package com.jetbrains.bundle.hub_client.util.validation;

import com.jetbrains.bundle.hub_client.util.HubClientProvider;
import com.jetbrains.bundle.hub_client.util.HubUtil;
import com.jetbrains.bundle.hub_client.util.validation.ValidationResult;
import com.jetbrains.service.util.UrlUtil;
import com.jetbrains.service.util.ssl.CertRequestInfo;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import jetbrains.jetpass.client.FieldPartial;
import jetbrains.jetpass.client.accounts.Partial;
import jetbrains.jetpass.client.accounts.ServiceClient;
import jetbrains.jetpass.client.hub.HubClient;
import jetbrains.jetpass.rest.dto.ServiceJSON;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/jetbrains/bundle/hub_client/util/validation/HubUrlValidator.class */
public class HubUrlValidator {
    private final Logger LOG;
    public static final String HUB_ADDITIONAL_PATH = "hub/";
    public static final String IS_FIRST_CHAIN_CERTIFICATE_TRUSTED_PROPERTY = "isFirstChainCertificateTrusted";
    public static final int CONNECT_TIMEOUT = 15000;
    public static final int READ_TIMEOUT = 15000;
    public static final String LOCATION_HEADER = "Location";
    final HubClientProvider myHubClientProvider;
    final boolean myAllowHttpsOnlyFlag;

    @NotNull
    private final String myProductName;
    public static final String URL_FOR_UNTRUSTED_CERTIFICATE_PROPERTY = "urlForUntrustedCertificate";
    public static final String UNTRUSTED_CERTIFICATE_PROPERTY = "untrustedCertificate";
    public static final String REDIRECTION_INFO_PROPERTY = "redirectInfo";
    public static final String CLIENT_CERTIFICATE_REQUESTED_PROPERTY = "clientCertificateRequested";
    public static final String[] HUB_URL_RELATED_ADDITIONAL_PROPERTIES = {URL_FOR_UNTRUSTED_CERTIFICATE_PROPERTY, UNTRUSTED_CERTIFICATE_PROPERTY, REDIRECTION_INFO_PROPERTY, CLIENT_CERTIFICATE_REQUESTED_PROPERTY};

    public HubUrlValidator(@NotNull HubClientProvider hubClientProvider, @NotNull String str) {
        this(hubClientProvider, true, str);
    }

    public HubUrlValidator(@NotNull HubClientProvider hubClientProvider, boolean z, @NotNull String str) {
        this.LOG = LoggerFactory.getLogger(getClass());
        this.myHubClientProvider = hubClientProvider;
        this.myAllowHttpsOnlyFlag = z;
        this.myProductName = str;
    }

    private void validate(@NotNull String str, @NotNull ValidationResult validationResult, @NotNull String str2) {
        String redirectTargetLocation;
        try {
            try {
                try {
                    try {
                        try {
                            this.myHubClientProvider.validateAndRememberHubClient(str, true);
                        } catch (HubUrlRedirectionException e) {
                            validationResult.addError(ValidationResult.Error.INVALID_HUB_URL_REDIRECT, str2, e.getMessage());
                            if (e.getLocation() != null && (redirectTargetLocation = getRedirectTargetLocation(str)) != null && !str.equals(redirectTargetLocation)) {
                                validationResult.addInfo(REDIRECTION_INFO_PROPERTY, new RedirectInfo(str, redirectTargetLocation));
                            }
                        }
                    } catch (ClientCertificateRequiredException e2) {
                        validationResult.addError(ValidationResult.Error.CLIENT_CERTIFICATE_REQUIRED, str2, e2.getMessage());
                        CertRequestInfo certificateRequestInfo = e2.getCertificateRequestInfo();
                        if (certificateRequestInfo != null) {
                            validationResult.addInfo(CLIENT_CERTIFICATE_REQUESTED_PROPERTY, certificateRequestInfo);
                        }
                    }
                } catch (UntrustedServerCertificateException e3) {
                    processUntrustedCertificateException(e3, str, validationResult, str2);
                }
            } catch (HubUrlValidationException e4) {
                validationResult.addError(ValidationResult.Error.INVALID_HUB_URL, str2, e4.getStatus().getMessage() + ": " + e4.getMessage());
            }
        } catch (Exception e5) {
            validationResult.addError(ValidationResult.Error.INVALID_HUB_URL, str2, "Hub URL is not valid. Please, see logs for details.");
        }
    }

    private void processUntrustedCertificateException(UntrustedServerCertificateException untrustedServerCertificateException, @NotNull String str, @NotNull ValidationResult validationResult, @NotNull String str2) throws CertificateEncodingException, NoSuchAlgorithmException {
        validationResult.addError(ValidationResult.Error.UNTRUSTED_CERTIFICATE, str2, untrustedServerCertificateException.getMessage());
        validationResult.addInfo(UNTRUSTED_CERTIFICATE_PROPERTY, new UntrustedCertificateInfo(untrustedServerCertificateException.getCertificateChain()));
        validationResult.addInfo(URL_FOR_UNTRUSTED_CERTIFICATE_PROPERTY, str);
        validationResult.addInfo(IS_FIRST_CHAIN_CERTIFICATE_TRUSTED_PROPERTY, Boolean.valueOf(untrustedServerCertificateException.isFirstChainCertificateTrusted()));
    }

    private boolean validateUrlScheme(@NotNull String str, @NotNull ValidationResult validationResult, @NotNull String str2) {
        if (!this.myAllowHttpsOnlyFlag || UrlUtil.isSecuredUrl(str) || UrlUtil.isSecuredUrl(str)) {
            return true;
        }
        validationResult.addError(ValidationResult.Error.INVALID_HUB_URL_HTTPS_REQUIRED, str2, "Secure connection is required. Check that your connection to Hub over SSL or TLS is enabled and enter a URL that begins with HTTPS");
        return false;
    }

    public HubHomeUrlInfo getHubHomeUrlInfo(@NotNull HubClient hubClient, @NotNull String str, @NotNull IServiceClientFactory iServiceClientFactory, @NotNull ValidationResult validationResult, @NotNull String str2) {
        String hubHomeUrl = HubUtil.getHubHomeUrl(iServiceClientFactory.createServiceClient(hubClient), HubUtil.getHubServiceId(hubClient));
        boolean z = false;
        if (hubHomeUrl != null) {
            if (hubHomeUrl.equals(hubClient.getBaseUrl())) {
                z = true;
            } else {
                z = validateHomeUrl(hubHomeUrl, validationResult, str2);
                if (z) {
                    try {
                        z = iServiceClientFactory.createServiceClient(this.myHubClientProvider.getHubClient(hubHomeUrl)).getService(str, (FieldPartial) null) != null;
                    } catch (Exception e) {
                        validationResult.addInfo(str2, "Wrong configuration of Hub home URL");
                    }
                }
            }
        }
        return new HubHomeUrlInfo(hubHomeUrl, z);
    }

    private boolean validateHomeUrl(@NotNull String str, @NotNull ValidationResult validationResult, @NotNull String str2) {
        try {
            try {
                try {
                    this.myHubClientProvider.validateAndRememberHubClient(str, true);
                    return true;
                } catch (ClientCertificateRequiredException e) {
                    validationResult.addInfo(str2, e.getMessage());
                    CertRequestInfo certificateRequestInfo = e.getCertificateRequestInfo();
                    if (certificateRequestInfo != null) {
                        validationResult.addInfo(CLIENT_CERTIFICATE_REQUESTED_PROPERTY, certificateRequestInfo);
                    }
                    return false;
                }
            } catch (UntrustedServerCertificateException e2) {
                processUntrustedCertificateException(e2, str, validationResult, str2);
                return false;
            } catch (HubUrlValidationException e3) {
                validationResult.addInfo(str2, e3.getStatus().getMessage() + ": " + e3.getMessage());
                return false;
            }
        } catch (Exception e4) {
            validationResult.addInfo(str2, "Hub URL is not valid. Please, see logs for details.");
            return false;
        }
    }

    public String validate(@NotNull String str, @NotNull ValidationResult validationResult, @NotNull String str2, boolean z) {
        String str3 = str;
        validate(str, validationResult, str2);
        if (z && validationResult.hasErrorForField(str2)) {
            str3 = tryAdditionalHubPath(str, validationResult, str2);
        }
        validateUrlScheme(str3, validationResult, str2);
        return str3;
    }

    public void validateLicense(@NotNull HubClient hubClient, @NotNull ServiceClient serviceClient, @NotNull ValidationResult validationResult, @NotNull String str) {
        ServiceJSON service = serviceClient.getService(HubUtil.getHubServiceId(hubClient), new FieldPartial(new Partial.Service[]{Partial.Service.LICENSE_SETTINGS(new Partial.License[]{Partial.License.LICENSE_KEY, Partial.License.LICENSE_NAME})}));
        if (service == null || service.getLicenseSettings() == null || service.getLicenseSettings().getLicenseKey() == null || service.getLicenseSettings().getLicenseKey().isEmpty()) {
            validationResult.addError(ValidationResult.Error.HUB_SERVICE_HAS_NO_LICENSE, str, "The Hub service at this address does not have its own license and is most likely the built-in Hub service for an existing product. Please enter the URL of your external Hub service. ");
        }
    }

    public void checkServicesAreRegisteredInHub(@NotNull String str, @NotNull Map<String, String> map, @NotNull ValidationResult validationResult, @NotNull String str2) {
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        HashSet hashSet3 = new HashSet();
        HashSet hashSet4 = new HashSet();
        HashSet hashSet5 = new HashSet();
        HashSet hashSet6 = new HashSet();
        for (String str3 : map.keySet()) {
            Boolean canBeUsed = HubUtil.checkService(this.myHubClientProvider.getHubClient(str).getAccountsClient(str3, map.get(str3), new String[0])).canBeUsed();
            if (canBeUsed == null) {
                hashSet6.add(str3);
            } else if (!canBeUsed.booleanValue()) {
                switch (r0.getStatus()) {
                    case EXISTS_WRONG_SECRET:
                        hashSet3.add(str3);
                        break;
                    case EXISTS_NOT_VERIFIED:
                        hashSet4.add(str3);
                        break;
                    case NOT_EXISTS:
                        hashSet2.add(str3);
                        break;
                    default:
                        hashSet5.add(str3);
                        break;
                }
            } else {
                hashSet.add(str3);
            }
        }
        if (hashSet.size() != map.size()) {
            StringBuilder sb = new StringBuilder();
            if (!hashSet2.isEmpty()) {
                sb.append("not exist: ").append(hashSet2);
            }
            if (!hashSet3.isEmpty()) {
                sb.append(sb.length() != 0 ? ", " : "").append("not matching secret: ").append(hashSet3);
            }
            if (!hashSet4.isEmpty()) {
                sb.append(sb.length() != 0 ? ", " : "").append("not trusted: ").append(hashSet4);
            }
            if (!hashSet5.isEmpty()) {
                sb.append(sb.length() != 0 ? ", " : "").append("invalid: ").append(hashSet5);
            }
            if (!hashSet6.isEmpty()) {
                sb.append(sb.length() != 0 ? ", " : "").append("failed to check: ").append(hashSet6);
            }
            validationResult.addError(ValidationResult.Error.SERVICES_ARE_NOT_REGISTERERD, str2, String.format("One or more services that are registered in %s are not valid in the target Hub installation. The following problems were detected: %s. The target Hub installation must contain all data from the external Hub that was previously integrated with %s. If you entered the URL of an empty Hub installation, use a backup copy of your previous database to restore the Hub instance to its previous state and then continue. If you experience problems restoring your Hub database, please contact support.", this.myProductName, sb.toString(), this.myProductName));
        }
    }

    @NotNull
    private String tryAdditionalHubPath(@NotNull String str, @NotNull ValidationResult validationResult, @NotNull String str2) {
        Object obj = validationResult.getAdditionalInfo().get(REDIRECTION_INFO_PROPERTY);
        ArrayList<String> arrayList = new ArrayList<>();
        if (obj instanceof RedirectInfo) {
            arrayList.add(((RedirectInfo) validationResult.getAdditionalInfo().get(REDIRECTION_INFO_PROPERTY)).getRedirectUrl());
        }
        ArrayList<String> arrayList2 = new ArrayList<>();
        Iterator<String> it = arrayList.iterator();
        while (it.hasNext()) {
            appendSuffixIfNeeded(it.next(), arrayList2);
        }
        appendSuffixIfNeeded(str, arrayList2);
        arrayList.addAll(arrayList2);
        String findBestAdditionalHubUrl = findBestAdditionalHubUrl(validationResult, str2, arrayList);
        return findBestAdditionalHubUrl == null ? str : findBestAdditionalHubUrl;
    }

    @Nullable
    private String findBestAdditionalHubUrl(@NotNull ValidationResult validationResult, @NotNull String str, ArrayList<String> arrayList) {
        String str2 = null;
        ValidationResult validationResult2 = null;
        Iterator<String> it = arrayList.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String next = it.next();
            ValidationResult validationResult3 = new ValidationResult();
            validate(next, validationResult3, str);
            if (!validationResult3.hasErrorForField(str)) {
                str2 = next;
                validationResult2 = validationResult3;
                break;
            }
            if (validationResult3.getAdditionalInfo().containsKey(UNTRUSTED_CERTIFICATE_PROPERTY) && validationResult2 == null) {
                str2 = next;
                validationResult2 = validationResult3;
            }
        }
        if (validationResult2 != null) {
            clearErrorInfo(validationResult, str);
            validationResult.updateFrom(validationResult2);
        }
        return str2;
    }

    private void clearErrorInfo(@NotNull ValidationResult validationResult, @NotNull String str) {
        validationResult.removeErrorForField(str);
        for (String str2 : HUB_URL_RELATED_ADDITIONAL_PROPERTIES) {
            validationResult.getAdditionalInfo().remove(str2);
        }
    }

    private void appendSuffixIfNeeded(String str, ArrayList<String> arrayList) {
        if (!str.endsWith("/")) {
            str = str + "/";
        }
        if (str.endsWith("/hub/")) {
            return;
        }
        arrayList.add(UrlUtil.combineUrls(str, HUB_ADDITIONAL_PATH));
    }

    @Nullable
    private String getRedirectTargetLocation(String str) {
        try {
            URL url = new URL(str);
            HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
            httpURLConnection.setConnectTimeout(15000);
            httpURLConnection.setReadTimeout(15000);
            switch (httpURLConnection.getResponseCode()) {
                case 301:
                case 302:
                    return new URL(url, httpURLConnection.getHeaderField(LOCATION_HEADER)).toString();
                default:
                    return null;
            }
        } catch (Exception e) {
            this.LOG.info("Exception during redirect check for url " + str + ": " + e.getMessage());
            return null;
        }
        this.LOG.info("Exception during redirect check for url " + str + ": " + e.getMessage());
        return null;
    }
}
