package io.hawt.web;

import com.google.common.net.HttpHeaders;
import io.hawt.system.ConfigManager;
import io.hawt.system.Helpers;
import io.hawt.system.ProxyWhitelist;
import io.hawt.util.Strings;
import java.io.Closeable;
import java.io.IOException;
import java.io.InputStream;
import java.net.ConnectException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.BitSet;
import java.util.Enumeration;
import java.util.Formatter;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.codec.binary.Base64;
import org.apache.http.Header;
import org.apache.http.HttpEntity;
import org.apache.http.HttpHost;
import org.apache.http.HttpRequest;
import org.apache.http.HttpResponse;
import org.apache.http.HttpStatus;
import org.apache.http.client.CookieStore;
import org.apache.http.client.methods.AbortableHttpRequest;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.utils.URIUtils;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContextBuilder;
import org.apache.http.conn.ssl.TrustStrategy;
import org.apache.http.entity.InputStreamEntity;
import org.apache.http.impl.client.BasicCookieStore;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicHeader;
import org.apache.http.message.BasicHttpEntityEnclosingRequest;
import org.apache.http.message.BasicHttpRequest;
import org.apache.http.message.HeaderGroup;
import org.apache.http.protocol.HTTP;
import org.apache.http.util.EntityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/hawtio-system-1.4.0.redhat-630488.jar:io/hawt/web/ProxyServlet.class */
public class ProxyServlet extends HttpServlet {
    private static final transient Logger LOG;

    @Deprecated
    public static final String P_LOG = "log";
    public static final String P_FORWARDEDFOR = "forwardip";
    private static final String PROXY_ACCEPT_SELF_SIGNED_CERTS = "hawtio.proxyDisableCertificateValidation";
    private static final String PROXY_ACCEPT_SELF_SIGNED_CERTS_ENV = "PROXY_DISABLE_CERT_VALIDATION";
    public static final String PROXY_WHITELIST = "proxyWhitelist";
    public static final String LOCAL_ADDRESS_PROBING = "localAddressProbing";
    public static final String DISABLE_PROXY = "disableProxy";
    public static final String HAWTIO_PROXY_WHITELIST = "hawtio.proxyWhitelist";
    public static final String HAWTIO_LOCAL_ADDRESS_PROBING = "hawtio.localAddressProbing";
    public static final String HAWTIO_DISABLE_PROXY = "hawtio.disableProxy";
    protected boolean enabled = true;
    protected boolean doLog = false;
    protected boolean doForwardIP = true;
    protected boolean acceptSelfSignedCerts = false;
    protected ProxyWhitelist whitelist;
    protected CloseableHttpClient proxyClient;
    private CookieStore cookieStore;
    protected static final HeaderGroup hopByHopHeaders;
    protected static final BitSet asciiQueryChars;
    static final /* synthetic */ boolean $assertionsDisabled;

    public String getServletInfo() {
        return "A proxy servlet by David Smiley, dsmiley@mitre.org";
    }

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        ConfigManager configManager = (ConfigManager) getServletContext().getAttribute("ConfigManager");
        this.enabled = !configManager.getBoolean(DISABLE_PROXY, false);
        if (!this.enabled) {
            LOG.info("Proxy servlet is disabled");
            return;
        }
        this.whitelist = new ProxyWhitelist(configManager.get(PROXY_WHITELIST, servletConfig.getInitParameter(PROXY_WHITELIST)), configManager.getBoolean(LOCAL_ADDRESS_PROBING, true));
        String initParameter = servletConfig.getInitParameter(P_FORWARDEDFOR);
        if (initParameter != null) {
            this.doForwardIP = Boolean.parseBoolean(initParameter);
        }
        String initParameter2 = servletConfig.getInitParameter(P_LOG);
        if (initParameter2 != null) {
            this.doLog = Boolean.parseBoolean(initParameter2);
        }
        this.cookieStore = new BasicCookieStore();
        HttpClientBuilder useSystemProperties = HttpClients.custom().setDefaultCookieStore(this.cookieStore).useSystemProperties();
        if (System.getProperty(PROXY_ACCEPT_SELF_SIGNED_CERTS) != null) {
            this.acceptSelfSignedCerts = Boolean.parseBoolean(System.getProperty(PROXY_ACCEPT_SELF_SIGNED_CERTS));
        } else if (System.getenv(PROXY_ACCEPT_SELF_SIGNED_CERTS_ENV) != null) {
            this.acceptSelfSignedCerts = Boolean.parseBoolean(System.getenv(PROXY_ACCEPT_SELF_SIGNED_CERTS_ENV));
        }
        if (this.acceptSelfSignedCerts) {
            try {
                SSLContextBuilder sSLContextBuilder = new SSLContextBuilder();
                sSLContextBuilder.loadTrustMaterial(null, new TrustStrategy() { // from class: io.hawt.web.ProxyServlet.1
                    @Override // org.apache.http.ssl.TrustStrategy
                    public boolean isTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                        return true;
                    }
                });
                useSystemProperties.setSSLSocketFactory(new SSLConnectionSocketFactory(sSLContextBuilder.build(), SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER));
            } catch (KeyManagementException e) {
                throw new ServletException(e);
            } catch (KeyStoreException e2) {
                throw new ServletException(e2);
            } catch (NoSuchAlgorithmException e3) {
                throw new ServletException(e3);
            }
        }
        this.proxyClient = useSystemProperties.build();
    }

    public void destroy() {
        try {
            if (this.proxyClient != null) {
                this.proxyClient.close();
            }
        } catch (IOException e) {
            log("While destroying servlet, shutting down httpclient: " + e, e);
            LOG.error("While destroying servlet, shutting down httpclient: " + e, e);
        }
        super.destroy();
    }

    protected void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        BasicHttpRequest basicHttpRequest;
        if ("/enabled".equals(httpServletRequest.getPathInfo())) {
            ServletHelpers.sendJSONResponse(httpServletResponse, this.enabled);
            return;
        }
        if (!this.enabled) {
            httpServletResponse.setStatus(404);
            return;
        }
        ProxyDetails proxyDetails = new ProxyDetails(httpServletRequest);
        if (proxyDetails == null || proxyDetails.getFullProxyUrl() == null) {
            httpServletResponse.setStatus(404);
            return;
        }
        if (!this.whitelist.isAllowed(proxyDetails)) {
            LOG.debug("Rejecting {}", proxyDetails);
            Helpers.doForbidden(httpServletResponse);
            return;
        }
        String method = httpServletRequest.getMethod();
        String fullProxyUrl = proxyDetails.getFullProxyUrl();
        try {
            URI uri = new URI(fullProxyUrl);
            if (httpServletRequest.getHeader("Content-Length") == null && httpServletRequest.getHeader("Transfer-Encoding") == null) {
                basicHttpRequest = new BasicHttpRequest(method, fullProxyUrl);
            } else {
                BasicHttpEntityEnclosingRequest basicHttpEntityEnclosingRequest = new BasicHttpEntityEnclosingRequest(method, fullProxyUrl);
                basicHttpEntityEnclosingRequest.setEntity(new InputStreamEntity((InputStream) httpServletRequest.getInputStream(), httpServletRequest.getContentLength()));
                basicHttpRequest = basicHttpEntityEnclosingRequest;
            }
            copyRequestHeaders(httpServletRequest, basicHttpRequest, uri);
            String userName = proxyDetails.getUserName();
            String password = proxyDetails.getPassword();
            if (Strings.isNotBlank(userName) && Strings.isNotBlank(password)) {
                basicHttpRequest.setHeader("Authorization", "Basic " + Base64.encodeBase64String((userName + ":" + password).getBytes()));
            }
            Header firstHeader = basicHttpRequest.getFirstHeader("Authorization");
            if (firstHeader != null) {
                String value = firstHeader.getValue();
                HttpSession session = httpServletRequest.getSession();
                if (session != null) {
                    String str = (String) session.getAttribute("proxy-credentials");
                    if (str != null && !str.equals(value)) {
                        this.cookieStore.clear();
                    }
                    session.setAttribute("proxy-credentials", value);
                }
            }
            setXForwardedForHeader(httpServletRequest, basicHttpRequest);
            HttpResponse httpResponse = null;
            try {
                try {
                    if (this.doLog) {
                        log("proxy " + method + " uri: " + httpServletRequest.getRequestURI() + " -- " + basicHttpRequest.getRequestLine().getUri());
                    }
                    LOG.debug("proxy {} uri: {} -- {}", new Object[]{method, httpServletRequest.getRequestURI(), basicHttpRequest.getRequestLine().getUri()});
                    CloseableHttpResponse execute = this.proxyClient.execute(URIUtils.extractHost(uri), (HttpRequest) basicHttpRequest);
                    int statusCode = execute.getStatusLine().getStatusCode();
                    if (statusCode == 401 || statusCode == 403) {
                        throw new SecurityException("Authentication Failed on remote server " + fullProxyUrl);
                    }
                    if (doResponseRedirectOrNotModifiedLogic(httpServletRequest, httpServletResponse, execute, statusCode, uri)) {
                        if (execute != null) {
                            EntityUtils.consumeQuietly(execute.getEntity());
                        }
                    } else {
                        httpServletResponse.setStatus(statusCode, execute.getStatusLine().getReasonPhrase());
                        copyResponseHeaders(execute, httpServletResponse);
                        copyResponseEntity(execute, httpServletResponse);
                        if (execute != null) {
                            EntityUtils.consumeQuietly(execute.getEntity());
                        }
                    }
                } catch (Exception e) {
                    if (basicHttpRequest instanceof AbortableHttpRequest) {
                        ((AbortableHttpRequest) basicHttpRequest).abort();
                    }
                    LOG.debug("Proxy to " + fullProxyUrl + " failed", e);
                    if ((e instanceof ConnectException) || (e instanceof UnknownHostException)) {
                        httpServletResponse.setStatus(404);
                    } else if (e instanceof ServletException) {
                        httpServletResponse.sendError(HttpStatus.SC_BAD_GATEWAY, e.getMessage());
                    } else {
                        httpServletResponse.sendError(HttpStatus.SC_INTERNAL_SERVER_ERROR, e.getMessage());
                    }
                    if (0 != 0) {
                        EntityUtils.consumeQuietly(httpResponse.getEntity());
                    }
                }
            } catch (Throwable th) {
                if (0 != 0) {
                    EntityUtils.consumeQuietly(httpResponse.getEntity());
                }
                throw th;
            }
        } catch (URISyntaxException e2) {
            LOG.debug("URL '{}' is not valid: {}", fullProxyUrl, e2.getMessage());
            httpServletResponse.setStatus(404);
        }
    }

    protected boolean doResponseRedirectOrNotModifiedLogic(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpResponse httpResponse, int i, URI uri) throws ServletException, IOException {
        if (i < 300 || i >= 304) {
            if (i != 304) {
                return false;
            }
            httpServletResponse.setIntHeader("Content-Length", 0);
            httpServletResponse.setStatus(HttpStatus.SC_NOT_MODIFIED);
            return true;
        }
        Header lastHeader = httpResponse.getLastHeader("Location");
        if (lastHeader == null) {
            throw new ServletException("Received status code: " + i + " but no Location header was found in the response");
        }
        httpServletResponse.sendRedirect(rewriteUrlFromResponse(httpServletRequest, lastHeader.getValue(), uri.toString()));
        return true;
    }

    protected void closeQuietly(Closeable closeable) {
        try {
            closeable.close();
        } catch (IOException e) {
            log(e.getMessage(), e);
        }
    }

    protected void copyRequestHeaders(HttpServletRequest httpServletRequest, HttpRequest httpRequest, URI uri) {
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String str = (String) headerNames.nextElement();
            if (!str.equalsIgnoreCase("Content-Length") && !hopByHopHeaders.containsHeader(str)) {
                Enumeration headers = httpServletRequest.getHeaders(str);
                while (headers.hasMoreElements()) {
                    String str2 = (String) headers.nextElement();
                    if (str.equalsIgnoreCase("Host")) {
                        HttpHost extractHost = URIUtils.extractHost(uri);
                        str2 = extractHost.getHostName();
                        if (extractHost.getPort() != -1) {
                            str2 = str2 + ":" + extractHost.getPort();
                        }
                    }
                    httpRequest.addHeader(str, str2);
                }
            }
        }
    }

    private void setXForwardedForHeader(HttpServletRequest httpServletRequest, HttpRequest httpRequest) {
        if (this.doForwardIP) {
            String remoteAddr = httpServletRequest.getRemoteAddr();
            String header = httpServletRequest.getHeader(HttpHeaders.X_FORWARDED_FOR);
            if (header != null) {
                remoteAddr = header + ", " + remoteAddr;
            }
            httpRequest.setHeader(HttpHeaders.X_FORWARDED_FOR, remoteAddr);
        }
    }

    protected void copyResponseHeaders(HttpResponse httpResponse, HttpServletResponse httpServletResponse) {
        for (Header header : httpResponse.getAllHeaders()) {
            if (!hopByHopHeaders.containsHeader(header.getName())) {
                httpServletResponse.addHeader(header.getName(), header.getValue());
            }
        }
    }

    protected void copyResponseEntity(HttpResponse httpResponse, HttpServletResponse httpServletResponse) throws IOException {
        HttpEntity entity = httpResponse.getEntity();
        if (entity != null) {
            entity.writeTo(httpServletResponse.getOutputStream());
        }
    }

    protected String rewriteUrlFromResponse(HttpServletRequest httpServletRequest, String str, String str2) {
        if (str.startsWith(str2)) {
            String stringBuffer = httpServletRequest.getRequestURL().toString();
            String pathInfo = httpServletRequest.getPathInfo();
            if (pathInfo != null) {
                if (!$assertionsDisabled && !stringBuffer.endsWith(pathInfo)) {
                    throw new AssertionError();
                }
                stringBuffer = stringBuffer.substring(0, stringBuffer.length() - pathInfo.length());
            }
            str = stringBuffer + str.substring(str2.length());
        }
        return str;
    }

    protected static CharSequence encodeUriQuery(CharSequence charSequence) {
        StringBuilder sb = null;
        Formatter formatter = null;
        for (int i = 0; i < charSequence.length(); i++) {
            char charAt = charSequence.charAt(i);
            boolean z = true;
            if (charAt < 128) {
                if (asciiQueryChars.get(charAt)) {
                    z = false;
                }
            } else if (!Character.isISOControl(charAt) && !Character.isSpaceChar(charAt)) {
                z = false;
            }
            if (z) {
                if (sb == null) {
                    sb = new StringBuilder(charSequence.length() + 15);
                    sb.append(charSequence, 0, i);
                    formatter = new Formatter(sb);
                }
                formatter.format("%%%02X", Integer.valueOf(charAt));
            } else if (sb != null) {
                sb.append(charAt);
            }
        }
        return sb != null ? sb : charSequence;
    }

    static {
        $assertionsDisabled = !ProxyServlet.class.desiredAssertionStatus();
        LOG = LoggerFactory.getLogger(ProxyServlet.class);
        hopByHopHeaders = new HeaderGroup();
        for (String str : new String[]{"Connection", HTTP.CONN_KEEP_ALIVE, "Proxy-Authenticate", "Proxy-Authorization", "TE", "Trailers", "Transfer-Encoding", "Upgrade", "Cookie", "Set-Cookie"}) {
            hopByHopHeaders.addHeader(new BasicHeader(str, null));
        }
        char[] charArray = "_-!.~'()*".toCharArray();
        char[] charArray2 = ",;:$&+=".toCharArray();
        char[] charArray3 = "?/[]@".toCharArray();
        asciiQueryChars = new BitSet(128);
        char c = 'a';
        while (true) {
            char c2 = c;
            if (c2 > 'z') {
                break;
            }
            asciiQueryChars.set(c2);
            c = (char) (c2 + 1);
        }
        char c3 = 'A';
        while (true) {
            char c4 = c3;
            if (c4 > 'Z') {
                break;
            }
            asciiQueryChars.set(c4);
            c3 = (char) (c4 + 1);
        }
        char c5 = '0';
        while (true) {
            char c6 = c5;
            if (c6 > '9') {
                break;
            }
            asciiQueryChars.set(c6);
            c5 = (char) (c6 + 1);
        }
        for (char c7 : charArray) {
            asciiQueryChars.set(c7);
        }
        for (char c8 : charArray2) {
            asciiQueryChars.set(c8);
        }
        for (char c9 : charArray3) {
            asciiQueryChars.set(c9);
        }
        asciiQueryChars.set(37);
    }
}
