package com.google.appengine.api.urlfetch.dev;

import com.google.appengine.api.urlfetch.URLFetchServicePb;
import com.google.appengine.repackaged.com.google.protobuf.ByteString;
import com.google.appengine.repackaged.org.apache.http.Header;
import com.google.appengine.repackaged.org.apache.http.HttpEntity;
import com.google.appengine.repackaged.org.apache.http.HttpHost;
import com.google.appengine.repackaged.org.apache.http.HttpResponse;
import com.google.appengine.repackaged.org.apache.http.client.HttpClient;
import com.google.appengine.repackaged.org.apache.http.client.methods.HttpDelete;
import com.google.appengine.repackaged.org.apache.http.client.methods.HttpGet;
import com.google.appengine.repackaged.org.apache.http.client.methods.HttpHead;
import com.google.appengine.repackaged.org.apache.http.client.methods.HttpPost;
import com.google.appengine.repackaged.org.apache.http.client.methods.HttpPut;
import com.google.appengine.repackaged.org.apache.http.client.methods.HttpRequestBase;
import com.google.appengine.repackaged.org.apache.http.client.methods.HttpUriRequest;
import com.google.appengine.repackaged.org.apache.http.client.params.HttpClientParams;
import com.google.appengine.repackaged.org.apache.http.conn.scheme.PlainSocketFactory;
import com.google.appengine.repackaged.org.apache.http.conn.scheme.Scheme;
import com.google.appengine.repackaged.org.apache.http.conn.scheme.SchemeRegistry;
import com.google.appengine.repackaged.org.apache.http.conn.ssl.SSLSocketFactory;
import com.google.appengine.repackaged.org.apache.http.entity.ByteArrayEntity;
import com.google.appengine.repackaged.org.apache.http.impl.client.DefaultHttpClient;
import com.google.appengine.repackaged.org.apache.http.impl.conn.ProxySelectorRoutePlanner;
import com.google.appengine.repackaged.org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;
import com.google.appengine.repackaged.org.apache.http.params.BasicHttpParams;
import com.google.appengine.repackaged.org.apache.http.params.HttpConnectionParams;
import com.google.appengine.repackaged.org.apache.http.protocol.BasicHttpContext;
import com.google.appengine.repackaged.org.apache.http.protocol.ExecutionContext;
import com.google.appengine.tools.development.AbstractLocalRpcService;
import com.google.appengine.tools.development.DevSocketImplFactory;
import com.google.appengine.tools.development.LatencyPercentiles;
import com.google.appengine.tools.development.LocalRpcService;
import com.google.appengine.tools.development.LocalServiceContext;
import com.google.appengine.tools.development.ServiceProvider;
import com.google.apphosting.api.ApiProxy;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.ProxySelector;
import java.net.SocketTimeoutException;
import java.net.URL;
import java.security.AccessController;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

@ServiceProvider(LocalRpcService.class)
/* loaded from: input_file:com/google/appengine/api/urlfetch/dev/LocalURLFetchService.class */
public class LocalURLFetchService extends AbstractLocalRpcService {
    private static final int DEFAULT_TIMEOUT_IN_MS = 600000;
    static final int DEFAULT_MAX_RESPONSE_LENGTH = 33554432;
    static final int DEFAULT_MAX_REDIRECTS = 5;
    public static final String PACKAGE = "urlfetch";
    private static final int TEMPORARY_RESPONSE_BUFFER_LENGTH = 4096;
    private HttpClient validatingClient;
    private HttpClient nonValidatingClient;
    private static final Map<URLFetchServicePb.URLFetchRequest.RequestMethod, MethodFactory> METHOD_FACTORY_MAP = buildMethodFactoryMap();
    private static final String TRUST_STORE_LOCATION = "/com/google/appengine/api/urlfetch/dev/cacerts";
    int maxResponseLength = DEFAULT_MAX_RESPONSE_LENGTH;
    int maxRedirects = 5;
    Logger logger = Logger.getLogger(LocalURLFetchService.class.getName());
    private int timeoutInMs = DEFAULT_TIMEOUT_IN_MS;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/google/appengine/api/urlfetch/dev/LocalURLFetchService$MethodFactory.class */
    public interface MethodFactory {
        HttpRequestBase buildMethod(URLFetchServicePb.URLFetchRequest uRLFetchRequest);
    }

    private static Map<URLFetchServicePb.URLFetchRequest.RequestMethod, MethodFactory> buildMethodFactoryMap() {
        HashMap hashMap = new HashMap();
        hashMap.put(URLFetchServicePb.URLFetchRequest.RequestMethod.GET, new MethodFactory() { // from class: com.google.appengine.api.urlfetch.dev.LocalURLFetchService.1
            @Override // com.google.appengine.api.urlfetch.dev.LocalURLFetchService.MethodFactory
            public HttpRequestBase buildMethod(URLFetchServicePb.URLFetchRequest uRLFetchRequest) {
                return new HttpGet(uRLFetchRequest.getUrl());
            }
        });
        hashMap.put(URLFetchServicePb.URLFetchRequest.RequestMethod.DELETE, new MethodFactory() { // from class: com.google.appengine.api.urlfetch.dev.LocalURLFetchService.2
            @Override // com.google.appengine.api.urlfetch.dev.LocalURLFetchService.MethodFactory
            public HttpRequestBase buildMethod(URLFetchServicePb.URLFetchRequest uRLFetchRequest) {
                return new HttpDelete(uRLFetchRequest.getUrl());
            }
        });
        hashMap.put(URLFetchServicePb.URLFetchRequest.RequestMethod.HEAD, new MethodFactory() { // from class: com.google.appengine.api.urlfetch.dev.LocalURLFetchService.3
            @Override // com.google.appengine.api.urlfetch.dev.LocalURLFetchService.MethodFactory
            public HttpRequestBase buildMethod(URLFetchServicePb.URLFetchRequest uRLFetchRequest) {
                return new HttpHead(uRLFetchRequest.getUrl());
            }
        });
        hashMap.put(URLFetchServicePb.URLFetchRequest.RequestMethod.POST, new MethodFactory() { // from class: com.google.appengine.api.urlfetch.dev.LocalURLFetchService.4
            @Override // com.google.appengine.api.urlfetch.dev.LocalURLFetchService.MethodFactory
            public HttpRequestBase buildMethod(URLFetchServicePb.URLFetchRequest uRLFetchRequest) {
                HttpPost httpPost = new HttpPost(uRLFetchRequest.getUrl());
                if (uRLFetchRequest.hasPayload()) {
                    httpPost.setEntity(new ByteArrayEntity(uRLFetchRequest.getPayload().toByteArray()));
                }
                return httpPost;
            }
        });
        hashMap.put(URLFetchServicePb.URLFetchRequest.RequestMethod.PUT, new MethodFactory() { // from class: com.google.appengine.api.urlfetch.dev.LocalURLFetchService.5
            @Override // com.google.appengine.api.urlfetch.dev.LocalURLFetchService.MethodFactory
            public HttpRequestBase buildMethod(URLFetchServicePb.URLFetchRequest uRLFetchRequest) {
                HttpPut httpPut = new HttpPut(uRLFetchRequest.getUrl());
                if (uRLFetchRequest.hasPayload()) {
                    httpPut.setEntity(new ByteArrayEntity(uRLFetchRequest.getPayload().toByteArray()));
                }
                return httpPut;
            }
        });
        hashMap.put(URLFetchServicePb.URLFetchRequest.RequestMethod.PATCH, new MethodFactory() { // from class: com.google.appengine.api.urlfetch.dev.LocalURLFetchService.6
            @Override // com.google.appengine.api.urlfetch.dev.LocalURLFetchService.MethodFactory
            public HttpRequestBase buildMethod(URLFetchServicePb.URLFetchRequest uRLFetchRequest) {
                HttpPatch httpPatch = new HttpPatch(uRLFetchRequest.getUrl());
                if (uRLFetchRequest.hasPayload()) {
                    httpPatch.setEntity(new ByteArrayEntity(uRLFetchRequest.getPayload().toByteArray()));
                }
                return httpPatch;
            }
        });
        return hashMap;
    }

    public String getPackage() {
        return PACKAGE;
    }

    public void setTimeoutInMs(int i) {
        this.timeoutInMs = i;
    }

    private KeyStore getTrustStore() throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException {
        InputStream resourceAsStream = getClass().getResourceAsStream(TRUST_STORE_LOCATION);
        if (resourceAsStream == null) {
            throw new IOException("Couldn't get trust store stream");
        }
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(resourceAsStream, null);
        return keyStore;
    }

    private Scheme createValidatingScheme() throws Exception {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(null, null);
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(getTrustStore());
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        SSLContext sSLContext = SSLContext.getInstance(SSLSocketFactory.TLS);
        sSLContext.init(keyManagers, trustManagers, null);
        SSLSocketFactory sSLSocketFactory = new SSLSocketFactory(sSLContext);
        sSLSocketFactory.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
        return new Scheme("https", sSLSocketFactory, 443);
    }

    private Scheme createNonvalidatingScheme() throws KeyManagementException, NoSuchAlgorithmException {
        X509TrustManager x509TrustManager = new X509TrustManager() { // from class: com.google.appengine.api.urlfetch.dev.LocalURLFetchService.7
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        };
        SSLContext sSLContext = SSLContext.getInstance(SSLSocketFactory.TLS);
        sSLContext.init(null, new TrustManager[]{x509TrustManager}, null);
        return new Scheme("https", new SSLSocketFactory(sSLContext, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER), 443);
    }

    public HttpClient createHttpClient(boolean z) {
        Scheme scheme = null;
        if (z) {
            try {
                scheme = createValidatingScheme();
            } catch (Exception e) {
                z = false;
                this.logger.log(Level.WARNING, "Encountered exception trying to initialize SSL. SSL certificate validation will be disabled", (Throwable) e);
            }
        }
        if (!z) {
            try {
                scheme = createNonvalidatingScheme();
            } catch (KeyManagementException e2) {
                this.logger.log(Level.WARNING, "Encountered exception trying to initialize SSL. All HTTPS fetches will be disabled.", (Throwable) e2);
                scheme = null;
            } catch (NoSuchAlgorithmException e3) {
                this.logger.log(Level.WARNING, "Encountered exception trying to initialize SSL. All HTTPS fetches will be disabled.", (Throwable) e3);
                scheme = null;
            }
        }
        Scheme scheme2 = new Scheme(HttpHost.DEFAULT_SCHEME_NAME, PlainSocketFactory.getSocketFactory(), 80);
        SchemeRegistry schemeRegistry = new SchemeRegistry();
        if (scheme != null) {
            schemeRegistry.register(scheme);
        }
        schemeRegistry.register(scheme2);
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient(new ThreadSafeClientConnManager(new BasicHttpParams(), schemeRegistry), new BasicHttpParams());
        defaultHttpClient.getParams().setIntParameter("http.protocol.max-redirects", this.maxRedirects);
        defaultHttpClient.setRedirectStrategy(new AllMethodsRedirectStrategy());
        defaultHttpClient.setRoutePlanner(new ProxySelectorRoutePlanner(defaultHttpClient.getConnectionManager().getSchemeRegistry(), ProxySelector.getDefault()));
        return defaultHttpClient;
    }

    public void init(LocalServiceContext localServiceContext, Map<String, String> map) {
    }

    public void start() {
    }

    public void stop() {
    }

    private byte[] responseToByteArray(HttpEntity httpEntity) throws IOException {
        InputStream content = httpEntity.getContent();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[4096];
        while (true) {
            int read = content.read(bArr);
            if (read == -1) {
                return byteArrayOutputStream.toByteArray();
            }
            byteArrayOutputStream.write(bArr, 0, read);
        }
    }

    @LatencyPercentiles(latency50th = 5)
    public URLFetchServicePb.URLFetchResponse fetch(LocalRpcService.Status status, URLFetchServicePb.URLFetchRequest uRLFetchRequest) {
        String str;
        if (status == null) {
            throw new NullPointerException("status cannot be null.");
        }
        if (uRLFetchRequest == null) {
            throw new NullPointerException("request cannot be null.");
        }
        if (!hasValidURL(uRLFetchRequest)) {
            int number = URLFetchServicePb.URLFetchServiceError.ErrorCode.INVALID_URL.getNumber();
            String valueOf = String.valueOf(uRLFetchRequest.getUrl());
            if (valueOf.length() != 0) {
                str = "Invalid URL: ".concat(valueOf);
            } else {
                str = r4;
                String str2 = new String("Invalid URL: ");
            }
            throw new ApiProxy.ApplicationException(number, str);
        }
        MethodFactory methodFactory = METHOD_FACTORY_MAP.get(uRLFetchRequest.getMethod());
        if (methodFactory == null) {
            int number2 = URLFetchServicePb.URLFetchServiceError.ErrorCode.INVALID_URL.getNumber();
            String valueOf2 = String.valueOf(uRLFetchRequest.getMethod());
            throw new ApiProxy.ApplicationException(number2, new StringBuilder(20 + String.valueOf(valueOf2).length()).append("Unsupported method: ").append(valueOf2).toString());
        }
        HttpRequestBase buildMethod = methodFactory.buildMethod(uRLFetchRequest);
        BasicHttpParams basicHttpParams = new BasicHttpParams();
        HttpClientParams.setRedirecting(basicHttpParams, uRLFetchRequest.getFollowRedirects());
        HttpConnectionParams.setConnectionTimeout(basicHttpParams, this.timeoutInMs);
        HttpConnectionParams.setSoTimeout(basicHttpParams, this.timeoutInMs);
        buildMethod.setParams(basicHttpParams);
        boolean z = false;
        for (URLFetchServicePb.URLFetchRequest.Header header : uRLFetchRequest.getHeaderList()) {
            if (!header.getKey().equalsIgnoreCase("Content-Length")) {
                buildMethod.addHeader(header.getKey(), header.getValue());
                if (header.getKey().equalsIgnoreCase("Content-Type")) {
                    z = true;
                }
            }
        }
        if (!z && uRLFetchRequest.getMethod() == URLFetchServicePb.URLFetchRequest.RequestMethod.POST) {
            buildMethod.addHeader("Content-Type", "application/x-www-form-urlencoded");
        }
        URLFetchServicePb.URLFetchResponse.Builder newBuilder = URLFetchServicePb.URLFetchResponse.newBuilder();
        try {
            HttpResponse doPrivilegedExecute = doPrivilegedExecute(uRLFetchRequest, buildMethod, newBuilder);
            HttpEntity entity = doPrivilegedExecute.getEntity();
            if (entity != null) {
                byte[] responseToByteArray = responseToByteArray(entity);
                if (responseToByteArray.length > this.maxResponseLength) {
                    responseToByteArray = new byte[this.maxResponseLength];
                    System.arraycopy(responseToByteArray, 0, responseToByteArray, 0, this.maxResponseLength);
                    newBuilder.setContentWasTruncated(true);
                }
                newBuilder.setContent(ByteString.copyFrom(responseToByteArray));
            }
            httpclientHeadersToPbHeaders(doPrivilegedExecute.getAllHeaders(), newBuilder);
            return newBuilder.build();
        } catch (SocketTimeoutException e) {
            int number3 = URLFetchServicePb.URLFetchServiceError.ErrorCode.DEADLINE_EXCEEDED.getNumber();
            String valueOf3 = String.valueOf(buildMethod.getMethod());
            String valueOf4 = String.valueOf(uRLFetchRequest.getUrl());
            throw new ApiProxy.ApplicationException(number3, new StringBuilder(36 + String.valueOf(valueOf3).length() + String.valueOf(valueOf4).length()).append("http method ").append(valueOf3).append(" against URL ").append(valueOf4).append(" timed out.").toString());
        } catch (SSLException e2) {
            int number4 = URLFetchServicePb.URLFetchServiceError.ErrorCode.SSL_CERTIFICATE_ERROR.getNumber();
            String valueOf5 = String.valueOf(uRLFetchRequest.getUrl());
            String valueOf6 = String.valueOf(e2.getMessage());
            throw new ApiProxy.ApplicationException(number4, new StringBuilder(57 + String.valueOf(valueOf5).length() + String.valueOf(valueOf6).length()).append("Couldn't validate the server's SSL certificate for URL ").append(valueOf5).append(": ").append(valueOf6).toString());
        } catch (IOException e3) {
            int number5 = URLFetchServicePb.URLFetchServiceError.ErrorCode.FETCH_ERROR.getNumber();
            String valueOf7 = String.valueOf(buildMethod.getMethod());
            String valueOf8 = String.valueOf(uRLFetchRequest.getUrl());
            String valueOf9 = String.valueOf(e3.getMessage());
            throw new ApiProxy.ApplicationException(number5, new StringBuilder(56 + String.valueOf(valueOf7).length() + String.valueOf(valueOf8).length() + String.valueOf(valueOf9).length()).append("Received exception executing http method ").append(valueOf7).append(" against URL ").append(valueOf8).append(": ").append(valueOf9).toString());
        }
    }

    private HttpResponse doPrivilegedExecute(final URLFetchServicePb.URLFetchRequest uRLFetchRequest, final HttpRequestBase httpRequestBase, final URLFetchServicePb.URLFetchResponse.Builder builder) throws IOException {
        try {
            return (HttpResponse) AccessController.doPrivileged(new PrivilegedExceptionAction<HttpResponse>() { // from class: com.google.appengine.api.urlfetch.dev.LocalURLFetchService.8
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public HttpResponse run() throws IOException {
                    boolean socketNativeMode = DevSocketImplFactory.setSocketNativeMode(true);
                    try {
                        BasicHttpContext basicHttpContext = new BasicHttpContext();
                        HttpResponse execute = (uRLFetchRequest.hasMustValidateServerCertificate() && uRLFetchRequest.getMustValidateServerCertificate()) ? LocalURLFetchService.this.getValidatingClient().execute(httpRequestBase, basicHttpContext) : LocalURLFetchService.this.getNonValidatingClient().execute(httpRequestBase, basicHttpContext);
                        builder.setStatusCode(execute.getStatusLine().getStatusCode());
                        HttpHost httpHost = (HttpHost) basicHttpContext.getAttribute(ExecutionContext.HTTP_TARGET_HOST);
                        HttpUriRequest httpUriRequest = (HttpUriRequest) basicHttpContext.getAttribute(ExecutionContext.HTTP_REQUEST);
                        String valueOf = String.valueOf(httpHost.toURI());
                        String valueOf2 = String.valueOf(httpUriRequest.getURI());
                        String sb = new StringBuilder(0 + String.valueOf(valueOf).length() + String.valueOf(valueOf2).length()).append(valueOf).append(valueOf2).toString();
                        if (!sb.equals(httpRequestBase.getURI().toString())) {
                            builder.setFinalUrl(sb);
                        }
                        return execute;
                    } finally {
                        DevSocketImplFactory.setSocketNativeMode(socketNativeMode);
                    }
                }
            });
        } catch (PrivilegedActionException e) {
            Throwable cause = e.getCause();
            if (cause instanceof IOException) {
                throw ((IOException) cause);
            }
            throw new RuntimeException(e);
        }
    }

    boolean isAllowedPort(int i) {
        if (i == -1) {
            return true;
        }
        if (i < 80 || i > 90) {
            return (i >= 440 && i <= 450) || i >= 1024;
        }
        return true;
    }

    boolean hasValidURL(URLFetchServicePb.URLFetchRequest uRLFetchRequest) {
        if (!uRLFetchRequest.hasUrl() || uRLFetchRequest.getUrl().length() == 0) {
            return false;
        }
        try {
            URL url = new URL(uRLFetchRequest.getUrl());
            if (!url.getProtocol().equals(HttpHost.DEFAULT_SCHEME_NAME) && !url.getProtocol().equals("https")) {
                return false;
            }
            if (isAllowedPort(url.getPort())) {
                return true;
            }
            this.logger.log(Level.WARNING, String.format("urlfetch received %s ; port %s is not allowed in production!", url, Integer.valueOf(url.getPort())));
            return true;
        } catch (MalformedURLException e) {
            return false;
        }
    }

    void httpclientHeadersToPbHeaders(Header[] headerArr, URLFetchServicePb.URLFetchResponse.Builder builder) {
        for (Header header : headerArr) {
            builder.addHeader(URLFetchServicePb.URLFetchResponse.Header.newBuilder().setKey(header.getName()).setValue(header.getValue()));
        }
    }

    public Double getMaximumDeadline(boolean z) {
        return Double.valueOf(z ? 600.0d : 60.0d);
    }

    public Integer getMaxApiRequestSize() {
        return 10485760;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized HttpClient getNonValidatingClient() {
        if (this.nonValidatingClient == null) {
            this.nonValidatingClient = createHttpClient(false);
        }
        return this.nonValidatingClient;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized HttpClient getValidatingClient() {
        if (this.validatingClient == null) {
            this.validatingClient = createHttpClient(true);
        }
        return this.validatingClient;
    }
}
