package com.google.cloud.tools.jib.http;

import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.http.HttpResponseException;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.apache.v2.ApacheHttpTransport;
import com.google.api.client.util.SslUtils;
import com.google.cloud.tools.jib.api.LogEvent;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import java.io.IOException;
import java.net.ConnectException;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.util.ArrayDeque;
import java.util.Deque;
import java.util.Optional;
import java.util.concurrent.ConcurrentHashMap;
import java.util.function.Consumer;
import java.util.function.Supplier;
import javax.net.ssl.SSLException;
import org.apache.http.conn.socket.LayeredConnectionSocketFactory;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;

/* loaded from: input_file:com/google/cloud/tools/jib/http/FailoverHttpClient.class */
public class FailoverHttpClient {
    private final boolean enableHttpAndInsecureFailover;
    private final boolean sendAuthorizationOverHttp;
    private final Consumer<LogEvent> logger;
    private final Supplier<HttpTransport> secureHttpTransportFactory;
    private final Supplier<HttpTransport> insecureHttpTransportFactory;
    private final ConcurrentHashMap<String, Failover> failoverHistory;
    private final Deque<HttpTransport> transportsCreated;
    private final Deque<Response> responsesCreated;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/google/cloud/tools/jib/http/FailoverHttpClient$Failover.class */
    public enum Failover {
        NONE,
        INSECURE_HTTPS,
        HTTP
    }

    private static boolean isHttpsProtocol(URL url) {
        return "https".equals(url.getProtocol());
    }

    private static URL toHttp(URL url) {
        GenericUrl genericUrl = new GenericUrl(url);
        genericUrl.setScheme("http");
        return genericUrl.toURL();
    }

    private static HttpTransport getSecureHttpTransport() {
        return new ApacheHttpTransport(ApacheHttpTransport.newDefaultHttpClientBuilder().setSSLSocketFactory(SSLConnectionSocketFactory.getSystemSocketFactory()).build());
    }

    private static HttpTransport getInsecureHttpTransport() {
        try {
            return new ApacheHttpTransport(ApacheHttpTransport.newDefaultHttpClientBuilder().setSSLSocketFactory((LayeredConnectionSocketFactory) null).setSSLContext(SslUtils.trustAllSSLContext()).setSSLHostnameVerifier(new NoopHostnameVerifier()).build());
        } catch (GeneralSecurityException e) {
            throw new RuntimeException("platform does not support TLS protocol", e);
        }
    }

    public FailoverHttpClient(boolean z, boolean z2, Consumer<LogEvent> consumer) {
        this(z, z2, consumer, FailoverHttpClient::getSecureHttpTransport, FailoverHttpClient::getInsecureHttpTransport);
    }

    @VisibleForTesting
    FailoverHttpClient(boolean z, boolean z2, Consumer<LogEvent> consumer, Supplier<HttpTransport> supplier, Supplier<HttpTransport> supplier2) {
        this.failoverHistory = new ConcurrentHashMap<>();
        this.transportsCreated = new ArrayDeque();
        this.responsesCreated = new ArrayDeque();
        this.enableHttpAndInsecureFailover = z;
        this.sendAuthorizationOverHttp = z2;
        this.logger = consumer;
        this.secureHttpTransportFactory = supplier;
        this.insecureHttpTransportFactory = supplier2;
    }

    public void shutDown() throws IOException {
        synchronized (this.transportsCreated) {
            while (!this.transportsCreated.isEmpty()) {
                this.transportsCreated.peekFirst().shutdown();
                this.transportsCreated.removeFirst();
            }
        }
        synchronized (this.responsesCreated) {
            while (!this.responsesCreated.isEmpty()) {
                this.responsesCreated.peekFirst().close();
                this.responsesCreated.removeFirst();
            }
        }
    }

    public Response get(URL url, Request request) throws IOException {
        return call("GET", url, request);
    }

    public Response post(URL url, Request request) throws IOException {
        return call("POST", url, request);
    }

    public Response put(URL url, Request request) throws IOException {
        return call("PUT", url, request);
    }

    public Response call(String str, URL url, Request request) throws IOException {
        if (!isHttpsProtocol(url)) {
            if (this.enableHttpAndInsecureFailover) {
                return call(str, url, request, getHttpTransport(true));
            }
            throw new SSLException("insecure HTTP connection not allowed: " + url);
        }
        Optional<Response> followFailoverHistory = followFailoverHistory(str, url, request);
        if (followFailoverHistory.isPresent()) {
            return followFailoverHistory.get();
        }
        try {
            return call(str, url, request, getHttpTransport(true));
        } catch (ConnectException e) {
            if ((e.getMessage() != null && e.getMessage().contains("timed out")) || !this.enableHttpAndInsecureFailover || !isHttpsProtocol(url) || url.getPort() != -1) {
                throw e;
            }
            logHttpFailover(url);
            Response call = call(str, toHttp(url), request, getHttpTransport(true));
            this.failoverHistory.put(url.getHost() + ":" + url.getPort(), Failover.HTTP);
            return call;
        } catch (SSLException e2) {
            if (!this.enableHttpAndInsecureFailover) {
                throw e2;
            }
            try {
                logInsecureHttpsFailover(url);
                Response call2 = call(str, url, request, getHttpTransport(false));
                this.failoverHistory.put(url.getHost() + ":" + url.getPort(), Failover.INSECURE_HTTPS);
                return call2;
            } catch (SSLException e3) {
                logHttpFailover(url);
                Response call3 = call(str, toHttp(url), request, getHttpTransport(true));
                this.failoverHistory.put(url.getHost() + ":" + url.getPort(), Failover.HTTP);
                return call3;
            }
        }
    }

    private Optional<Response> followFailoverHistory(String str, URL url, Request request) throws IOException {
        Preconditions.checkArgument(isHttpsProtocol(url));
        switch (this.failoverHistory.getOrDefault(url.getHost() + ":" + url.getPort(), Failover.NONE)) {
            case HTTP:
                return Optional.of(call(str, toHttp(url), request, getHttpTransport(true)));
            case INSECURE_HTTPS:
                return Optional.of(call(str, url, request, getHttpTransport(false)));
            default:
                return Optional.empty();
        }
    }

    private Response call(String str, URL url, Request request, HttpTransport httpTransport) throws IOException {
        boolean z = (isHttpsProtocol(url) || this.sendAuthorizationOverHttp) ? false : true;
        HttpRequest headers = httpTransport.createRequestFactory().buildRequest(str, new GenericUrl(url), request.getHttpContent()).setUseRawRedirectUrls(true).setHeaders(z ? request.getHeaders().clone().setAuthorization((String) null) : request.getHeaders());
        if (request.getHttpTimeout() != null) {
            headers.setConnectTimeout(request.getHttpTimeout().intValue());
            headers.setReadTimeout(request.getHttpTimeout().intValue());
        }
        try {
            Response response = new Response(headers.execute());
            synchronized (this.responsesCreated) {
                this.responsesCreated.add(response);
            }
            return response;
        } catch (HttpResponseException e) {
            throw new ResponseException(e, z);
        }
    }

    private HttpTransport getHttpTransport(boolean z) {
        HttpTransport httpTransport = z ? this.secureHttpTransportFactory.get() : this.insecureHttpTransportFactory.get();
        synchronized (this.transportsCreated) {
            this.transportsCreated.add(httpTransport);
        }
        return httpTransport;
    }

    private void logHttpFailover(URL url) {
        this.logger.accept(LogEvent.warn("Failed to connect to " + url + " over HTTPS. Attempting again with HTTP."));
    }

    private void logInsecureHttpsFailover(URL url) {
        this.logger.accept(LogEvent.warn("Cannot verify server at " + url + ". Attempting again with no TLS verification."));
    }
}
