package org.apache.jetspeed.portletcontainer.service;

import com.ibm.logging.ILogger;
import com.ibm.logging.IRecordType;
import com.ibm.logging.mgr.LogManager;
import com.ibm.net.ssl.HttpsURLConnection;
import com.ibm.net.ssl.KeyManager;
import com.ibm.net.ssl.KeyManagerFactory;
import com.ibm.net.ssl.SSLContext;
import com.ibm.net.ssl.TrustManager;
import com.ibm.net.ssl.TrustManagerFactory;
import com.ibm.servlet.personalization.context.PConstants;
import com.ibm.wcm.CMConstants;
import com.ibm.wcp.analysis.util.LogConstants;
import com.ibm.wps.command.webservices.UDDIConstants;
import com.ibm.wps.portletservice.credentialvault.CredentialSecretNotSetException;
import com.ibm.wps.portletservice.credentialvault.CredentialVaultService;
import com.ibm.wps.portletservice.credentialvault.credentials.UserPasswordPassiveCredential;
import com.ibm.wps.services.config.Config;
import com.ibm.wps.services.portletserviceregistry.PortletServiceRegistry;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.Socket;
import java.net.URL;
import java.net.URLConnection;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletConfig;
import org.apache.jetspeed.portlet.PortletRequest;
import org.apache.jetspeed.portlet.PortletResponse;
import org.apache.jetspeed.portlet.service.ContentAccessService;
import org.apache.jetspeed.portlet.service.PortletServiceException;
import org.apache.jetspeed.portlet.service.PortletServiceUnavailableException;
import org.apache.jetspeed.portlet.service.spi.PortletServiceConfig;
import org.apache.jetspeed.portlet.service.spi.PortletServiceProvider;
import sun.misc.BASE64Encoder;
import sun.net.www.protocol.http.HttpURLConnection;

/* loaded from: input_file:plugins/com.ibm.wps_4.2.0.1/wps.jar:org/apache/jetspeed/portletcontainer/service/ContentAccessServiceImpl.class */
public class ContentAccessServiceImpl implements ContentAccessService, PortletServiceProvider, Map {
    public static final String USE_DISK_CACHE = "use.disk.cache";
    public static final String BUFFER_SIZE = "buffer.size";
    public static final String PROXY_HTTP_HOST = "proxy.http.host";
    public static final String PROXY_HTTPS_HOST = "proxy.https.host";
    public static final String PROXY_HTTP_PORT = "proxy.http.port";
    public static final String PROXY_HTTPS_PORT = "proxy.https.port";
    public static final String MAX_FOLLOW_REDIRECTS = "max.follow.redirects";
    public static final String NO_PROXY_FOR = "no.proxy.for";
    public static final String PROTOCOL_HANDLERS = "protocol.handlers";
    public static final String KEY_STORE_URL = "key.store.url";
    public static final String KEY_STORE_PSWD = "key.store.pswd";
    public static final String KEY_STORE_FORMAT = "key.store.format";
    public static final String TRUST_STORE_URL = "trust.store.url";
    public static final String TRUST_STORE_PSWD = "trust.store.pswd";
    public static final String TRUST_STORE_FORMAT = "trust.store.format";
    public static final String PROXY_AUTHENTICATION_ENABLED = "proxy.auth.enabled";
    public static final Class VAULT_SERVICE;
    private static final Map EMPTY_MAP;
    private static final String cSlotId = "predefined.credential.ContentAccessProxy";
    static Class class$com$ibm$wps$portletservice$credentialvault$CredentialVaultService;
    private String proxyName = null;
    private String httpsProxyName = null;
    private String[] noProxyURLs = null;
    private int proxyPort = 80;
    private int httpsProxyPort = 80;
    private int maxFollowRedirects = 10;
    private int bufferSize = 4096;
    private int maxRetries = 5;
    private ServletConfig servletConfig = null;
    private boolean doUseDiskCache = false;
    private boolean iAuthInUse = false;
    private URL ksURL = null;
    private String ksPwd = null;
    private String ksFMT = "JKS";
    private URL tsURL = null;
    private String tsPwd = null;
    private String tsFMT = "JKS";
    private LogManager logMgr = LogManager.getManager();
    private ILogger msgLog = this.logMgr.getMessageLogger("TurbineMessageLogger");
    private ILogger trcLog = this.logMgr.getMessageLogger("TurbineTraceLogger");
    private CredentialVaultService iVaultService = null;
    private KeyManager[] km = null;
    private TrustManager[] tm = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:plugins/com.ibm.wps_4.2.0.1/wps.jar:org/apache/jetspeed/portletcontainer/service/ContentAccessServiceImpl$SSLTunnelSocketFactory.class */
    public class SSLTunnelSocketFactory extends SSLSocketFactory {
        private SSLSocketFactory dfactory;
        private final ContentAccessServiceImpl this$0;

        public SSLTunnelSocketFactory(ContentAccessServiceImpl contentAccessServiceImpl, SSLSocketFactory sSLSocketFactory) {
            this.this$0 = contentAccessServiceImpl;
            this.dfactory = null;
            this.dfactory = sSLSocketFactory;
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException, UnknownHostException {
            SSLSocket sSLSocket;
            if (this.this$0.httpsProxyName == null || this.this$0.httpsProxyName.equals("")) {
                sSLSocket = (SSLSocket) this.dfactory.createSocket(socket, str, i, z);
            } else {
                Socket socket2 = new Socket(this.this$0.httpsProxyName, this.this$0.httpsProxyPort);
                doTunnelHandshake(socket2, str, i);
                sSLSocket = (SSLSocket) this.dfactory.createSocket(socket2, str, i, z);
            }
            if (sSLSocket != null) {
                sSLSocket.startHandshake();
            }
            return sSLSocket;
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public String[] getDefaultCipherSuites() {
            return this.dfactory.getDefaultCipherSuites();
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public String[] getSupportedCipherSuites() {
            return this.dfactory.getSupportedCipherSuites();
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
            return createSocket(inetAddress.toString(), i);
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
            return this.dfactory.createSocket(inetAddress, i, inetAddress2, i2);
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(String str, int i) throws IOException, UnknownHostException {
            SSLSocket sSLSocket;
            if (this.this$0.httpsProxyName == null || this.this$0.httpsProxyName.equals("")) {
                sSLSocket = (SSLSocket) this.dfactory.createSocket(str, i);
            } else {
                Socket socket = new Socket(this.this$0.httpsProxyName, this.this$0.httpsProxyPort);
                doTunnelHandshake(socket, str, i);
                sSLSocket = (SSLSocket) this.dfactory.createSocket(socket, str, i, true);
            }
            if (sSLSocket != null) {
                sSLSocket.addHandshakeCompletedListener(new HandshakeCompletedListener(this) { // from class: org.apache.jetspeed.portletcontainer.service.ContentAccessServiceImpl.1
                    private final SSLTunnelSocketFactory this$1;

                    {
                        this.this$1 = this;
                    }

                    @Override // javax.net.ssl.HandshakeCompletedListener
                    public void handshakeCompleted(HandshakeCompletedEvent handshakeCompletedEvent) {
                        if (this.this$1.this$0.trcLog.isLogging()) {
                            this.this$1.this$0.trcLog.text(IRecordType.TYPE_PUBLIC, this, "createSocket()", "SSL Handshake successful. CipherSuite: {0}, PeerHost: {1}", handshakeCompletedEvent.getCipherSuite(), handshakeCompletedEvent.getSession().getPeerHost());
                        }
                    }
                });
                sSLSocket.startHandshake();
            }
            return sSLSocket;
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException, UnknownHostException {
            return this.dfactory.createSocket(str, i, inetAddress, i2);
        }

        private void doTunnelHandshake(Socket socket, String str, int i) throws IOException {
            byte[] bytes;
            String str2;
            OutputStream outputStream = socket.getOutputStream();
            String stringBuffer = new StringBuffer().append("CONNECT ").append(str).append(":").append(i).append(" HTTP/1.0\n").append("User-Agent: ").append(HttpURLConnection.userAgent).append("\r\n\r\n").toString();
            try {
                bytes = stringBuffer.getBytes("ASCII7");
            } catch (UnsupportedEncodingException e) {
                bytes = stringBuffer.getBytes();
            }
            outputStream.write(bytes);
            outputStream.flush();
            byte[] bArr = new byte[200];
            int i2 = 0;
            int i3 = 0;
            boolean z = false;
            InputStream inputStream = socket.getInputStream();
            while (i3 < 2) {
                int read = inputStream.read();
                if (read < 0) {
                    throw new IOException("Unexpected EOF from proxy");
                }
                if (read == 10) {
                    z = true;
                    i3++;
                } else if (read != 13) {
                    i3 = 0;
                    if (!z && i2 < bArr.length) {
                        int i4 = i2;
                        i2++;
                        bArr[i4] = (byte) read;
                    }
                }
            }
            try {
                str2 = new String(bArr, 0, i2, "ASCII7");
            } catch (UnsupportedEncodingException e2) {
                str2 = new String(bArr, 0, i2);
            }
            if (str2.toLowerCase().indexOf("200 connection established") == -1) {
                IOException iOException = new IOException(new StringBuffer().append("Unable to tunnel through ").append(str).append(":").append(i).append(".  Proxy returns \"").append(str2).append("\"").toString());
                if (this.this$0.msgLog.isLogging()) {
                    this.this$0.msgLog.text(4L, this, "doTunnelHandshake()", "IOException while tunnelling to proxy {0}", new StringBuffer().append(str).append(":").append(i).toString());
                    this.this$0.msgLog.exception(4L, this, "doTunnelHandshake()", iOException);
                }
                throw iOException;
            }
        }
    }

    @Override // org.apache.jetspeed.portlet.service.spi.PortletServiceProvider
    public void destroy() {
        this.logMgr.returnObject(this.msgLog);
        this.logMgr.returnObject(this.trcLog);
    }

    @Override // org.apache.jetspeed.portlet.service.spi.PortletServiceProvider
    public void init(PortletServiceConfig portletServiceConfig) {
        if (this.trcLog.isLogging()) {
            this.trcLog.entry(IRecordType.TYPE_PUBLIC, this, "init()");
        }
        this.servletConfig = portletServiceConfig.getServletConfig();
        String initParameter = portletServiceConfig.getInitParameter("buffer.size");
        if (initParameter == null) {
            this.bufferSize = Config.getParameters().getInteger("services.JspService.buffer.size", 4096);
        } else {
            try {
                this.bufferSize = Integer.parseInt(initParameter);
            } catch (NumberFormatException e) {
                this.bufferSize = 4096;
            }
        }
        String initParameter2 = portletServiceConfig.getInitParameter("proxy.auth.enabled");
        if (initParameter2 == null) {
            this.iAuthInUse = Config.getParameters().getBoolean("proxy.auth.enabled", Boolean.FALSE).booleanValue();
        } else {
            this.iAuthInUse = new Boolean(initParameter2).booleanValue();
        }
        if (this.iAuthInUse) {
            try {
                this.iVaultService = (CredentialVaultService) PortletServiceRegistry.getPortletService(VAULT_SERVICE);
                if (this.iVaultService == null) {
                    if (this.trcLog.isLogging()) {
                        this.trcLog.text(IRecordType.TYPE_PUBLIC, this, "init()", "ContentAccessService no VaultService found will try again later");
                    } else if (this.trcLog.isLogging()) {
                        this.trcLog.text(IRecordType.TYPE_PUBLIC, this, "init()", "ContentAccessService VaultService found =");
                    }
                }
            } catch (Exception e2) {
                this.trcLog.text(IRecordType.TYPE_PUBLIC, this, "init()", new StringBuffer().append("ContentAccessService Exception during Vault access ").append(e2).toString());
            }
        }
        if (this.trcLog.isLogging()) {
            this.trcLog.text(IRecordType.TYPE_PUBLIC, this, "init()", new StringBuffer().append("ContentAccessService configured use password =").append(this.iAuthInUse).toString());
        }
        this.proxyName = portletServiceConfig.getInitParameter("proxy.http.host");
        if (this.proxyName == null) {
            this.proxyName = Config.getParameters().getString("services.URLManager.proxy.http.host", null);
        }
        String initParameter3 = portletServiceConfig.getInitParameter("proxy.http.port");
        if (initParameter3 == null) {
            this.proxyPort = Config.getParameters().getInteger("services.URLManager.proxy.http.port", -1);
        } else {
            try {
                this.proxyPort = Integer.parseInt(initParameter3);
            } catch (NumberFormatException e3) {
                this.proxyPort = 80;
            }
        }
        this.httpsProxyName = portletServiceConfig.getInitParameter("proxy.https.host");
        if (this.httpsProxyName == null) {
            this.httpsProxyName = Config.getParameters().getString("services.URLManager.proxy.https.host", null);
            if (this.httpsProxyName == null) {
                this.httpsProxyName = this.proxyName;
            }
        }
        String initParameter4 = portletServiceConfig.getInitParameter("proxy.https.port");
        if (initParameter4 == null) {
            this.httpsProxyPort = Config.getParameters().getInteger("services.URLManager.proxy.https.port", -1);
            if (this.httpsProxyPort == -1) {
                this.httpsProxyPort = this.proxyPort;
            }
        } else {
            try {
                this.httpsProxyPort = Integer.parseInt(initParameter4);
            } catch (NumberFormatException e4) {
                this.httpsProxyPort = 80;
            }
        }
        String initParameter5 = portletServiceConfig.getInitParameter("max.follow.redirects");
        if (initParameter5 != null && !initParameter5.equals("")) {
            try {
                this.maxFollowRedirects = Integer.parseInt(initParameter5);
            } catch (Exception e5) {
                this.maxFollowRedirects = 10;
            }
        }
        String initParameter6 = portletServiceConfig.getInitParameter("no.proxy.for");
        if (initParameter6 != null) {
            StringTokenizer stringTokenizer = new StringTokenizer(initParameter6, ";");
            this.noProxyURLs = new String[stringTokenizer.countTokens()];
            int i = 0;
            while (stringTokenizer.hasMoreElements()) {
                int i2 = i;
                i++;
                this.noProxyURLs[i2] = ((String) stringTokenizer.nextElement()).toLowerCase();
            }
        } else {
            this.noProxyURLs = new String[0];
        }
        String initParameter7 = portletServiceConfig.getInitParameter("max.connection.retries");
        if (initParameter7 != null && !initParameter7.equals("")) {
            try {
                this.maxRetries = Integer.parseInt(initParameter7);
            } catch (Exception e6) {
                this.maxRetries = 5;
            }
        }
        String initParameter8 = portletServiceConfig.getInitParameter("protocol.handlers");
        String string = Config.getParameters().getString("services.URLManager.protocol.handlers", null);
        if (string != null && !string.equals("")) {
            String property = System.getProperty("java.protocol.handler.pkgs");
            if (property == null) {
                System.setProperty("java.protocol.handler.pkgs", string);
                if (this.trcLog.isLogging()) {
                    this.trcLog.text(IRecordType.TYPE_PUBLIC, this, "init()", "protocol handler set to {0} from jetspeed", string);
                }
            } else if (property.indexOf(string) == -1) {
                System.setProperty("java.protocol.handler.pkgs", new StringBuffer().append(string).append("|").append(property).toString());
                if (this.trcLog.isLogging()) {
                    this.trcLog.text(IRecordType.TYPE_PUBLIC, this, "init()", "protocol handler set to {0} from jetspeed", new StringBuffer().append(string).append("|").append(property).toString());
                }
            }
        }
        if (initParameter8 != null && !initParameter8.equals("")) {
            String property2 = System.getProperty("java.protocol.handler.pkgs");
            if (property2 == null) {
                System.setProperty("java.protocol.handler.pkgs", initParameter8);
                if (this.trcLog.isLogging()) {
                    this.trcLog.text(IRecordType.TYPE_PUBLIC, this, "init()", "protocol handler set to {0} from config", initParameter8);
                }
            } else if (property2.indexOf(initParameter8) == -1) {
                System.setProperty("java.protocol.handler.pkgs", new StringBuffer().append(initParameter8).append("|").append(property2).toString());
                if (this.trcLog.isLogging()) {
                    this.trcLog.text(IRecordType.TYPE_PUBLIC, this, "init()", "protocol handler set to {0} from config", new StringBuffer().append(initParameter8).append("|").append(property2).toString());
                }
            }
        }
        String initParameter9 = portletServiceConfig.getInitParameter("key.store.url");
        String initParameter10 = portletServiceConfig.getInitParameter("key.store.pswd");
        if ((initParameter9 == null || initParameter9.equals("")) && (initParameter10 == null || initParameter10.equals(""))) {
            initParameter9 = System.getProperty("javax.net.ssl.keyStore");
            initParameter10 = System.getProperty("javax.net.ssl.keyStorePassword");
        }
        if (initParameter9 == null || initParameter9.equals("")) {
            if (initParameter10 != null && !initParameter10.equals("") && this.msgLog.isLogging()) {
                this.msgLog.text(4L, this, "init()", "key store password was found without a key store");
            }
        } else if (initParameter10 != null && !initParameter10.equals("")) {
            try {
                this.ksURL = toURLOrFile(initParameter9);
                this.ksPwd = initParameter10;
                if (this.trcLog.isLogging()) {
                    this.trcLog.text(IRecordType.TYPE_PUBLIC, this, "init()", "key store URL set to {0}", this.ksURL.toString());
                }
            } catch (MalformedURLException e7) {
                if (this.msgLog.isLogging()) {
                    this.msgLog.text(4L, this, "init()", "key store URL {0} could not be recognized as a readable file or URL", initParameter9);
                }
            }
        } else if (this.msgLog.isLogging()) {
            this.msgLog.text(4L, this, "init()", "key store {0} was found without a password", initParameter9);
        }
        String initParameter11 = portletServiceConfig.getInitParameter("key.store.format");
        if (initParameter11 != null && !initParameter11.equals("")) {
            this.ksFMT = initParameter11;
            if (this.trcLog.isLogging()) {
                this.trcLog.text(IRecordType.TYPE_PUBLIC, this, "init()", "key store format set to {0}", this.ksFMT);
            }
        }
        String initParameter12 = portletServiceConfig.getInitParameter("trust.store.url");
        if (initParameter12 == null || initParameter12.equals("")) {
            initParameter12 = System.getProperty("javax.net.ssl.trustStore");
        }
        if (initParameter12 != null && !initParameter12.equals("")) {
            try {
                this.tsURL = toURLOrFile(initParameter12);
                if (this.trcLog.isLogging()) {
                    this.trcLog.text(IRecordType.TYPE_PUBLIC, this, "init()", "trust store URL set to {0}", this.tsURL.toString());
                }
            } catch (MalformedURLException e8) {
                if (this.msgLog.isLogging()) {
                    this.msgLog.text(4L, this, "init()", "trust store URL {0} could not be recognized as a readable file or URL", initParameter12);
                }
            }
        }
        String initParameter13 = portletServiceConfig.getInitParameter("trust.store.pswd");
        if (initParameter13 == null || initParameter13.equals("")) {
            initParameter13 = System.getProperty("javax.net.ssl.trustStorePassword");
        }
        if (initParameter13 != null && !initParameter13.equals("")) {
            this.tsPwd = initParameter13;
            if (this.trcLog.isLogging()) {
                this.trcLog.text(IRecordType.TYPE_PUBLIC, this, "init()", "trust store password found");
            }
        }
        String initParameter14 = portletServiceConfig.getInitParameter("trust.store.format");
        if (initParameter14 != null && !initParameter14.equals("")) {
            this.tsFMT = initParameter14;
            if (this.trcLog.isLogging()) {
                this.trcLog.text(IRecordType.TYPE_PUBLIC, this, "init()", "trust store format set to {0}", this.tsFMT);
            }
        }
        if (this.trcLog.isLogging()) {
            this.trcLog.exit(IRecordType.TYPE_PUBLIC, this, "init()");
        }
    }

    private URL toURLOnly(String str) throws MalformedURLException {
        if (str == null || str.equals("")) {
            throw new MalformedURLException("No URL given");
        }
        return new URL(str);
    }

    private URL toURLOrFile(String str) throws MalformedURLException {
        try {
            File file = new File(str);
            return (file.isFile() && file.canRead()) ? file.toURL() : toURLOnly(str);
        } catch (NullPointerException e) {
            throw new MalformedURLException("No URL given");
        } catch (SecurityException e2) {
            throw new MalformedURLException(new StringBuffer().append("File ").append(str).append(" could not be read").toString());
        }
    }

    private boolean isProxyNeeded(URL url) {
        boolean z = true;
        String lowerCase = url.getProtocol().toLowerCase();
        String lowerCase2 = url.getHost().toLowerCase();
        if ((lowerCase.equals(UDDIConstants.CLIPPING_ACCESS_POINT_URL_TYPE) && (this.proxyName == null || this.proxyName.equals(""))) || ((lowerCase.equals("https") && (this.httpsProxyName == null || this.httpsProxyName.equals(""))) || lowerCase2 == null || lowerCase2.equals(""))) {
            z = false;
        } else if ((!lowerCase.equals(UDDIConstants.CLIPPING_ACCESS_POINT_URL_TYPE) || !lowerCase2.equals(this.proxyName)) && (!lowerCase.equals("https") || !lowerCase2.equals(this.httpsProxyName))) {
            int i = 0;
            while (true) {
                if (i >= this.noProxyURLs.length) {
                    break;
                }
                if (lowerCase2.startsWith(this.noProxyURLs[i])) {
                    z = false;
                    break;
                }
                i++;
            }
        } else {
            z = false;
        }
        return z;
    }

    private boolean isLocal(URL url, String str) {
        boolean z;
        url.getProtocol();
        String host = url.getHost();
        if (host == null || host.equals("")) {
            z = true;
        } else {
            z = host.equals(str) || host.equals(PConstants.localhost) || host.equals(LogConstants.SS_DEF_RPT_SVR);
        }
        return z;
    }

    private URL followRedirects(URL url, PortletRequest portletRequest) throws MalformedURLException, PortletServiceException {
        int responseCode;
        if (this.maxFollowRedirects <= 0 || portletRequest == null) {
            return url;
        }
        int i = 0;
        Enumeration headerNames = portletRequest.getHeaderNames();
        URL url2 = url;
        url.getProtocol();
        String str = null;
        do {
            String protocol = url2.getProtocol();
            String lowerCase = url2.toString().toLowerCase();
            int indexOf = lowerCase.indexOf(47, protocol.length() + 3);
            String substring = lowerCase.substring(protocol.length() + 3);
            if (indexOf > 0) {
                substring = lowerCase.substring(protocol.length() + 3, indexOf);
            }
            if (isProxyNeeded(url2) && url2.getProtocol().equals(UDDIConstants.CLIPPING_ACCESS_POINT_URL_TYPE)) {
                if (this.iAuthInUse) {
                    try {
                        url2 = new URL(UDDIConstants.CLIPPING_ACCESS_POINT_URL_TYPE, new StringBuffer().append(getCredentialsFromVault(portletRequest)).append(this.proxyName).toString(), this.proxyPort, url2.toString());
                    } catch (Exception e) {
                        this.trcLog.text(IRecordType.TYPE_PUBLIC, this, "followRedirects", new StringBuffer().append("Error during accessing Credential Vault for UID/PW ").append(e.getMessage()).toString());
                        url2 = new URL(UDDIConstants.CLIPPING_ACCESS_POINT_URL_TYPE, this.proxyName, this.proxyPort, url2.toString());
                    }
                } else {
                    url2 = new URL(UDDIConstants.CLIPPING_ACCESS_POINT_URL_TYPE, this.proxyName, this.proxyPort, url2.toString());
                }
                str = url.getFile();
                int indexOf2 = str.indexOf(64);
                if (indexOf2 > -1) {
                    int lastIndexOf = str.lastIndexOf("//") + 2;
                    str = new StringBuffer().append("Basic ").append(new BASE64Encoder().encode(str.substring(lastIndexOf, indexOf2).getBytes())).toString();
                    String file = url.getFile();
                    url2 = new URL(UDDIConstants.CLIPPING_ACCESS_POINT_URL_TYPE, this.proxyName, this.proxyPort, new StringBuffer().append(file.substring(0, lastIndexOf)).append(file.substring(indexOf2 + 1)).toString());
                }
            }
            int i2 = 0;
            do {
                i2++;
                try {
                    java.net.HttpURLConnection httpURLConnection = (java.net.HttpURLConnection) url2.openConnection();
                    httpURLConnection.setInstanceFollowRedirects(false);
                    if (str != null) {
                        httpURLConnection.setRequestProperty("authorization", str);
                    }
                    httpURLConnection.disconnect();
                    while (headerNames.hasMoreElements()) {
                        String str2 = (String) headerNames.nextElement();
                        if (!str2.equalsIgnoreCase("Connection") && !str2.equalsIgnoreCase("Age") && !str2.equalsIgnoreCase("Cache-Control") && !str2.equalsIgnoreCase("Expires") && !str2.toLowerCase().startsWith("if") && !str2.equalsIgnoreCase("Last-Modified") && !str2.equalsIgnoreCase("Pragma") && !str2.equalsIgnoreCase("TE") && !str2.equalsIgnoreCase("Upgrade") && !str2.equalsIgnoreCase("content-length") && !str2.equalsIgnoreCase("content-type") && !str2.equalsIgnoreCase(CMConstants.WF_DECISION_ACCEPT) && !str2.equalsIgnoreCase("Vary")) {
                            httpURLConnection.setRequestProperty(str2, portletRequest.getHeader(str2));
                        }
                    }
                    httpURLConnection.setRequestProperty(CMConstants.WF_DECISION_ACCEPT, "*/*");
                    if (substring != null) {
                        httpURLConnection.setRequestProperty("host", substring);
                    }
                    httpURLConnection.connect();
                    httpURLConnection.setInstanceFollowRedirects(false);
                    responseCode = httpURLConnection.getResponseCode();
                    if (i <= this.maxFollowRedirects) {
                        if (responseCode >= 300 && responseCode < 400) {
                            String headerField = httpURLConnection.getHeaderField("Location");
                            if (headerField == null) {
                                throw new PortletServiceException("Redirection failed - dead end");
                            }
                            url2 = new URL(headerField);
                            i++;
                        }
                        if (responseCode < 300) {
                            break;
                        }
                    } else {
                        throw new PortletServiceException("Redirection failed - too many redirects - see properties file for portlet services");
                    }
                } catch (IOException e2) {
                }
            } while (i2 <= this.maxRetries);
            if (this.msgLog.isLogging()) {
                this.msgLog.exception(4L, this, "followRedirects()", e2);
            }
            throw new PortletServiceUnavailableException();
        } while (responseCode < 400);
        return url2;
    }

    @Override // org.apache.jetspeed.portlet.service.ContentAccessService
    public URL getURL(String str, PortletRequest portletRequest, PortletResponse portletResponse) throws PortletServiceException, MalformedURLException {
        if (this.trcLog.isLogging()) {
            this.trcLog.entry(IRecordType.TYPE_PUBLIC, this, "getURL()", str);
        }
        URL uRLOnly = toURLOnly(str);
        String protocol = uRLOnly.getProtocol();
        if (protocol.equals(UDDIConstants.CLIPPING_ACCESS_POINT_URL_TYPE) || protocol.equals("https")) {
            uRLOnly = followRedirects(uRLOnly, portletRequest);
        }
        if (isProxyNeeded(uRLOnly)) {
            String protocol2 = uRLOnly.getProtocol();
            if (protocol2.equals(UDDIConstants.CLIPPING_ACCESS_POINT_URL_TYPE)) {
                if (this.iAuthInUse) {
                    try {
                        uRLOnly = new URL(UDDIConstants.CLIPPING_ACCESS_POINT_URL_TYPE, new StringBuffer().append(getCredentialsFromVault(portletRequest)).append(this.proxyName).toString(), this.proxyPort, uRLOnly.toString());
                    } catch (Exception e) {
                        this.trcLog.text(IRecordType.TYPE_PUBLIC, this, "getURL", new StringBuffer().append("Error during accessing Credential Vault for UID/PW ").append(e.getMessage()).toString());
                        uRLOnly = new URL(UDDIConstants.CLIPPING_ACCESS_POINT_URL_TYPE, this.proxyName, this.proxyPort, uRLOnly.toString());
                    }
                } else {
                    uRLOnly = new URL(UDDIConstants.CLIPPING_ACCESS_POINT_URL_TYPE, this.proxyName, this.proxyPort, uRLOnly.toString());
                }
            } else if (protocol2.equals("https")) {
                System.setProperty("https.proxyHost", this.httpsProxyName);
                System.setProperty("https.proxyPort", String.valueOf(this.httpsProxyPort));
            }
        }
        if (this.trcLog.isLogging()) {
            this.trcLog.exit(IRecordType.TYPE_PUBLIC, this, "getURL()", uRLOnly);
        }
        return uRLOnly;
    }

    private String getCredentialsFromVault(PortletRequest portletRequest) throws CredentialSecretNotSetException, PortletServiceException {
        UserPasswordPassiveCredential userPasswordPassiveCredential = (UserPasswordPassiveCredential) this.iVaultService.getCredential(cSlotId, "UserPasswordPassive", EMPTY_MAP, portletRequest);
        return new StringBuffer().append(userPasswordPassiveCredential.getUserId()).append(":").append((Object) userPasswordPassiveCredential.getPassword()).append("@").toString();
    }

    private void setSSLSocketFactory(URLConnection uRLConnection) {
        if (uRLConnection instanceof HttpsURLConnection) {
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) uRLConnection;
            try {
                if (this.km == null && this.ksURL != null) {
                    KeyStore keyStore = KeyStore.getInstance(this.ksFMT);
                    keyStore.load(this.ksURL.openStream(), null);
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("IbmX509");
                    keyManagerFactory.init(keyStore, this.ksPwd.toCharArray());
                    this.km = keyManagerFactory.getKeyManagers();
                } else if (this.km == null) {
                    KeyManagerFactory keyManagerFactory2 = KeyManagerFactory.getInstance("IbmX509");
                    keyManagerFactory2.init((KeyStore) null, (char[]) null);
                    this.km = keyManagerFactory2.getKeyManagers();
                }
            } catch (IOException e) {
                if (this.msgLog.isLogging()) {
                    this.msgLog.text(4L, this, "setSSLSocketFactory()", "IOException while creating key store {0}", this.ksURL.toString());
                    this.msgLog.exception(4L, this, "setSSLSocketFactory()", e);
                }
                this.ksURL = null;
            } catch (NoSuchAlgorithmException e2) {
                if (this.msgLog.isLogging()) {
                    this.msgLog.text(4L, this, "setSSLSocketFactory()", "GeneralSecurityException while creating key store {0}", this.ksURL.toString());
                    this.msgLog.exception(4L, this, "setSSLSocketFactory()", e2);
                }
                this.ksURL = null;
            } catch (GeneralSecurityException e3) {
                if (this.msgLog.isLogging()) {
                    this.msgLog.text(4L, this, "setSSLSocketFactory()", "GeneralSecurityException while creating key store {0}", this.ksURL.toString());
                    this.msgLog.exception(4L, this, "setSSLSocketFactory()", e3);
                }
                this.ksURL = null;
            }
            try {
                if (this.tm == null && this.tsURL != null) {
                    KeyStore keyStore2 = KeyStore.getInstance(this.tsFMT);
                    keyStore2.load(this.tsURL.openStream(), null);
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("IbmX509");
                    trustManagerFactory.init(keyStore2);
                    this.tm = trustManagerFactory.getTrustManagers();
                } else if (this.tm == null) {
                    TrustManagerFactory trustManagerFactory2 = TrustManagerFactory.getInstance("IbmX509");
                    trustManagerFactory2.init((KeyStore) null);
                    this.tm = trustManagerFactory2.getTrustManagers();
                }
            } catch (IOException e4) {
                if (this.msgLog.isLogging()) {
                    this.msgLog.text(4L, this, "setSSLSocketFactory()", "IOException while creating trust store {0}", this.tsURL.toString());
                    this.msgLog.exception(4L, this, "setSSLSocketFactory()", e4);
                }
                this.tsURL = null;
            } catch (GeneralSecurityException e5) {
                if (this.msgLog.isLogging()) {
                    this.msgLog.text(4L, this, "setSSLSocketFactory()", "GeneralSecurityException while creating trust store {0}", this.tsURL.toString());
                    this.msgLog.exception(4L, this, "setSSLSocketFactory()", e5);
                }
                this.tsURL = null;
            }
            try {
                SSLContext sSLContext = SSLContext.getInstance("SSL");
                sSLContext.init(this.km, this.tm, (SecureRandom) null);
                httpsURLConnection.setSSLSocketFactory(new SSLTunnelSocketFactory(this, sSLContext.getSocketFactory()));
            } catch (GeneralSecurityException e6) {
                if (this.msgLog.isLogging()) {
                    this.msgLog.text(4L, this, "setSSLSocketFactory()", "GeneralSecurityException while creating socket factory from key store {0} and trust store {1}", this.ksURL.toString(), this.tsURL.toString());
                    this.msgLog.exception(4L, this, "setSSLSocketFactory()", e6);
                }
                this.km = null;
                this.tm = null;
            }
        }
    }

    @Override // org.apache.jetspeed.portlet.service.ContentAccessService
    public InputStream getInputStream(String str, PortletRequest portletRequest, PortletResponse portletResponse) throws PortletServiceException, MalformedURLException {
        if (this.trcLog.isLogging()) {
            this.trcLog.entry(IRecordType.TYPE_PUBLIC, this, "getInputStream()", str);
        }
        try {
            URLConnection openConnection = getURL(str, portletRequest, portletResponse).openConnection();
            if (openConnection == null) {
                throw new PortletServiceException("Connection null");
            }
            openConnection.setUseCaches(false);
            setSSLSocketFactory(openConnection);
            InputStream inputStream = openConnection.getInputStream();
            if (this.trcLog.isLogging()) {
                this.trcLog.exit(IRecordType.TYPE_PUBLIC, this, "getInputStream()", inputStream);
            }
            return inputStream;
        } catch (IOException e) {
            throw new PortletServiceException(e.getMessage());
        }
    }

    @Override // org.apache.jetspeed.portlet.service.ContentAccessService
    public String getMarkup(String str, PortletRequest portletRequest, PortletResponse portletResponse) throws PortletServiceException, MalformedURLException {
        if (this.trcLog.isLogging()) {
            this.trcLog.entry(IRecordType.TYPE_PUBLIC, this, "getMarkup()", str);
        }
        try {
            InputStream inputStream = getInputStream(str, portletRequest, portletResponse);
            if (inputStream == null) {
                throw new PortletServiceException("InputStream null");
            }
            StringWriter stringWriter = new StringWriter();
            byte[] bArr = new byte[this.bufferSize];
            for (int i = 0; i >= 0; i = inputStream.read(bArr)) {
                stringWriter.write(new String(bArr).substring(0, i));
            }
            if (this.trcLog.isLogging()) {
                this.trcLog.exit(IRecordType.TYPE_PUBLIC, this, "getMarkup()");
            }
            return stringWriter.getBuffer().toString();
        } catch (IOException e) {
            throw new PortletServiceException(e.toString());
        }
    }

    @Override // org.apache.jetspeed.portlet.service.ContentAccessService
    public void include(String str, PortletRequest portletRequest, PortletResponse portletResponse) throws PortletServiceException, MalformedURLException {
        RequestDispatcher requestDispatcher;
        if (this.trcLog.isLogging()) {
            this.trcLog.entry(IRecordType.TYPE_PUBLIC, this, "include()", str);
        }
        String lowerCase = str.toLowerCase();
        if (!lowerCase.startsWith("http://") && !lowerCase.startsWith("https://") && this.servletConfig != null && (requestDispatcher = this.servletConfig.getServletContext().getRequestDispatcher(str)) != null) {
            try {
                requestDispatcher.include(portletRequest, portletResponse);
                if (this.trcLog.isLogging()) {
                    this.trcLog.exit(IRecordType.TYPE_PUBLIC, this, "include()");
                    return;
                }
                return;
            } catch (Throwable th) {
            }
        }
        try {
            portletResponse.getWriter().print(getMarkup(str, portletRequest, portletResponse));
            if (this.trcLog.isLogging()) {
                this.trcLog.exit(IRecordType.TYPE_PUBLIC, this, "include()");
            }
        } catch (IOException e) {
            throw new PortletServiceException(e.toString());
        }
    }

    public String getHttpProxy() {
        return this.proxyName;
    }

    public String getHttpsProxy() {
        return this.httpsProxyName;
    }

    public Integer getHttpPort() {
        return new Integer(this.proxyPort);
    }

    public Integer getHttpsPort() {
        return new Integer(this.httpsProxyPort);
    }

    public String getTrustoreFileName() {
        if (this.tsURL != null) {
            return this.tsURL.toString();
        }
        return null;
    }

    public String getTrustorePassword() {
        return this.tsPwd;
    }

    public String getTrustoreFormat() {
        return this.tsFMT;
    }

    void notSupported() {
        throw new UnsupportedOperationException();
    }

    @Override // java.util.Map
    public void clear() {
        notSupported();
    }

    @Override // java.util.Map
    public boolean containsKey(Object obj) {
        notSupported();
        return false;
    }

    @Override // java.util.Map
    public boolean containsValue(Object obj) {
        notSupported();
        return false;
    }

    @Override // java.util.Map
    public Set entrySet() {
        notSupported();
        return null;
    }

    @Override // java.util.Map
    public boolean isEmpty() {
        notSupported();
        return false;
    }

    @Override // java.util.Map
    public Set keySet() {
        notSupported();
        return null;
    }

    @Override // java.util.Map
    public Object put(Object obj, Object obj2) {
        notSupported();
        return null;
    }

    @Override // java.util.Map
    public void putAll(Map map) {
        notSupported();
    }

    @Override // java.util.Map
    public Object remove(Object obj) {
        notSupported();
        return null;
    }

    @Override // java.util.Map
    public int size() {
        notSupported();
        return -1;
    }

    @Override // java.util.Map
    public Collection values() {
        notSupported();
        return null;
    }

    @Override // java.util.Map
    public Object get(Object obj) {
        if (obj == null) {
            return null;
        }
        String str = (String) obj;
        if (str.equalsIgnoreCase("proxy.http.host")) {
            return getHttpProxy();
        }
        if (str.equalsIgnoreCase("proxy.https.host")) {
            return getHttpsProxy();
        }
        if (str.equalsIgnoreCase("proxy.http.port")) {
            return getHttpPort();
        }
        if (str.equalsIgnoreCase("proxy.https.port")) {
            return getHttpsPort();
        }
        if (str.equalsIgnoreCase("trust.store.url")) {
            return getTrustoreFileName();
        }
        if (str.equalsIgnoreCase("trust.store.pswd")) {
            return getTrustorePassword();
        }
        if (str.equalsIgnoreCase("trust.store.format")) {
            return getTrustoreFormat();
        }
        return null;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$ibm$wps$portletservice$credentialvault$CredentialVaultService == null) {
            cls = class$("com.ibm.wps.portletservice.credentialvault.CredentialVaultService");
            class$com$ibm$wps$portletservice$credentialvault$CredentialVaultService = cls;
        } else {
            cls = class$com$ibm$wps$portletservice$credentialvault$CredentialVaultService;
        }
        VAULT_SERVICE = cls;
        EMPTY_MAP = new HashMap();
    }
}
