package org.openqa.selenium.server;

import com.gargoylesoftware.htmlunit.javascript.host.event.KeyboardEvent;
import com.google.common.base.Preconditions;
import com.sun.jna.platform.win32.WinError;
import cybervillains.ca.KeyStoreManager;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStreamWriter;
import java.net.ConnectException;
import java.net.HttpURLConnection;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.MalformedURLException;
import java.net.Proxy;
import java.net.Socket;
import java.net.URL;
import java.net.URLConnection;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLHandshakeException;
import org.jboss.netty.handler.codec.http.HttpHeaders;
import org.openqa.jetty.html.Input;
import org.openqa.jetty.http.HttpConnection;
import org.openqa.jetty.http.HttpRequest;
import org.openqa.jetty.http.HttpResponse;
import org.openqa.jetty.http.HttpServer;
import org.openqa.jetty.http.HttpTunnel;
import org.openqa.jetty.http.SslListener;
import org.openqa.jetty.http.handler.AbstractHttpHandler;
import org.openqa.jetty.util.IO;
import org.openqa.jetty.util.StringMap;
import org.openqa.jetty.util.URI;
import org.openqa.selenium.io.FileHandler;
import org.openqa.selenium.server.browserlaunchers.ResourceExtractor;
import org.openqa.selenium.server.commands.AddCustomRequestHeaderCommand;
import org.openqa.selenium.server.commands.CaptureNetworkTrafficCommand;

/* loaded from: input_file:org/openqa/selenium/server/ProxyHandler.class */
public class ProxyHandler extends AbstractHttpHandler {
    private static Logger log = Logger.getLogger(ProxyHandler.class.getName());
    protected Set<String> _proxyHostsWhiteList;
    protected Set<String> _proxyHostsBlackList;
    private String sslKeystorePath;
    private boolean trustAllSSLCertificates;
    private final String dontInjectRegex;
    private final String debugURL;
    private final boolean proxyInjectionMode;
    private final boolean forceProxyChain;
    private boolean fakeCertsGenerated;
    private final Object shutdownLock;
    protected StringMap _ProxyAuthHeaders;
    protected StringMap _ProxySchemes;
    protected HashSet<Integer> _allowedConnectPorts;
    private int port;
    protected int _tunnelTimeoutMs = KeyboardEvent.DOM_VK_PLAY;
    private transient boolean _chained = false;
    private final Map<String, SslRelay> _sslMap = new LinkedHashMap();
    protected StringMap _DontProxyHeaders = new StringMap();

    /* loaded from: input_file:org/openqa/selenium/server/ProxyHandler$SslRelay.class */
    public static class SslRelay extends SslListener {
        String serverHost;
        Integer serverPort;
        File nukeDirOrFile;

        SslRelay(String str, Integer num) {
            this.serverHost = str;
            this.serverPort = num;
        }

        public void setNukeDirOrFile(File file) {
            this.nukeDirOrFile = file;
        }

        @Override // org.openqa.jetty.http.SslListener, org.openqa.jetty.http.SocketListener
        protected void customizeRequest(Socket socket, HttpRequest httpRequest) {
            super.customizeRequest(socket, httpRequest);
            httpRequest.setURI(new URI("https://" + this.serverHost + ":" + this.serverPort + httpRequest.getURI().toString()));
        }

        @Override // org.openqa.jetty.http.SocketListener, org.openqa.jetty.util.ThreadedServer, org.openqa.jetty.util.ThreadPool, org.openqa.jetty.util.LifeCycle
        public void stop() throws InterruptedException {
            super.stop();
            if (this.nukeDirOrFile != null) {
                FileHandler.delete(this.nukeDirOrFile);
            }
        }
    }

    public ProxyHandler(boolean z, String str, String str2, boolean z2, boolean z3, int i, Object obj) {
        this.trustAllSSLCertificates = false;
        Object obj2 = new Object();
        this._DontProxyHeaders.setIgnoreCase(true);
        this._DontProxyHeaders.put("Proxy-Connection", obj2);
        this._DontProxyHeaders.put("Connection", obj2);
        this._DontProxyHeaders.put("keep-alive", obj2);
        this._DontProxyHeaders.put("Transfer-Encoding", obj2);
        this._DontProxyHeaders.put("TE", obj2);
        this._DontProxyHeaders.put("Trailer", obj2);
        this._DontProxyHeaders.put("Upgrade", obj2);
        this._ProxyAuthHeaders = new StringMap();
        Object obj3 = new Object();
        this._ProxyAuthHeaders.put("Proxy-Authorization", obj3);
        this._ProxyAuthHeaders.put("Proxy-Authenticate", obj3);
        this._ProxySchemes = new StringMap();
        Object obj4 = new Object();
        this._ProxySchemes.setIgnoreCase(true);
        this._ProxySchemes.put("http", obj4);
        this._ProxySchemes.put("https", obj4);
        this._ProxySchemes.put("ftp", obj4);
        this._allowedConnectPorts = new HashSet<>();
        this._allowedConnectPorts.add(80);
        this._allowedConnectPorts.add(Integer.valueOf(RemoteControlConfiguration.getDefaultPort()));
        this._allowedConnectPorts.add(8000);
        this._allowedConnectPorts.add(8080);
        this._allowedConnectPorts.add(8888);
        this._allowedConnectPorts.add(443);
        this._allowedConnectPorts.add(Integer.valueOf(WinError.ERROR_DS_DRA_INCONSISTENT_DIT));
        this.trustAllSSLCertificates = z;
        this.dontInjectRegex = str;
        this.debugURL = str2;
        this.proxyInjectionMode = z2;
        this.forceProxyChain = z3;
        this.port = i;
        this.shutdownLock = obj;
    }

    @Override // org.openqa.jetty.http.handler.AbstractHttpHandler, org.openqa.jetty.util.LifeCycle
    public void start() throws Exception {
        this._chained = System.getProperty("http.proxyHost") != null || this.forceProxyChain;
        super.start();
    }

    @Override // org.openqa.jetty.http.HttpHandler
    public void handle(String str, String str2, HttpRequest httpRequest, HttpResponse httpResponse) throws IOException {
        URI uri = httpRequest.getURI();
        if ("CONNECT".equalsIgnoreCase(httpRequest.getMethod())) {
            httpResponse.setField("Connection", "close");
            handleConnect(httpRequest, httpResponse);
            return;
        }
        try {
            if ("True".equals(httpResponse.getAttribute("NotFound"))) {
                httpResponse.removeAttribute("NotFound");
                sendNotFound(httpResponse);
                return;
            }
            URL isProxied = isProxied(uri);
            if (isProxied == null) {
                if (isForbidden(uri)) {
                    sendForbid(httpResponse);
                }
            } else if (isSeleniumUrl(isProxied.toString())) {
                httpRequest.setHandled(false);
            } else {
                proxyPlainTextRequest(isProxied, httpRequest, httpResponse);
            }
        } catch (ConnectException e) {
            log.info("Couldn't proxy to " + uri + " because host not listening");
            httpResponse.setStatus(400);
            String host = uri.getHost();
            if (uri.getPort() > 0) {
                host = host + ":" + uri.getPort();
            }
            httpResponse.setReason("Couldn't connect to " + host);
            OutputStreamWriter outputStreamWriter = new OutputStreamWriter(httpResponse.getOutputStream());
            outputStreamWriter.write("<html><head><title>Problem loading page</title></head><body style=\"background-color:#F0F0F0; font-family: sans-serif\"><div style=\"margin:auto; margin-top: 3em;width:600px; background-color:#FFF; padding:30px;border: 1px solid #DDD\"><h1 style=\"font-size: 18px;border-bottom:thin solid #DDD\">Unable to connect</h1><p style=\"border-bottom: 1px solid #DDD; padding-bottom: 20px\">Selenium can't establish a connection to the server at " + host + "</p><ul style=\"list-style: square outside none;font-size:13px\"><li style=\"margin-bottom:6px;\">The site could be temporarily unavailable or too busy. Try again in a few moments.</li><li style=\"margin-bottom:6px;\">If you are unable to load any pages, check your computer's network connection.</li><li style=\"margin-bottom:6px;\">If your computer or network is protected by a firewall or proxy, make sure that your browser is permitted to access the Web.</li></ul></div></body>");
            outputStreamWriter.close();
            httpResponse.getOutputStream().close();
        } catch (UnknownHostException e2) {
            log.info("Couldn't proxy to " + uri + " because host not found");
            httpResponse.setStatus(400);
            String host2 = uri.getHost();
            httpResponse.setReason("Host " + host2 + " not found");
            OutputStreamWriter outputStreamWriter2 = new OutputStreamWriter(httpResponse.getOutputStream());
            outputStreamWriter2.write("<html><head><title>Problem loading page</title></head><body style=\"background-color:#F0F0F0; font-family: sans-serif\"><div style=\"margin:auto; margin-top: 3em;width:600px; background-color:#FFF; padding:30px;border: 1px solid #DDD\"><h1 style=\"font-size: 18px;border-bottom:thin solid #DDD\">Server not found</h1><p style=\"border-bottom: 1px solid #DDD; padding-bottom: 20px\">Selenium can't find the server at " + host2 + "</p><ul style=\"list-style: square outside none;font-size:13px\"><li style=\"margin-bottom:6px;\">Check the address for typing errors such as ww.example.com instead of www.example.com</li><li style=\"margin-bottom:6px;\">If you are unable to load any pages, check your computer's network connection.</li><li style=\"margin-bottom:6px;\">If your computer or network is protected by a firewall or proxy, make sure that your browser is permitted to access the Web.</li></ul></div></body>");
            outputStreamWriter2.close();
            httpResponse.getOutputStream().close();
        } catch (Exception e3) {
            log.log(Level.FINE, "Could not proxy " + uri, (Throwable) e3);
            if (httpResponse.isCommitted()) {
                return;
            }
            httpResponse.sendError(400, "Could not proxy " + uri + "\n" + e3);
        }
    }

    private boolean isSeleniumUrl(String str) {
        int indexOf;
        int indexOf2;
        int indexOf3 = str.indexOf("//");
        return (indexOf3 == -1 || (indexOf = str.indexOf("/", indexOf3 + 2)) == -1 || (indexOf2 = str.indexOf("/selenium-server/")) == -1 || indexOf2 != indexOf) ? false : true;
    }

    protected long proxyPlainTextRequest(URL url, HttpRequest httpRequest, HttpResponse httpResponse) throws IOException {
        CaptureNetworkTrafficCommand.Entry entry = new CaptureNetworkTrafficCommand.Entry(httpRequest.getMethod(), url.toString());
        entry.addRequestHeaders(httpRequest);
        log.fine("PROXY URL=" + url);
        URLConnection openConnection = url.openConnection();
        if (System.getProperty("http.proxyHost") != null && System.getProperty("https.proxyHost") == null && "https".equals(url.getProtocol())) {
            openConnection = url.openConnection(new Proxy(Proxy.Type.HTTP, new InetSocketAddress(System.getProperty("http.proxyHost"), Integer.getInteger("http.proxyPort").intValue())));
        }
        openConnection.setAllowUserInteraction(false);
        if (this.proxyInjectionMode) {
            adjustRequestForProxyInjection(httpRequest, openConnection);
        }
        HttpURLConnection httpURLConnection = null;
        if (openConnection instanceof HttpURLConnection) {
            httpURLConnection = (HttpURLConnection) openConnection;
            httpURLConnection.setRequestMethod(httpRequest.getMethod());
            httpURLConnection.setInstanceFollowRedirects(false);
            if (this.trustAllSSLCertificates && (openConnection instanceof HttpsURLConnection)) {
                TrustEverythingSSLTrustManager.trustAllSSLCertificates((HttpsURLConnection) openConnection);
            }
        }
        String field = httpRequest.getField("Connection");
        if (field != null && (field.equalsIgnoreCase("keep-alive") || field.equalsIgnoreCase("close"))) {
            field = null;
        }
        boolean z = false;
        boolean equals = "GET".equals(httpRequest.getMethod());
        boolean z2 = false;
        Enumeration fieldNames = httpRequest.getFieldNames();
        while (fieldNames.hasMoreElements()) {
            String str = (String) fieldNames.nextElement();
            if (!this._DontProxyHeaders.containsKey(str) && (this._chained || !this._ProxyAuthHeaders.containsKey(str))) {
                if (field == null || !field.contains(str)) {
                    if (!equals && "Content-Type".equals(str)) {
                        z2 = true;
                    }
                    Enumeration fieldValues = httpRequest.getFieldValues(str);
                    while (fieldValues.hasMoreElements()) {
                        String str2 = (String) fieldValues.nextElement();
                        if (str2 != null && (!"Referer".equals(str) || !str2.contains("/selenium-server/"))) {
                            if (!equals && "Content-Length".equals(str) && Integer.parseInt(str2) > 0) {
                                z2 = true;
                            }
                            openConnection.addRequestProperty(str, str2);
                            z |= "X-Forwarded-For".equalsIgnoreCase(str);
                        }
                    }
                }
            }
        }
        for (Map.Entry<String, String> entry2 : AddCustomRequestHeaderCommand.getHeaders().entrySet()) {
            openConnection.addRequestProperty(entry2.getKey(), entry2.getValue());
            entry.addRequestHeader(entry2.getKey(), entry2.getValue());
        }
        openConnection.setRequestProperty("Via", "1.1 (jetty)");
        if (!z) {
            openConnection.addRequestProperty("X-Forwarded-For", httpRequest.getRemoteAddr());
        }
        String field2 = httpRequest.getField("Cache-Control");
        if (field2 != null && (field2.contains("no-cache") || field2.contains(HttpHeaders.Values.NO_STORE))) {
            openConnection.setUseCaches(false);
        }
        try {
            openConnection.setDoInput(true);
            InputStream inputStream = httpRequest.getInputStream();
            if (z2) {
                openConnection.setDoOutput(true);
                IO.copy(inputStream, openConnection.getOutputStream());
            }
            openConnection.connect();
        } catch (Exception e) {
        }
        InputStream inputStream2 = null;
        int i = -1;
        if (httpURLConnection != null) {
            inputStream2 = httpURLConnection.getErrorStream();
            try {
                i = httpURLConnection.getResponseCode();
                httpResponse.setStatus(i);
                httpResponse.setReason(httpURLConnection.getResponseMessage());
                log.fine("Content-Type is: " + httpURLConnection.getContentType());
            } catch (SSLHandshakeException e2) {
                throw new RuntimeException("Couldn't establish SSL handshake.  Try using trustAllSSLCertificates.\n" + e2.getLocalizedMessage(), e2);
            }
        }
        if (inputStream2 == null) {
            try {
                inputStream2 = openConnection.getInputStream();
            } catch (Exception e3) {
                inputStream2 = httpURLConnection.getErrorStream();
            }
        }
        httpResponse.removeField("Date");
        httpResponse.removeField("Server");
        int i2 = 0;
        String headerFieldKey = openConnection.getHeaderFieldKey(0);
        String headerField = openConnection.getHeaderField(0);
        while (true) {
            String str3 = headerField;
            if (headerFieldKey == null && str3 == null) {
                break;
            }
            if (headerFieldKey != null && str3 != null && !this._DontProxyHeaders.containsKey(headerFieldKey) && (this._chained || !this._ProxyAuthHeaders.containsKey(headerFieldKey))) {
                httpResponse.addField(headerFieldKey, str3);
            }
            i2++;
            headerFieldKey = openConnection.getHeaderFieldKey(i2);
            headerField = openConnection.getHeaderField(i2);
        }
        httpResponse.setField("Via", "1.1 (jetty)");
        httpResponse.removeField("ETag");
        httpResponse.removeField("Last-Modified");
        httpRequest.setHandled(true);
        long injectJavaScript = inputStream2 != null ? (this.proxyInjectionMode && (httpURLConnection.getResponseCode() == 200 || (httpURLConnection.getResponseCode() >= 400 && httpURLConnection.getResponseCode() < 600))) ? shouldInject(httpRequest.getPath()) ? InjectionHelper.injectJavaScript(httpRequest, httpResponse, inputStream2, httpResponse.getOutputStream(), this.debugURL) : ModifiedIO.copy(inputStream2, httpResponse.getOutputStream()) : ModifiedIO.copy(inputStream2, httpResponse.getOutputStream()) : -1L;
        entry.finish(i, injectJavaScript);
        entry.addResponseHeader(httpResponse);
        CaptureNetworkTrafficCommand.capture(entry);
        return injectJavaScript;
    }

    public boolean shouldInject(String str) {
        return this.dontInjectRegex == null || !str.matches(this.dontInjectRegex);
    }

    private void adjustRequestForProxyInjection(HttpRequest httpRequest, URLConnection uRLConnection) {
        httpRequest.setState(0);
        if (httpRequest.containsField("If-Modified-Since")) {
            httpRequest.removeField("If-Modified-Since");
            httpRequest.removeField("If-None-Match");
            uRLConnection.setUseCaches(false);
        }
        httpRequest.removeField("Accept-Encoding");
        httpRequest.setState(2);
    }

    public synchronized void generateSSLCertsForLoggingHosts(HttpServer httpServer) {
        if (this.fakeCertsGenerated) {
            return;
        }
        log.info("Creating 16 fake SSL servers for browser side logging");
        for (int i = 1; i <= 16; i++) {
            String str = i + ".selenium.doesnotexist:443";
            try {
                getSslRelayOrCreateNew(new URI(str), "localhost", 443, httpServer);
            } catch (Exception e) {
                log.log(Level.SEVERE, "Could not pre-create logging SSL relay for " + str, (Throwable) e);
            }
        }
        this.fakeCertsGenerated = true;
    }

    public void handleConnect(HttpRequest httpRequest, HttpResponse httpResponse) throws IOException {
        URI uri = httpRequest.getURI();
        try {
            log.fine("CONNECT: " + uri);
            String uri2 = uri.toString();
            String str = uri2;
            Integer num = 443;
            if (uri.toString().endsWith(".selenium.doesnotexist:443")) {
                str = "localhost";
            } else {
                Integer valueOf = Integer.valueOf(uri.toString().indexOf(58));
                if (valueOf.intValue() > 0) {
                    str = uri2.substring(0, valueOf.intValue());
                    num = Integer.valueOf(Integer.parseInt(uri2.substring(valueOf.intValue() + 1)));
                }
            }
            if (isForbidden("https", str)) {
                sendForbid(httpResponse);
            } else {
                HttpConnection httpConnection = httpRequest.getHttpConnection();
                httpConnection.forceClose();
                int port = getSslRelayOrCreateNew(uri, str, num, httpConnection.getHttpServer()).getPort();
                int i = 30000;
                Object connection = httpConnection.getConnection();
                if (connection instanceof Socket) {
                    i = ((Socket) connection).getSoTimeout();
                }
                HttpTunnel newHttpTunnel = newHttpTunnel(httpResponse, InetAddress.getByName(null), port, i);
                if (newHttpTunnel != null) {
                    if (this._tunnelTimeoutMs > 0) {
                        newHttpTunnel.getSocket().setSoTimeout(this._tunnelTimeoutMs);
                        if (connection instanceof Socket) {
                            ((Socket) connection).setSoTimeout(this._tunnelTimeoutMs);
                        }
                    }
                    newHttpTunnel.setTimeoutMs(i);
                    httpRequest.getHttpConnection().setHttpTunnel(newHttpTunnel);
                    httpResponse.setStatus(200);
                    httpResponse.setContentLength(0);
                }
                httpRequest.setHandled(true);
            }
        } catch (Exception e) {
            log.log(Level.FINE, "error during handleConnect", (Throwable) e);
            httpResponse.sendError(500, e.toString());
        }
    }

    protected SslRelay getSslRelayOrCreateNew(URI uri, String str, Integer num, HttpServer httpServer) throws Exception {
        SslRelay sslRelay;
        synchronized (this._sslMap) {
            sslRelay = this._sslMap.get(uri.toString());
            if (sslRelay == null) {
                String host = new URL("https://" + uri.toString()).getHost();
                sslRelay = new SslRelay(str, num);
                wireUpSslWithCyberVilliansCA(host, sslRelay);
                sslRelay.setPassword(Input.Password);
                sslRelay.setKeyPassword(Input.Password);
                httpServer.addListener(sslRelay);
                synchronized (this.shutdownLock) {
                    try {
                        if (!httpServer.isStarted()) {
                            throw new RuntimeException("Can't start SslRelay: server is not started (perhaps it was just shut down?)");
                        }
                        sslRelay.start();
                    } catch (Exception e) {
                        e.printStackTrace();
                        throw e;
                    }
                }
                this._sslMap.put(uri.toString(), sslRelay);
            }
        }
        return sslRelay;
    }

    protected void wireUpSslWithCyberVilliansCA(String str, SslRelay sslRelay) {
        try {
            File createTempFile = File.createTempFile("seleniumSslSupport", str);
            createTempFile.delete();
            createTempFile.mkdirs();
            ResourceExtractor.extractResourcePath(getClass(), "/sslSupport", createTempFile);
            KeyStoreManager keyStoreManager = new KeyStoreManager(createTempFile, "http://127.0.0.1:" + this.port + "/selenium-server/sslSupport/blank_crl.pem");
            keyStoreManager.getCertificateByHostname(str);
            ((KeyStore) Preconditions.checkNotNull(keyStoreManager.getKeyStore())).deleteEntry(KeyStoreManager._caPrivKeyAlias);
            keyStoreManager.persist();
            sslRelay.setKeystore(new File(createTempFile, "cybervillainsCA.jks").getAbsolutePath());
            sslRelay.setNukeDirOrFile(createTempFile);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    protected HttpTunnel newHttpTunnel(HttpResponse httpResponse, InetAddress inetAddress, int i, int i2) throws IOException {
        try {
            Socket socket = new Socket(inetAddress, i);
            socket.setSoTimeout(i2);
            socket.setTcpNoDelay(true);
            return new HttpTunnel(socket, null, null);
        } catch (IOException e) {
            log.log(Level.FINE, "Exception thrown", (Throwable) e);
            httpResponse.sendError(400);
            return null;
        }
    }

    protected URL isProxied(URI uri) throws MalformedURLException {
        if (isForbidden(uri)) {
            return null;
        }
        return new URL(uri.toString());
    }

    protected boolean isForbidden(URI uri) {
        String scheme = uri.getScheme();
        String host = uri.getHost();
        uri.getPort();
        return isForbidden(scheme, host);
    }

    protected boolean isForbidden(String str, String str2) {
        if (str == null || !this._ProxySchemes.containsKey(str)) {
            return true;
        }
        if (this._proxyHostsWhiteList == null || this._proxyHostsWhiteList.contains(str2)) {
            return this._proxyHostsBlackList != null && this._proxyHostsBlackList.contains(str2);
        }
        return true;
    }

    protected void sendForbid(HttpResponse httpResponse) throws IOException {
        httpResponse.sendError(403, "Forbidden for Proxy");
    }

    protected void sendNotFound(HttpResponse httpResponse) throws IOException {
        httpResponse.sendError(404, "Not found");
    }
}
