package io.minio.http;

import L2.a;
import com.enterprisedt.net.ftp.ssl.SSLFTPClient;
import com.enterprisedt.net.j2ssh.authentication.SshAuthenticationClientFactory;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import ff.X;
import ff.Y;
import ff.Z;
import ff.i0;
import ff.k0;
import ff.m0;
import io.minio.org.apache.commons.validator.routines.InetAddressValidator;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.concurrent.TimeUnit;
import java.util.regex.Pattern;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import rb.AbstractC4160b;

/* loaded from: classes5.dex */
public class HttpUtils {
    public static final Pattern HOSTNAME_REGEX = Pattern.compile("^((?!-)(?!_)[a-z_\\d-]{1,63}(?<!-)(?<!_)\\.)*((?!_)(?!-)[a-z_\\d-]{1,63}(?<!-)(?<!_))$", 2);
    public static final Pattern AWS_ENDPOINT_REGEX = Pattern.compile(".*\\.amazonaws\\.com(|\\.cn)$", 2);
    public static final Pattern AWS_S3_ENDPOINT_REGEX = Pattern.compile("^(((bucket\\.|accesspoint\\.)vpce(-(?!_)[a-z_\\d]+(?<!-)(?<!_))+\\.s3\\.)|((?!s3)(?!-)(?!_)[a-z_\\d-]{1,63}(?<!-)(?<!_)\\.)s3-control(-(?!_)[a-z_\\d]+(?<!-)(?<!_))*\\.|(s3(-(?!_)[a-z_\\d]+(?<!-)(?<!_))*\\.))((?!s3)(?!-)(?!_)[a-z_\\d-]{1,63}(?<!-)(?<!_)\\.)*amazonaws\\.com(|\\.cn)$", 2);
    public static final Pattern AWS_ELB_ENDPOINT_REGEX = Pattern.compile("^(?!-)(?!_)[a-z_\\d-]{1,63}(?<!-)(?<!_)\\.(?!-)(?!_)[a-z_\\d-]{1,63}(?<!-)(?<!_)\\.elb\\.amazonaws\\.com$", 2);
    public static final String AWS_S3_PREFIX = "^(((bucket\\.|accesspoint\\.)vpce(-(?!_)[a-z_\\d]+(?<!-)(?<!_))+\\.s3\\.)|((?!s3)(?!-)(?!_)[a-z_\\d-]{1,63}(?<!-)(?<!_)\\.)s3-control(-(?!_)[a-z_\\d]+(?<!-)(?<!_))*\\.|(s3(-(?!_)[a-z_\\d]+(?<!-)(?<!_))*\\.))";
    public static final Pattern AWS_S3_PREFIX_REGEX = Pattern.compile(AWS_S3_PREFIX, 2);
    public static final Pattern REGION_REGEX = Pattern.compile("^((?!_)(?!-)[a-z_\\d-]{1,63}(?<!-)(?<!_))$", 2);
    public static final byte[] EMPTY_BODY = new byte[0];

    @SuppressFBWarnings(justification = "Should not be used in production anyways.", value = {"SIC"})
    public static k0 disableCertCheck(k0 k0Var) throws KeyManagementException, NoSuchAlgorithmException {
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: io.minio.http.HttpUtils.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        }};
        SSLContext sSLContext = SSLContext.getInstance(SSLFTPClient.AUTH_SSL);
        sSLContext.init(null, trustManagerArr, new SecureRandom());
        SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
        i0 a10 = k0Var.a();
        a10.f(socketFactory, (X509TrustManager) trustManagerArr[0]);
        a10.c(new HostnameVerifier() { // from class: io.minio.http.HttpUtils.2
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                return true;
            }
        });
        return new k0(a10);
    }

    public static k0 enableExternalCertificates(k0 k0Var, String str) throws GeneralSecurityException, IOException {
        FileInputStream fileInputStream = new FileInputStream(str);
        try {
            Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(fileInputStream);
            fileInputStream.close();
            if (generateCertificates == null || generateCertificates.isEmpty()) {
                throw new IllegalArgumentException("expected non-empty set of trusted certificates");
            }
            char[] charArray = SshAuthenticationClientFactory.AUTH_PASSWORD.toCharArray();
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, charArray);
            Iterator<? extends Certificate> it2 = generateCertificates.iterator();
            int i10 = 0;
            while (it2.hasNext()) {
                keyStore.setCertificateEntry(Integer.toString(i10), it2.next());
                i10++;
            }
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, charArray);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagers, trustManagers, null);
            SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
            i0 a10 = k0Var.a();
            a10.f(socketFactory, (X509TrustManager) trustManagers[0]);
            return new k0(a10);
        } catch (Throwable th) {
            try {
                throw th;
            } catch (Throwable th2) {
                try {
                    fileInputStream.close();
                } catch (Throwable th3) {
                    th.addSuppressed(th3);
                }
                throw th2;
            }
        }
    }

    public static k0 enableJKSCertificates(k0 k0Var, String str, String str2, String str3, String str4) throws GeneralSecurityException, IOException {
        return enableJKSPKCS12Certificates(k0Var, str, str2, str3, str4, "JKS");
    }

    private static k0 enableJKSPKCS12Certificates(k0 k0Var, String str, String str2, String str3, String str4, String str5) throws GeneralSecurityException, IOException {
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("trust store path must be provided");
        }
        if (str2 == null) {
            throw new IllegalArgumentException("trust store password must be provided");
        }
        if (str3 == null || str3.isEmpty()) {
            throw new IllegalArgumentException("key store path must be provided");
        }
        if (str4 == null) {
            throw new IllegalArgumentException("key store password must be provided");
        }
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        KeyStore keyStore = KeyStore.getInstance("JKS");
        KeyStore keyStore2 = KeyStore.getInstance(str5);
        FileInputStream fileInputStream = new FileInputStream(str);
        try {
            FileInputStream fileInputStream2 = new FileInputStream(str3);
            try {
                keyStore.load(fileInputStream, str2.toCharArray());
                keyStore2.load(fileInputStream2, str4.toCharArray());
                fileInputStream2.close();
                fileInputStream.close();
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(keyStore2, str4.toCharArray());
                sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());
                i0 a10 = k0Var.a();
                a10.f(sSLContext.getSocketFactory(), (X509TrustManager) trustManagerFactory.getTrustManagers()[0]);
                return new k0(a10);
            } finally {
            }
        } catch (Throwable th) {
            try {
                throw th;
            } catch (Throwable th2) {
                try {
                    fileInputStream.close();
                } catch (Throwable th3) {
                    th.addSuppressed(th3);
                }
                throw th2;
            }
        }
    }

    public static k0 enablePKCS12Certificates(k0 k0Var, String str, String str2, String str3, String str4) throws GeneralSecurityException, IOException {
        return enableJKSPKCS12Certificates(k0Var, str, str2, str3, str4, "PKCS12");
    }

    public static Z getBaseUrl(String str) {
        validateNotEmptyString(str, "endpoint");
        Z.f39444j.getClass();
        Z d10 = Y.d(str);
        if (d10 != null) {
            validateUrl(d10);
            return d10;
        }
        validateHostnameOrIPAddress(str);
        X x10 = new X();
        x10.i("https");
        x10.e(str);
        return x10.d();
    }

    public static String getHostHeader(Z z5) {
        String str = z5.f39448d;
        if (InetAddressValidator.getInstance().isValidInet6Address(str)) {
            str = a.o("[", str, "]");
        }
        String str2 = z5.f39445a;
        boolean equals = str2.equals("http");
        int i10 = z5.f39449e;
        return ((equals && i10 == 80) || (str2.equals("https") && i10 == 443)) ? str : com.enterprisedt.bouncycastle.crypto.digests.a.i(i10, str, ":");
    }

    public static k0 newDefaultHttpClient(long j10, long j11, long j12) {
        i0 a10 = new k0().a();
        TimeUnit timeUnit = TimeUnit.MILLISECONDS;
        a10.b(j10, timeUnit);
        a10.g(j11, timeUnit);
        a10.e(j12, timeUnit);
        a10.d(Arrays.asList(m0.f39575d));
        k0 k0Var = new k0(a10);
        String str = System.getenv("SSL_CERT_FILE");
        if (str == null || str.isEmpty()) {
            return k0Var;
        }
        try {
            return enableExternalCertificates(k0Var, str);
        } catch (IOException | GeneralSecurityException e10) {
            throw new RuntimeException(e10);
        }
    }

    public static k0 setTimeout(k0 k0Var, long j10, long j11, long j12) {
        i0 a10 = k0Var.a();
        TimeUnit timeUnit = TimeUnit.MILLISECONDS;
        a10.b(j10, timeUnit);
        a10.g(j11, timeUnit);
        a10.e(j12, timeUnit);
        return new k0(a10);
    }

    public static void validateHostnameOrIPAddress(String str) {
        if (!InetAddressValidator.getInstance().isValid(str) && !HOSTNAME_REGEX.matcher(str).find()) {
            throw new IllegalArgumentException(AbstractC4160b.p("invalid hostname ", str));
        }
    }

    public static void validateNotEmptyString(String str, String str2) {
        validateNotNull(str, str2);
        if (str.isEmpty()) {
            throw new IllegalArgumentException(Ie.a.r(str2, " must be a non-empty string."));
        }
    }

    public static void validateNotNull(Object obj, String str) {
        if (obj == null) {
            throw new IllegalArgumentException(Ie.a.r(str, " must not be null."));
        }
    }

    public static void validateNullOrNotEmptyString(String str, String str2) {
        if (str != null && str.isEmpty()) {
            throw new IllegalArgumentException(Ie.a.r(str2, " must be a non-empty string."));
        }
    }

    public static void validateUrl(Z z5) {
        if (z5.b().equals("/")) {
            return;
        }
        throw new IllegalArgumentException("no path allowed in endpoint " + z5);
    }
}
