package cern.accsoft.security.rba.spi.request;

import cern.accsoft.commons.util.Assert;
import cern.accsoft.commons.util.FileCopyUtils;
import cern.accsoft.security.rba.keys.RBAKeyStore;
import cern.accsoft.security.rba.keys.UniversalHostnameVerifier;
import cern.accsoft.security.rba.request.AbstractRequest;
import cern.accsoft.security.rba.request.ServerRequestException;
import cern.accsoft.security.rba.request.ServerRequestInvoker;
import cern.accsoft.security.rba.response.AbstractResponse;
import cern.accsoft.security.rba.response.FaultResponse;
import cern.accsoft.security.rba.response.ResponseBuilder;
import cern.accsoft.security.rba.serialization.encode.RequestEncoder;
import cern.accsoft.security.rba.spi.Configuration;
import cern.accsoft.security.rba.spi.Constants;
import cern.accsoft.security.rba.spi.serialization.encode.RequestEncoderImpl;
import com.fasterxml.jackson.core.JsonParseException;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:cern/accsoft/security/rba/spi/request/SsoServerRequestInvoker.class */
public class SsoServerRequestInvoker implements ServerRequestInvoker {
    private static SSLSocketFactory sslFactory;
    private static Collection<TrustManager> trustMan;
    private final int readTimeout;
    private final List<String> remoteServers;
    private static final Logger LOGGER = LoggerFactory.getLogger(SsoServerRequestInvoker.class);
    private static RequestEncoder encoder = new RequestEncoderImpl();

    public SsoServerRequestInvoker() {
        this(Constants.DEFAULT_READ_TIMEOUT);
    }

    public SsoServerRequestInvoker(int i) {
        this.readTimeout = i;
        this.remoteServers = new ArrayList(Configuration.getInstance().getRemoteServers());
    }

    @Override // cern.accsoft.security.rba.request.ServerRequestInvoker
    public byte[] invokeRequest(AbstractRequest abstractRequest) throws ServerRequestException {
        Assert.notNull(abstractRequest, "Server request parameters cannot be null.");
        ArrayList arrayList = new ArrayList(this.remoteServers);
        Collections.shuffle(arrayList);
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (abstractRequest.getServletSuffix() != null) {
                str = str + abstractRequest.getServletSuffix();
            }
            try {
                return invokeRequestImpl(str, abstractRequest);
            } catch (ServerRequestException e) {
                throw e;
            } catch (Exception e2) {
                if (!it.hasNext()) {
                    LOGGER.error("Failed to send request to any of specified RBAC servers: {}", arrayList.toString());
                    throw new ServerRequestException(e2);
                }
            }
        }
        throw new ServerRequestException("RBAC remote servers are not properly defined: " + arrayList.toString(), null);
    }

    @Override // cern.accsoft.security.rba.request.ServerRequestInvoker
    public <Response extends AbstractResponse> Response invokeRequest(AbstractRequest abstractRequest, ResponseBuilder<Response> responseBuilder) throws ServerRequestException {
        throw new UnsupportedOperationException("Operation is no longer supported");
    }

    private byte[] invokeRequestImpl(String str, AbstractRequest abstractRequest) throws Exception {
        LOGGER.debug("Trying to send request to the RBAC server '{}' ...", str);
        HttpURLConnection createHttpConnection = createHttpConnection(str);
        encodeParameters(createHttpConnection, abstractRequest);
        createHttpConnection.connect();
        LOGGER.info("Connected to remote RBAC server '{}'", str);
        if (createHttpConnection.getResponseCode() == 200) {
            LOGGER.debug("Request sent successfully to the RBAC server '{}'", str);
            return FileCopyUtils.copyToByteArray(createHttpConnection.getInputStream());
        }
        byte[] copyToByteArray = FileCopyUtils.copyToByteArray(createHttpConnection.getErrorStream());
        try {
            FaultResponse faultResponse = (FaultResponse) new ObjectMapper().readValue(copyToByteArray, FaultResponse.class);
            LOGGER.warn("Request to the RBAC server '{}' failed with code {} : {}\n stacktrace:{}", new Object[]{str, faultResponse.getMessage(), faultResponse.getStacktrace()});
            throw new ServerRequestException(faultResponse.getMessage(), null);
        } catch (JsonParseException e) {
            LOGGER.warn("Parsing JSON failed: {}", e.getMessage(), e);
            throw new ServerRequestException("Expected JSON response but received: " + new String(copyToByteArray, StandardCharsets.UTF_8), e);
        }
    }

    private HttpURLConnection createHttpConnection(String str) throws Exception {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
        httpURLConnection.setConnectTimeout(Constants.DEFAULT_CONNECT_TIMEOUT);
        httpURLConnection.setReadTimeout(this.readTimeout);
        httpURLConnection.setRequestMethod("POST");
        httpURLConnection.addRequestProperty("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
        httpURLConnection.setUseCaches(false);
        if (httpURLConnection instanceof HttpsURLConnection) {
            sslFactory = getSocketFactory();
            ((HttpsURLConnection) httpURLConnection).setSSLSocketFactory(sslFactory);
            ((HttpsURLConnection) httpURLConnection).setHostnameVerifier(UniversalHostnameVerifier.getInstance());
        }
        httpURLConnection.setDoOutput(true);
        return httpURLConnection;
    }

    private void encodeParameters(HttpURLConnection httpURLConnection, AbstractRequest abstractRequest) throws IOException {
        PrintWriter printWriter = new PrintWriter(httpURLConnection.getOutputStream(), false);
        try {
            printWriter.print(encoder.encodeRequest(abstractRequest));
            printWriter.flush();
            printWriter.close();
        } catch (Throwable th) {
            printWriter.close();
            throw th;
        }
    }

    private static synchronized SSLSocketFactory getSocketFactory() throws Exception {
        if (sslFactory != null) {
            return sslFactory;
        }
        try {
            if (trustMan == null) {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(RBAKeyStore.getPublicKeyStore());
                trustMan = Arrays.asList(trustManagerFactory.getTrustManagers());
            }
            try {
                SSLContext sSLContext = SSLContext.getInstance("SSL");
                sSLContext.init(new KeyManager[0], (TrustManager[]) trustMan.toArray(new TrustManager[trustMan.size()]), null);
                sslFactory = sSLContext.getSocketFactory();
                return sslFactory;
            } catch (Exception e) {
                throw new Exception("Can't initialize SSL protocol: " + e.getMessage(), e);
            }
        } catch (Exception e2) {
            throw new Exception("Can't load trust store: " + e2.getMessage(), e2);
        }
    }
}
