null;
        if (this.F) {
            try {
                i2PAppThread.join();
            } catch (InterruptedException e) {
            }
            if (this.G != null) {
                this.k = false;
                throw this.G;
            }
        }
        if (this.A) {
            throw new IOException("Timed out reading the HTTP data");
        }
        if (socketTimeout != null) {
            socketTimeout.cancel();
        }
        if (!this.z) {
            if (this.r != -1 && i != 0) {
                throw new IOException("Disconnection on attempt " + this.s + " after " + this.q);
            }
            for (int i6 = 0; i6 < this.i.size(); i6++) {
                ((EepGet.StatusListener) this.i.get(i6)).transferComplete(this.p, this.q, this.w ? -1L : this.r, this.g, this.e, this.x);
            }
            return;
        }
        int i7 = 0;
        while (true) {
            int i8 = i7;
            if (i8 >= this.i.size()) {
                return;
            }
            ((EepGet.StatusListener) this.i.get(i8)).attemptFailed(this.g, this.q, this.r, this.s, this.d, new Exception("Attempt failed"));
            i7 = i8 + 1;
        }
    }

    public SSLState getSSLState() {
        return new SSLState(this._sslContext, (byte) 0);
    }
}
