package com.facebook.presto.client;

import com.facebook.airlift.security.pem.PemReader;
import com.google.common.base.CharMatcher;
import com.google.common.base.Preconditions;
import com.google.common.net.HostAndPort;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.CookieManager;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.Call;
import okhttp3.Callback;
import okhttp3.Credentials;
import okhttp3.Interceptor;
import okhttp3.JavaNetCookieJar;
import okhttp3.OkHttpClient;
import okhttp3.Response;

/* loaded from: input_file:com/facebook/presto/client/OkHttpUtil.class */
public final class OkHttpUtil {

    /* loaded from: input_file:com/facebook/presto/client/OkHttpUtil$NullCallback.class */
    public static class NullCallback implements Callback {
        @Override // okhttp3.Callback
        public void onFailure(Call call, IOException iOException) {
        }

        @Override // okhttp3.Callback
        public void onResponse(Call call, Response response) {
        }
    }

    private OkHttpUtil() {
    }

    public static Interceptor userAgent(String str) {
        return chain -> {
            return chain.proceed(chain.request().newBuilder().header("User-Agent", str).build());
        };
    }

    public static Interceptor basicAuth(String str, String str2) {
        Objects.requireNonNull(str, "user is null");
        Objects.requireNonNull(str2, "password is null");
        if (str.contains(":")) {
            throw new ClientException("Illegal character ':' found in username");
        }
        String basic = Credentials.basic(str, str2);
        return chain -> {
            return chain.proceed(chain.request().newBuilder().header("Authorization", basic).build());
        };
    }

    public static Interceptor tokenAuth(String str) {
        Objects.requireNonNull(str, "accessToken is null");
        Preconditions.checkArgument(CharMatcher.inRange('!', '~').matchesAllOf(str));
        return chain -> {
            return chain.proceed(chain.request().newBuilder().addHeader("Authorization", "Bearer " + str).build());
        };
    }

    public static void setupTimeouts(OkHttpClient.Builder builder, int i, TimeUnit timeUnit) {
        builder.connectTimeout(i, timeUnit).readTimeout(i, timeUnit).writeTimeout(i, timeUnit);
    }

    public static void setupCookieJar(OkHttpClient.Builder builder) {
        builder.cookieJar(new JavaNetCookieJar(new CookieManager()));
    }

    public static void setupSocksProxy(OkHttpClient.Builder builder, Optional<HostAndPort> optional) {
        setupProxy(builder, optional, Proxy.Type.SOCKS);
    }

    public static void setupHttpProxy(OkHttpClient.Builder builder, Optional<HostAndPort> optional) {
        setupProxy(builder, optional, Proxy.Type.HTTP);
    }

    public static void setupProxy(OkHttpClient.Builder builder, Optional<HostAndPort> optional, Proxy.Type type) {
        Optional map = optional.map(OkHttpUtil::toUnresolvedAddress).map(inetSocketAddress -> {
            return new Proxy(type, inetSocketAddress);
        });
        builder.getClass();
        map.ifPresent(builder::proxy);
    }

    private static InetSocketAddress toUnresolvedAddress(HostAndPort hostAndPort) {
        return InetSocketAddress.createUnresolved(hostAndPort.getHost(), hostAndPort.getPort());
    }

    public static void setupSsl(OkHttpClient.Builder builder, Optional<String> optional, Optional<String> optional2, Optional<String> optional3, Optional<String> optional4) {
        char[] cArr;
        if (optional.isPresent() || optional3.isPresent()) {
            try {
                KeyStore keyStore = null;
                KeyManager[] keyManagerArr = null;
                if (optional.isPresent()) {
                    try {
                        keyStore = PemReader.loadKeyStore(new File(optional.get()), new File(optional.get()), optional2);
                        cArr = new char[0];
                    } catch (IOException | GeneralSecurityException e) {
                        cArr = (char[]) optional2.map((v0) -> {
                            return v0.toCharArray();
                        }).orElse(null);
                        keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                        FileInputStream fileInputStream = new FileInputStream(optional.get());
                        Throwable th = null;
                        try {
                            try {
                                keyStore.load(fileInputStream, cArr);
                                if (fileInputStream != null) {
                                    if (0 != 0) {
                                        try {
                                            fileInputStream.close();
                                        } catch (Throwable th2) {
                                            th.addSuppressed(th2);
                                        }
                                    } else {
                                        fileInputStream.close();
                                    }
                                }
                            } finally {
                            }
                        } finally {
                        }
                    }
                    validateCertificates(keyStore);
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                    keyManagerFactory.init(keyStore, cArr);
                    keyManagerArr = keyManagerFactory.getKeyManagers();
                }
                KeyStore keyStore2 = keyStore;
                if (optional3.isPresent()) {
                    keyStore2 = loadTrustStore(new File(optional3.get()), optional4);
                }
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore2);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
                    throw new RuntimeException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
                }
                X509TrustManager x509TrustManager = (X509TrustManager) trustManagers[0];
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(keyManagerArr, new TrustManager[]{x509TrustManager}, null);
                builder.sslSocketFactory(sSLContext.getSocketFactory(), x509TrustManager);
            } catch (IOException | GeneralSecurityException e2) {
                throw new ClientException("Error setting up SSL: " + e2.getMessage(), e2);
            }
        }
    }

    private static void validateCertificates(KeyStore keyStore) throws GeneralSecurityException {
        Iterator it2 = Collections.list(keyStore.aliases()).iterator();
        while (it2.hasNext()) {
            String str = (String) it2.next();
            if (keyStore.isKeyEntry(str)) {
                Certificate certificate = keyStore.getCertificate(str);
                if (certificate instanceof X509Certificate) {
                    try {
                        ((X509Certificate) certificate).checkValidity();
                    } catch (CertificateExpiredException e) {
                        throw new CertificateExpiredException("KeyStore certificate is expired: " + e.getMessage());
                    } catch (CertificateNotYetValidException e2) {
                        throw new CertificateNotYetValidException("KeyStore certificate is not yet valid: " + e2.getMessage());
                    }
                } else {
                    continue;
                }
            }
        }
    }

    private static KeyStore loadTrustStore(File file, Optional<String> optional) throws IOException, GeneralSecurityException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        try {
            List<X509Certificate> readCertificateChain = PemReader.readCertificateChain(file);
            if (!readCertificateChain.isEmpty()) {
                keyStore.load(null, null);
                for (X509Certificate x509Certificate : readCertificateChain) {
                    keyStore.setCertificateEntry(x509Certificate.getSubjectX500Principal().getName(), x509Certificate);
                }
                return keyStore;
            }
        } catch (IOException | GeneralSecurityException e) {
        }
        FileInputStream fileInputStream = new FileInputStream(file);
        Throwable th = null;
        try {
            keyStore.load(fileInputStream, (char[]) optional.map((v0) -> {
                return v0.toCharArray();
            }).orElse(null));
            if (fileInputStream != null) {
                if (0 != 0) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            return keyStore;
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (0 != 0) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }

    public static void setupKerberos(OkHttpClient.Builder builder, String str, boolean z, Optional<String> optional, Optional<File> optional2, Optional<File> optional3, Optional<File> optional4) {
        SpnegoHandler spnegoHandler = new SpnegoHandler(str, z, optional, optional2, optional3, optional4);
        builder.addInterceptor(spnegoHandler);
        builder.authenticator(spnegoHandler);
    }

    public static void setupGCSOauth(OkHttpClient.Builder builder, String str, Optional<String> optional) {
        builder.addInterceptor(new GCSOAuthInterceptor(str, optional));
    }
}
