package com.sap.cloud.sdk.cloudplatform.connectivity;

import com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException;
import com.sap.cloud.sdk.cloudplatform.connectivity.exception.HttpClientInstantiationException;
import com.sap.cloud.sdk.cloudplatform.logging.CloudLoggerFactory;
import com.sap.cloud.sdk.cloudplatform.security.BasicCredentials;
import com.sap.cloud.sdk.cloudplatform.security.Credentials;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.util.Enumeration;
import java.util.concurrent.TimeUnit;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.net.ssl.SSLContext;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.HttpClient;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.config.SocketConfig;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.TrustAllStrategy;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.client.SystemDefaultCredentialsProvider;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.ssl.PrivateKeyStrategy;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.TrustStrategy;
import org.slf4j.Logger;

/* loaded from: input_file:com/sap/cloud/sdk/cloudplatform/connectivity/HttpClientBuilder.class */
class HttpClientBuilder {
    private static final Logger logger = CloudLoggerFactory.getLogger(HttpClientBuilder.class);
    private static final File JDK_TRUST_STORE_FILE = new File(System.getProperty("java.home"), "/lib/security/cacerts");
    private static final int DEFAULT_TIMEOUT_MINUTES = 2;
    private static final int MAX_TOTAL_CONNECTIONS = 200;
    private static final int MAX_CONNECTIONS_PER_ROUTE = 100;
    private static final String UNDEFINED_PROXY_MAY_BE_EXPECTED_MESSAGE = "This behavior may be expected in tests and some local runtimes.";

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nonnull
    public HttpClient build() throws HttpClientInstantiationException {
        org.apache.http.impl.client.HttpClientBuilder custom = HttpClients.custom();
        setConnectionManager(custom, null);
        setTimeout(custom);
        return custom.build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nonnull
    public HttpClient build(@Nonnull Destination destination) throws DestinationAccessException, HttpClientInstantiationException {
        DestinationType destinationType = destination.getDestinationType();
        if (DestinationType.HTTP != destinationType) {
            throw new HttpClientInstantiationException(HttpClient.class.getSimpleName() + " creation is only supported for " + DestinationType.class.getSimpleName() + " " + DestinationType.HTTP + ". Actual type: " + destinationType + ".");
        }
        org.apache.http.impl.client.HttpClientBuilder custom = HttpClients.custom();
        setConnectionManager(custom, destination);
        setTimeout(custom);
        setProxy(destination, custom);
        return new HttpClientWrapper(custom.build(), destination);
    }

    private void setConnectionManager(@Nonnull org.apache.http.impl.client.HttpClientBuilder httpClientBuilder, @Nullable Destination destination) throws HttpClientInstantiationException {
        PoolingHttpClientConnectionManager poolingHttpClientConnectionManager;
        if (destination != null) {
            try {
                if ("https".equalsIgnoreCase(destination.getUri().getScheme())) {
                    SSLContextBuilder create = SSLContextBuilder.create();
                    String str = destination.getPropertiesByName().get("TLSVersion");
                    if (str != null) {
                        if (logger.isDebugEnabled()) {
                            logger.debug("Using TLS protocol version '" + str + "'.");
                        }
                        create.setProtocol(str);
                    }
                    loadTrustMaterial(create, destination);
                    loadKeyMaterial(create, destination);
                    RegistryBuilder<ConnectionSocketFactory> registryBuilder = getRegistryBuilder(httpClientBuilder, create.build());
                    if (destination.getProxyConfiguration().isPresent()) {
                        registryBuilder.register("http", PlainConnectionSocketFactory.getSocketFactory());
                    }
                    poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager(registryBuilder.build());
                    poolingHttpClientConnectionManager.setMaxTotal(MAX_TOTAL_CONNECTIONS);
                    poolingHttpClientConnectionManager.setDefaultMaxPerRoute(MAX_CONNECTIONS_PER_ROUTE);
                    httpClientBuilder.setConnectionManager(poolingHttpClientConnectionManager);
                }
            } catch (IOException | GeneralSecurityException e) {
                throw new HttpClientInstantiationException(e);
            }
        }
        poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager();
        poolingHttpClientConnectionManager.setMaxTotal(MAX_TOTAL_CONNECTIONS);
        poolingHttpClientConnectionManager.setDefaultMaxPerRoute(MAX_CONNECTIONS_PER_ROUTE);
        httpClientBuilder.setConnectionManager(poolingHttpClientConnectionManager);
    }

    private RegistryBuilder<ConnectionSocketFactory> getRegistryBuilder(@Nonnull org.apache.http.impl.client.HttpClientBuilder httpClientBuilder, @Nonnull SSLContext sSLContext) {
        SSLConnectionSocketFactory sSLConnectionSocketFactory = new SSLConnectionSocketFactory(sSLContext, new DefaultHostnameVerifier());
        httpClientBuilder.setSSLSocketFactory(sSLConnectionSocketFactory);
        return RegistryBuilder.create().register("https", sSLConnectionSocketFactory);
    }

    private void loadKeyMaterial(@Nonnull SSLContextBuilder sSLContextBuilder, @Nonnull Destination destination) throws GeneralSecurityException {
        PrivateKeyStrategy privateKeyStrategy;
        KeyStore orElse = destination.getKeyStore().orElse(null);
        String orElse2 = destination.getKeyStorePassword().orElse(null);
        if (orElse != null) {
            if (logger.isDebugEnabled()) {
                logger.debug("Using key store of destination.");
            }
            Enumeration<String> aliases = orElse.aliases();
            if (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (logger.isDebugEnabled()) {
                    logger.debug("Using key store alias '" + nextElement + "'.");
                }
                privateKeyStrategy = (map, socket) -> {
                    return nextElement;
                };
            } else {
                privateKeyStrategy = null;
            }
            sSLContextBuilder.loadKeyMaterial(orElse, orElse2 != null ? orElse2.toCharArray() : null, privateKeyStrategy);
        }
    }

    private void loadTrustMaterial(@Nonnull SSLContextBuilder sSLContextBuilder, @Nonnull Destination destination) throws GeneralSecurityException, IOException {
        if (destination.isTrustingAllCertificates()) {
            if (logger.isDebugEnabled()) {
                logger.debug("Trusting all certificates.");
            }
            sSLContextBuilder.loadTrustMaterial(TrustAllStrategy.INSTANCE);
            return;
        }
        KeyStore orElse = destination.getTrustStore().orElse(null);
        if (orElse != null) {
            if (logger.isDebugEnabled()) {
                logger.debug("Using trust store of destination.");
            }
            sSLContextBuilder.loadTrustMaterial(orElse, (TrustStrategy) null);
        } else {
            if (logger.isDebugEnabled()) {
                logger.debug("Using JDK default trust store.");
            }
            sSLContextBuilder.loadTrustMaterial(getJdkTrustStore(), (TrustStrategy) null);
        }
    }

    private KeyStore getJdkTrustStore() throws IOException, GeneralSecurityException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        FileInputStream fileInputStream = new FileInputStream(JDK_TRUST_STORE_FILE.getCanonicalFile());
        Throwable th = null;
        try {
            try {
                keyStore.load(fileInputStream, null);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                return keyStore;
            } finally {
            }
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (th != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }

    private void setTimeout(@Nonnull org.apache.http.impl.client.HttpClientBuilder httpClientBuilder) {
        int millis = (int) TimeUnit.MINUTES.toMillis(2L);
        try {
            SocketConfig build = SocketConfig.custom().setSoTimeout(millis).build();
            RequestConfig build2 = RequestConfig.custom().setConnectTimeout(millis).build();
            httpClientBuilder.setDefaultSocketConfig(build);
            httpClientBuilder.setDefaultRequestConfig(build2);
        } catch (IllegalArgumentException e) {
            logger.error("Failed to set timeout on " + HttpClient.class.getSimpleName() + ". This is expected within unit tests.");
        }
    }

    private void setProxy(@Nonnull Destination destination, @Nonnull org.apache.http.impl.client.HttpClientBuilder httpClientBuilder) {
        try {
            ProxyConfiguration orElse = destination.getProxyConfiguration().orElse(null);
            if (orElse != null) {
                URI uri = orElse.getUri();
                if (uri == null) {
                    logger.error("Failed to set proxy: undefined URI in proxy configuration. This behavior may be expected in tests and some local runtimes.");
                    return;
                }
                String host = uri.getHost();
                if (host == null) {
                    logger.error("Failed to set proxy: undefined host in URI of proxy configuration. This behavior may be expected in tests and some local runtimes.");
                    return;
                }
                int port = uri.getPort();
                if (port < 0) {
                    logger.error("Failed to set proxy: undefined port in URI of proxy configuration. This behavior may be expected in tests and some local runtimes.");
                    return;
                }
                BasicCredentials basicCredentials = (Credentials) orElse.getCredentials().orElse(null);
                if (basicCredentials instanceof BasicCredentials) {
                    BasicCredentials basicCredentials2 = basicCredentials;
                    SystemDefaultCredentialsProvider systemDefaultCredentialsProvider = new SystemDefaultCredentialsProvider();
                    systemDefaultCredentialsProvider.setCredentials(new AuthScope(host, port), new UsernamePasswordCredentials(basicCredentials2.getUsername(), basicCredentials2.getPassword()));
                    httpClientBuilder.setDefaultCredentialsProvider(systemDefaultCredentialsProvider);
                }
                httpClientBuilder.setDefaultRequestConfig(RequestConfig.custom().setProxy(new HttpHost(host, port, uri.getScheme())).build());
            }
        } catch (DestinationAccessException e) {
            logger.error("Failed to set proxy: failed to retrieve proxy configuration.", e);
        }
    }
}
