package org.jolokia.jvmagent.security;

import com.sun.net.httpserver.Authenticator;
import com.sun.net.httpserver.HttpExchange;
import com.sun.net.httpserver.HttpPrincipal;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Stack;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.jolokia.util.EscapeUtil;
import org.json.simple.JSONArray;
import org.json.simple.JSONObject;
import org.json.simple.parser.JSONParser;
import org.json.simple.parser.ParseException;

/* loaded from: input_file:jolokia-jvm-1.5.0-agent.jar:org/jolokia/jvmagent/security/DelegatingAuthenticator.class */
public class DelegatingAuthenticator extends Authenticator {
    private final URL delegateURL;
    private final PrincipalExtractor principalExtractor;
    private final String realm;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:jolokia-jvm-1.5.0-agent.jar:org/jolokia/jvmagent/security/DelegatingAuthenticator$EmptyPrincipalExtractor.class */
    public class EmptyPrincipalExtractor implements PrincipalExtractor {
        private EmptyPrincipalExtractor() {
        }

        @Override // org.jolokia.jvmagent.security.DelegatingAuthenticator.PrincipalExtractor
        public HttpPrincipal extract(URLConnection uRLConnection) {
            return new HttpPrincipal("", DelegatingAuthenticator.this.realm);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:jolokia-jvm-1.5.0-agent.jar:org/jolokia/jvmagent/security/DelegatingAuthenticator$JsonPathExtractor.class */
    public class JsonPathExtractor implements PrincipalExtractor {
        private String path;

        public JsonPathExtractor(String str) {
            this.path = str;
        }

        @Override // org.jolokia.jvmagent.security.DelegatingAuthenticator.PrincipalExtractor
        public HttpPrincipal extract(URLConnection uRLConnection) throws IOException, ParseException {
            Object parse = new JSONParser().parse(new InputStreamReader(uRLConnection.getInputStream()));
            Stack<String> extractElementsFromPath = EscapeUtil.extractElementsFromPath(this.path);
            Object obj = parse;
            while (true) {
                Object obj2 = obj;
                if (extractElementsFromPath.isEmpty()) {
                    return new HttpPrincipal(obj2.toString(), DelegatingAuthenticator.this.realm);
                }
                if (obj2 == null) {
                    throw new IllegalArgumentException("No path '" + this.path + "' found in " + parse.toString());
                }
                obj = extractValue(obj2, extractElementsFromPath.pop());
            }
        }

        private Object extractValue(Object obj, String str) {
            if (obj instanceof JSONObject) {
                return ((JSONObject) obj).get(str);
            }
            if (obj instanceof JSONArray) {
                return ((JSONArray) obj).get(Integer.parseInt(str));
            }
            return null;
        }
    }

    /* loaded from: input_file:jolokia-jvm-1.5.0-agent.jar:org/jolokia/jvmagent/security/DelegatingAuthenticator$PrincipalExtractor.class */
    private interface PrincipalExtractor {
        HttpPrincipal extract(URLConnection uRLConnection) throws IOException, ParseException;
    }

    public DelegatingAuthenticator(String str, String str2, String str3, boolean z) {
        this.realm = str;
        try {
            this.delegateURL = new URL(str2);
            this.principalExtractor = createPrincipalExtractor(str3);
            if (z) {
                disableSSLCertificateChecking();
            }
        } catch (MalformedURLException e) {
            throw new IllegalArgumentException("Invalid delegation url '" + str2 + "' given: " + e, e);
        }
    }

    public Authenticator.Result authenticate(HttpExchange httpExchange) {
        try {
            URLConnection openConnection = this.delegateURL.openConnection();
            openConnection.addRequestProperty("Authorization", httpExchange.getRequestHeaders().getFirst("Authorization"));
            openConnection.setConnectTimeout(2000);
            openConnection.connect();
            if ((openConnection instanceof HttpURLConnection) && ((HttpURLConnection) openConnection).getResponseCode() == 200) {
                return new Authenticator.Success(this.principalExtractor.extract(openConnection));
            }
            return new Authenticator.Failure(401);
        } catch (IOException e) {
            return prepareFailure(httpExchange, "Cannot call delegate url " + this.delegateURL + ": " + e, 503);
        } catch (IllegalArgumentException e2) {
            return prepareFailure(httpExchange, "Illegal Argument: " + e2, 400);
        } catch (ParseException e3) {
            return prepareFailure(httpExchange, "Invalid JSON response: " + e3, 422);
        }
    }

    private Authenticator.Result prepareFailure(HttpExchange httpExchange, String str, int i) {
        httpExchange.getResponseHeaders().add("X-Error-Details", str);
        return new Authenticator.Failure(i);
    }

    private PrincipalExtractor createPrincipalExtractor(String str) {
        if (str == null || str.startsWith("empty:")) {
            return new EmptyPrincipalExtractor();
        }
        if (str.startsWith("json:")) {
            return new JsonPathExtractor(str.substring("json:".length()));
        }
        throw new IllegalArgumentException("No principal extractor found for spec '" + str + "'");
    }

    private static void disableSSLCertificateChecking() {
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: org.jolokia.jvmagent.security.DelegatingAuthenticator.1
            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }
        }};
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
            HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { // from class: org.jolokia.jvmagent.security.DelegatingAuthenticator.2
                @Override // javax.net.ssl.HostnameVerifier
                public boolean verify(String str, SSLSession sSLSession) {
                    return true;
                }
            });
        } catch (KeyManagementException e) {
            throw new IllegalArgumentException("Disabling SSL certificate failed: " + e, e);
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalArgumentException("Disabling SSL certificate failed: " + e2, e2);
        }
    }
}
