package org.netbeans.modules.xml.retriever.impl;

import java.awt.event.ActionListener;
import java.io.IOException;
import java.io.InputStream;
import java.net.ProxySelector;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLConnection;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Set;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.openide.DialogDescriptor;
import org.openide.DialogDisplayer;
import org.openide.ErrorManager;
import org.openide.util.NbBundle;

/* loaded from: input_file:org/netbeans/modules/xml/retriever/impl/SecureURLResourceRetriever.class */
public class SecureURLResourceRetriever extends URLResourceRetriever {
    private static Set<X509Certificate> acceptedCertificates;
    private static final String URI_SCHEME = "https";

    @Override // org.netbeans.modules.xml.retriever.impl.URLResourceRetriever, org.netbeans.modules.xml.retriever.impl.ResourceRetriever
    public boolean accept(String str, String str2) throws URISyntaxException {
        URI uri = new URI(str2);
        if (uri.isAbsolute() && uri.getScheme().equalsIgnoreCase(URI_SCHEME)) {
            return true;
        }
        return str != null && new URI(str).getScheme().equalsIgnoreCase(URI_SCHEME);
    }

    @Override // org.netbeans.modules.xml.retriever.impl.URLResourceRetriever, org.netbeans.modules.xml.retriever.impl.ResourceRetriever
    public HashMap<String, InputStream> retrieveDocument(String str, String str2) throws IOException, URISyntaxException {
        String effectiveAddress = getEffectiveAddress(str, str2);
        if (effectiveAddress == null) {
            return null;
        }
        URI uri = new URI(effectiveAddress);
        if (acceptedCertificates == null) {
            acceptedCertificates = new HashSet();
        }
        InputStream inputStreamOfURL = getInputStreamOfURL(uri.toURL(), ProxySelector.getDefault().select(uri).get(0));
        HashMap<String, InputStream> hashMap = new HashMap<>();
        hashMap.put(this.effectiveURL.toString(), inputStreamOfURL);
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.netbeans.modules.xml.retriever.impl.URLResourceRetriever
    public void configureURLConnection(URLConnection uRLConnection) {
        super.configureURLConnection(uRLConnection);
        if (uRLConnection instanceof HttpsURLConnection) {
            setRetrieverTrustManager((HttpsURLConnection) uRLConnection);
        }
    }

    private void setRetrieverTrustManager(HttpsURLConnection httpsURLConnection) {
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: org.netbeans.modules.xml.retriever.impl.SecureURLResourceRetriever.1
            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                if (x509CertificateArr != null) {
                    for (int i = 0; i < x509CertificateArr.length; i++) {
                        if (!SecureURLResourceRetriever.acceptedCertificates.contains(x509CertificateArr[i])) {
                            DialogDescriptor dialogDescriptor = new DialogDescriptor(new CertificationPanel(x509CertificateArr[i]), NbBundle.getMessage(SecureURLResourceRetriever.class, "TTL_CertifiedWebSite"), true, 0, DialogDescriptor.YES_OPTION, (ActionListener) null);
                            DialogDisplayer.getDefault().notify(dialogDescriptor);
                            if (!DialogDescriptor.YES_OPTION.equals(dialogDescriptor.getValue())) {
                                throw new CertificateException(NbBundle.getMessage(SecureURLResourceRetriever.class, "ERR_NotTrustedCertificate"));
                            }
                            SecureURLResourceRetriever.acceptedCertificates.add(x509CertificateArr[i]);
                        }
                    }
                }
            }
        }};
        try {
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
            httpsURLConnection.setHostnameVerifier(new HostnameVerifier() { // from class: org.netbeans.modules.xml.retriever.impl.SecureURLResourceRetriever.2
                @Override // javax.net.ssl.HostnameVerifier
                public boolean verify(String str, SSLSession sSLSession) {
                    return true;
                }
            });
        } catch (GeneralSecurityException e) {
            ErrorManager.getDefault().notify(e);
        }
    }

    @Override // org.netbeans.modules.xml.retriever.impl.URLResourceRetriever, org.netbeans.modules.xml.retriever.impl.ResourceRetriever
    public String getEffectiveAddress(String str, String str2) throws IOException, URISyntaxException {
        URI uri = new URI(str2);
        if (uri.isAbsolute()) {
            return uri.toString();
        }
        if (str != null) {
            return new URI(str).resolve(uri).toString();
        }
        return null;
    }
}
