package kong.unirest.apache;

import java.security.KeyStore;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import kong.unirest.Config;
import kong.unirest.UnirestConfigException;
import unirest.shaded.org.apache.http.HttpHost;
import unirest.shaded.org.apache.http.config.Registry;
import unirest.shaded.org.apache.http.config.RegistryBuilder;
import unirest.shaded.org.apache.http.conn.socket.ConnectionSocketFactory;
import unirest.shaded.org.apache.http.conn.socket.PlainConnectionSocketFactory;
import unirest.shaded.org.apache.http.conn.ssl.DefaultHostnameVerifier;
import unirest.shaded.org.apache.http.conn.ssl.NoopHostnameVerifier;
import unirest.shaded.org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import unirest.shaded.org.apache.http.impl.client.HttpClientBuilder;
import unirest.shaded.org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import unirest.shaded.org.apache.http.ssl.SSLContextBuilder;
import unirest.shaded.org.apache.http.ssl.SSLContexts;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:kong/unirest/apache/SecurityConfig.class */
public class SecurityConfig {
    private final Config config;
    private SSLContext sslContext;
    private SSLConnectionSocketFactory sslSocketFactory;

    public SecurityConfig(Config config) {
        this.config = config;
    }

    public PoolingHttpClientConnectionManager createManager() {
        PoolingHttpClientConnectionManager poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager(buildSocketFactory(), null, null, null, this.config.getTTL(), TimeUnit.MILLISECONDS);
        poolingHttpClientConnectionManager.setMaxTotal(this.config.getMaxConnections());
        poolingHttpClientConnectionManager.setDefaultMaxPerRoute(this.config.getMaxPerRoutes());
        return poolingHttpClientConnectionManager;
    }

    private Registry<ConnectionSocketFactory> buildSocketFactory() {
        try {
            return !this.config.isVerifySsl() ? createDisabledSSLContext() : (this.config.getKeystore() == null && this.config.getSslContext() == null) ? createDefaultRegistry() : createCustomSslContext();
        } catch (Exception e) {
            throw new UnirestConfigException(e);
        }
    }

    private Registry<ConnectionSocketFactory> createDefaultRegistry() {
        return RegistryBuilder.create().register(HttpHost.DEFAULT_SCHEME_NAME, PlainConnectionSocketFactory.getSocketFactory()).register("https", SSLConnectionSocketFactory.getSocketFactory()).build();
    }

    private Registry<ConnectionSocketFactory> createCustomSslContext() {
        return RegistryBuilder.create().register("https", getSocketFactory()).register(HttpHost.DEFAULT_SCHEME_NAME, PlainConnectionSocketFactory.INSTANCE).build();
    }

    private Registry<ConnectionSocketFactory> createDisabledSSLContext() throws Exception {
        return RegistryBuilder.create().register(HttpHost.DEFAULT_SCHEME_NAME, PlainConnectionSocketFactory.INSTANCE).register("https", new SSLConnectionSocketFactory(new SSLContextBuilder().loadTrustMaterial((KeyStore) null, (x509CertificateArr, str) -> {
            return true;
        }).build(), NoopHostnameVerifier.INSTANCE)).build();
    }

    private SSLConnectionSocketFactory getSocketFactory() {
        if (this.sslSocketFactory == null) {
            this.sslSocketFactory = new SSLConnectionSocketFactory(createSslContext(), getHostnameVerifier());
        }
        return this.sslSocketFactory;
    }

    private HostnameVerifier getHostnameVerifier() {
        return this.config.getHostnameVerifier() != null ? this.config.getHostnameVerifier() : new DefaultHostnameVerifier();
    }

    private SSLContext createSslContext() {
        if (this.sslContext == null) {
            if (this.config.getSslContext() != null) {
                this.sslContext = this.config.getSslContext();
            } else {
                try {
                    this.sslContext = SSLContexts.custom().loadKeyMaterial(this.config.getKeystore(), (char[]) Optional.ofNullable(this.config.getKeyStorePassword()).map((v0) -> {
                        return v0.toCharArray();
                    }).orElse(null)).build();
                } catch (Exception e) {
                    throw new UnirestConfigException(e);
                }
            }
        }
        return this.sslContext;
    }

    public void configureSecurity(HttpClientBuilder httpClientBuilder) {
        if (this.config.getKeystore() != null) {
            httpClientBuilder.setSSLContext(createSslContext());
            httpClientBuilder.setSSLSocketFactory(getSocketFactory());
        }
        if (this.config.isVerifySsl()) {
            return;
        }
        disableSsl(httpClientBuilder);
    }

    private void disableSsl(HttpClientBuilder httpClientBuilder) {
        try {
            httpClientBuilder.setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE);
            httpClientBuilder.setSSLContext(new SSLContextBuilder().loadTrustMaterial((KeyStore) null, (x509CertificateArr, str) -> {
                return true;
            }).build());
        } catch (Exception e) {
            throw new UnirestConfigException(e);
        }
    }
}
