package com.sap.cloud.sdk.cloudplatform.connectivity;

import com.google.common.collect.Lists;
import com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException;
import com.sap.cloud.sdk.cloudplatform.connectivity.exception.HttpClientInstantiationException;
import com.sap.cloud.sdk.cloudplatform.logging.CloudLoggerFactory;
import com.sap.cloud.sdk.cloudplatform.security.BasicCredentials;
import com.sap.cloud.sdk.cloudplatform.security.Credentials;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.concurrent.TimeUnit;
import javax.annotation.Nullable;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import lombok.NonNull;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.HttpClient;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeSocketFactory;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.StrictHostnameVerifier;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;
import org.apache.http.params.HttpConnectionParams;
import org.slf4j.Logger;

/* loaded from: input_file:com/sap/cloud/sdk/cloudplatform/connectivity/HttpClientBuilder.class */
class HttpClientBuilder {
    private static final Logger logger = CloudLoggerFactory.getLogger(HttpClientBuilder.class);
    private static final String JDK_TRUSTSTORE_PATH = System.getProperty("java.home") + "/lib/security/cacerts";
    private static final int DEFAULT_TIMEOUT_MINUTES = 2;
    private static final int MAX_TOTAL_CONNECTIONS = 200;
    private static final int MAX_CONNECTIONS_PER_ROUTE = 100;

    @NonNull
    private final Destination destination;
    private DefaultHttpClient httpClient;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sap/cloud/sdk/cloudplatform/connectivity/HttpClientBuilder$TrustAllTrustManager.class */
    public static class TrustAllTrustManager implements X509TrustManager {
        private TrustAllTrustManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public HttpClientBuilder(Destination destination) throws HttpClientInstantiationException {
        this.destination = destination;
        DestinationType destinationType = this.destination.getDestinationType();
        if (!DestinationType.HTTP.equals(destinationType)) {
            throw new HttpClientInstantiationException(HttpClient.class.getSimpleName() + " creation is only supported for " + DestinationType.class.getSimpleName() + " " + DestinationType.HTTP + ". Actual type: " + destinationType + ".");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public HttpClient build() throws DestinationAccessException, HttpClientInstantiationException {
        this.httpClient = new DefaultHttpClient(getConnectionManager());
        setTimeout();
        setProxy();
        return new HttpClientWrapper(this.httpClient, this.destination);
    }

    private ClientConnectionManager getConnectionManager() throws HttpClientInstantiationException {
        ThreadSafeClientConnManager threadSafeClientConnManager = new ThreadSafeClientConnManager();
        threadSafeClientConnManager.setMaxTotal(MAX_TOTAL_CONNECTIONS);
        threadSafeClientConnManager.setDefaultMaxPerRoute(MAX_CONNECTIONS_PER_ROUTE);
        if ("https".equalsIgnoreCase(this.destination.getUri().getScheme())) {
            try {
                TrustManager[] trustManagers = getTrustManagers();
                KeyManager[] keyManagers = getKeyManagers();
                String str = this.destination.getPropertiesByName().get("TLSVersion");
                SSLContext sSLContext = SSLContext.getInstance(str != null ? str : "TLSv1.2");
                sSLContext.init(keyManagers, trustManagers, new SecureRandom());
                threadSafeClientConnManager.getSchemeRegistry().register(new Scheme("https", 443, (SchemeSocketFactory) new SSLSocketFactory(sSLContext, new StrictHostnameVerifier())));
            } catch (IOException | GeneralSecurityException e) {
                throw new HttpClientInstantiationException(e);
            }
        }
        return threadSafeClientConnManager;
    }

    private void setTimeout() {
        int millis = (int) TimeUnit.MINUTES.toMillis(2L);
        try {
            HttpConnectionParams.setConnectionTimeout(this.httpClient.getParams(), millis);
            HttpConnectionParams.setSoTimeout(this.httpClient.getParams(), millis);
        } catch (IllegalArgumentException e) {
            logger.error("Failed to set timeout on " + HttpClient.class.getSimpleName() + ". This is expected within unit tests.");
        }
    }

    private void setProxy() {
        ProxyType proxyType = this.destination.getProxyType();
        ProxyConfiguration proxyConfiguration = (ProxyConfiguration) this.destination.getProxyConfiguration().orNull();
        if (proxyConfiguration == null) {
            if (ProxyType.ON_PREMISE == proxyType && logger.isWarnEnabled()) {
                logger.warn("No proxy configuration available for on-premise connectivity.");
                return;
            }
            return;
        }
        try {
            URI uri = proxyConfiguration.getUri();
            if (uri == null) {
                throw new IllegalArgumentException("Empty URI in ProxyConfiguration.");
            }
            String host = uri.getHost();
            if (host == null) {
                throw new IllegalArgumentException("Empty host in ProxyConfiguration.");
            }
            int port = uri.getPort();
            BasicCredentials basicCredentials = (Credentials) proxyConfiguration.getCredentials().orNull();
            if (basicCredentials instanceof BasicCredentials) {
                BasicCredentials basicCredentials2 = basicCredentials;
                this.httpClient.getCredentialsProvider().setCredentials(new AuthScope(host, port), new UsernamePasswordCredentials(basicCredentials2.getUsername(), basicCredentials2.getPassword()));
            }
            this.httpClient.getParams().setParameter("http.route.default-proxy", new HttpHost(host, port, uri.getScheme()));
        } catch (IllegalArgumentException e) {
            logger.error("Failed to set proxy. This behavior may be expected in tests or some local runtimes such as SCP Neo.", e);
        }
    }

    private TrustManager[] getTrustManagers() throws GeneralSecurityException, IOException {
        ArrayList newArrayList = Lists.newArrayList();
        if (this.destination.isTrustingAllCertificates()) {
            newArrayList.add(new TrustAllTrustManager());
        } else {
            TrustManager createTrustManager = createTrustManager(getJdkTrustStore());
            if (createTrustManager != null) {
                newArrayList.add(createTrustManager);
            }
            TrustManager createTrustManager2 = createTrustManager((KeyStore) this.destination.getTrustStore().orNull());
            if (createTrustManager2 != null) {
                newArrayList.add(createTrustManager2);
            }
        }
        return (TrustManager[]) newArrayList.toArray(new TrustManager[newArrayList.size()]);
    }

    private TrustManager createTrustManager(@Nullable KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
        if (keyStore == null) {
            return null;
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers == null || trustManagers.length <= 0) {
            return null;
        }
        return trustManagers[0];
    }

    private KeyStore getJdkTrustStore() throws IOException, GeneralSecurityException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        FileInputStream fileInputStream = new FileInputStream(JDK_TRUSTSTORE_PATH);
        Throwable th = null;
        try {
            try {
                keyStore.load(fileInputStream, null);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                return keyStore;
            } finally {
            }
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (th != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }

    private KeyManager[] getKeyManagers() throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
        KeyStore keyStore = (KeyStore) this.destination.getKeyStore().orNull();
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, ((String) this.destination.getKeyStorePassword().or("")).toCharArray());
        return keyManagerFactory.getKeyManagers();
    }

    @NonNull
    public Destination getDestination() {
        return this.destination;
    }

    public DefaultHttpClient getHttpClient() {
        return this.httpClient;
    }

    public void setHttpClient(DefaultHttpClient defaultHttpClient) {
        this.httpClient = defaultHttpClient;
    }

    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof HttpClientBuilder)) {
            return false;
        }
        HttpClientBuilder httpClientBuilder = (HttpClientBuilder) obj;
        if (!httpClientBuilder.canEqual(this)) {
            return false;
        }
        Destination destination = getDestination();
        Destination destination2 = httpClientBuilder.getDestination();
        if (destination == null) {
            if (destination2 != null) {
                return false;
            }
        } else if (!destination.equals(destination2)) {
            return false;
        }
        DefaultHttpClient httpClient = getHttpClient();
        DefaultHttpClient httpClient2 = httpClientBuilder.getHttpClient();
        return httpClient == null ? httpClient2 == null : httpClient.equals(httpClient2);
    }

    protected boolean canEqual(Object obj) {
        return obj instanceof HttpClientBuilder;
    }

    public int hashCode() {
        Destination destination = getDestination();
        int hashCode = (1 * 59) + (destination == null ? 43 : destination.hashCode());
        DefaultHttpClient httpClient = getHttpClient();
        return (hashCode * 59) + (httpClient == null ? 43 : httpClient.hashCode());
    }

    public String toString() {
        return "HttpClientBuilder(destination=" + getDestination() + ", httpClient=" + getHttpClient() + ")";
    }
}
