package org.openjump.util;

import com.vividsolutions.jump.I18N;
import com.vividsolutions.jump.io.geojson.GeoJSONConstants;
import com.vividsolutions.jump.workbench.Logger;
import com.vividsolutions.jump.workbench.ui.network.ProxySettingsOptionsPanel;
import com.vividsolutions.wms.WMSException;
import java.awt.Component;
import java.awt.Dialog;
import java.awt.Dimension;
import java.awt.event.HierarchyEvent;
import java.awt.event.HierarchyListener;
import java.awt.image.BufferedImage;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLConnection;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Set;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.swing.JEditorPane;
import javax.swing.JOptionPane;
import javax.swing.JScrollPane;
import javax.swing.SwingUtilities;
import javax.swing.border.Border;
import org.apache.commons.codec.binary.Base64;
import org.libtiff.jai.codec.XTIFF;

/* loaded from: input_file:org/openjump/util/URLConnectionProvider.class */
public class URLConnectionProvider {
    public static String KEY = URLConnectionProvider.class.getName() + " - UNCERTIFIED_AUTHORIZED_URL";
    private static Set<URL> trustedURLs = new HashSet();
    public static URLConnectionProvider instance;
    private TrustManager trm = new X509TrustManager() { // from class: org.openjump.util.URLConnectionProvider.3
        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }
    };

    private URLConnectionProvider() {
    }

    public static URLConnectionProvider getInstance() {
        if (instance == null) {
            instance = new URLConnectionProvider();
        }
        return instance;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:9:0x0064. Please report as an issue. */
    public HttpURLConnection getHttpConnection(URL url, boolean z) throws IOException {
        HttpURLConnection httpConnection = getHttpConnection(url);
        httpConnection.setInstanceFollowRedirects(false);
        int i = 0;
        URL url2 = null;
        URL url3 = httpConnection.getURL();
        while (z && !url3.equals(url2)) {
            i++;
            if (i >= 20) {
                throw new WMSException("To many redirects (" + i + ") for Url: " + url);
            }
            httpConnection = getHttpConnection(url3);
            httpConnection.setInstanceFollowRedirects(false);
            switch (httpConnection.getResponseCode()) {
                case XTIFF.TIFFTAG_TRANSFERFUNCTION /* 301 */:
                case 302:
                    String decode = URLDecoder.decode(httpConnection.getHeaderField("Location"), GeoJSONConstants.CHARSET);
                    url2 = httpConnection.getURL();
                    url3 = new URL(url2, decode);
                    Logger.warn("Follow http redirect to: " + url3);
            }
        }
        return httpConnection;
    }

    @Deprecated
    public URLConnection getConnection(URL url) throws IOException {
        return getHttpConnection(url, true);
    }

    public HttpURLConnection getHttpConnection(URL url) throws IOException {
        if (!url.getProtocol().matches("^(?i:https?)$")) {
            throw new IOException("Please provide an http(s):// url.");
        }
        HttpURLConnection applyParametersAndSettings = applyParametersAndSettings((HttpURLConnection) url.openConnection());
        URL url2 = new URL(url.getProtocol(), url.getHost(), url.getPort(), url.getPath());
        try {
            setTrustOption(false, url2);
            applyParametersAndSettings.connect();
            return applyParametersAndSettings;
        } catch (GeneralSecurityException | SSLException e) {
            if (!isTrusted(url2) && !askIfUserAllowsInvalidCertificate(url2)) {
                throw new IOException(e);
            }
            try {
                setTrustOption(true, url2);
                return applyParametersAndSettings((HttpURLConnection) url.openConnection());
            } catch (GeneralSecurityException e2) {
                throw new IOException(e2);
            }
        }
    }

    private HttpURLConnection applyParametersAndSettings(HttpURLConnection httpURLConnection) {
        String userInfo = httpURLConnection.getURL().getUserInfo();
        if (userInfo != null) {
            String encodeBase64String = Base64.encodeBase64String(UriUtil.urlDecode(userInfo).getBytes(StandardCharsets.UTF_8));
            httpURLConnection.setRequestProperty("Authorization", "Basic " + encodeBase64String);
            Logger.trace("Added auth header 'Authorization: Basic " + encodeBase64String + "'");
        }
        httpURLConnection.setConnectTimeout(Integer.parseInt(ProxySettingsOptionsPanel.getInstance().getSetting(ProxySettingsOptionsPanel.OPEN_TIMEOUT_KEY).toString()));
        httpURLConnection.setReadTimeout(Integer.parseInt(ProxySettingsOptionsPanel.getInstance().getSetting(ProxySettingsOptionsPanel.READ_TIMEOUT_KEY).toString()));
        return httpURLConnection;
    }

    private boolean askIfUserAllowsInvalidCertificate(URL url) {
        final JEditorPane jEditorPane = new JEditorPane("text/plain", I18N.getInstance().get("com.vididsolutions.wms.WMService.UnverifiedCertificate", UriUtil.urlStripPassword(url.toString()))) { // from class: org.openjump.util.URLConnectionProvider.1
            public boolean getScrollableTracksViewportWidth() {
                return true;
            }
        };
        jEditorPane.setSize(new Dimension(400, 10));
        jEditorPane.setPreferredSize(new Dimension(400, jEditorPane.getPreferredSize().height));
        jEditorPane.setBackground(new JOptionPane().getBackground());
        jEditorPane.setBorder((Border) null);
        JScrollPane jScrollPane = new JScrollPane(jEditorPane);
        jScrollPane.setBorder((Border) null);
        jEditorPane.addHierarchyListener(new HierarchyListener() { // from class: org.openjump.util.URLConnectionProvider.2
            public void hierarchyChanged(HierarchyEvent hierarchyEvent) {
                Dialog windowAncestor = SwingUtilities.getWindowAncestor(jEditorPane);
                if (windowAncestor instanceof Dialog) {
                    Dialog dialog = windowAncestor;
                    if (!dialog.isResizable()) {
                        dialog.setResizable(true);
                    }
                    dialog.setIconImage(new BufferedImage(1, 1, 3));
                    dialog.pack();
                }
            }
        });
        return JOptionPane.showConfirmDialog((Component) null, jScrollPane, "Confirmation dialog", 0, 2) == 0;
    }

    private void setTrustOption(boolean z, URL url) throws GeneralSecurityException {
        SSLContext sSLContext = SSLContext.getInstance("SSL");
        String host = url != null ? url.getHost() : "";
        if (z || (url != null && trustedURLs.contains(url))) {
            Logger.info("Certificate verification for trusted host '" + host + "' is disabled'");
            sSLContext.init(null, new TrustManager[]{this.trm}, null);
            trustedURLs.add(url);
        } else {
            Logger.debug("Using the system trust manager to verify certificate for host '" + host + "'.");
            sSLContext.init(null, null, null);
        }
        HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
    }

    private boolean isTrusted(URL url) {
        return trustedURLs.contains(url);
    }
}
