package com.sap.cloud.sdk.cloudplatform.connectivity;

import com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException;
import com.sap.cloud.sdk.cloudplatform.connectivity.exception.HttpClientInstantiationException;
import com.sap.cloud.sdk.cloudplatform.logging.CloudLoggerFactory;
import com.sap.cloud.sdk.cloudplatform.security.BasicCredentials;
import com.sap.cloud.sdk.cloudplatform.security.Credentials;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.concurrent.TimeUnit;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.HttpClient;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.config.SocketConfig;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.client.SystemDefaultCredentialsProvider;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.slf4j.Logger;

/* loaded from: input_file:com/sap/cloud/sdk/cloudplatform/connectivity/HttpClientBuilder.class */
class HttpClientBuilder {
    private static final Logger logger = CloudLoggerFactory.getLogger((Class<?>) HttpClientBuilder.class);
    private static final File JDK_TRUST_STORE_FILE = new File(System.getProperty("java.home"), "/lib/security/cacerts");
    private static final int DEFAULT_TIMEOUT_MINUTES = 2;
    private static final int MAX_TOTAL_CONNECTIONS = 200;
    private static final int MAX_CONNECTIONS_PER_ROUTE = 100;
    private static final String UNDEFINED_PROXY_MAY_BE_EXPECTED_MESSAGE = "This behavior may be expected in tests and some local runtimes.";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sap/cloud/sdk/cloudplatform/connectivity/HttpClientBuilder$TrustAllTrustManager.class */
    public static class TrustAllTrustManager implements X509TrustManager {
        private TrustAllTrustManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nonnull
    public HttpClient build() throws HttpClientInstantiationException {
        org.apache.http.impl.client.HttpClientBuilder custom = HttpClients.custom();
        setConnectionManager(custom, null);
        setTimeout(custom);
        return custom.build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nonnull
    public HttpClient build(@Nonnull Destination destination) throws DestinationAccessException, HttpClientInstantiationException {
        DestinationType destinationType = destination.getDestinationType();
        if (DestinationType.HTTP != destinationType) {
            throw new HttpClientInstantiationException(HttpClient.class.getSimpleName() + " creation is only supported for " + DestinationType.class.getSimpleName() + " " + DestinationType.HTTP + ". Actual type: " + destinationType + ".");
        }
        org.apache.http.impl.client.HttpClientBuilder custom = HttpClients.custom();
        setConnectionManager(custom, destination);
        setTimeout(custom);
        setProxy(destination, custom);
        return new HttpClientWrapper(custom.build(), destination);
    }

    private void setConnectionManager(org.apache.http.impl.client.HttpClientBuilder httpClientBuilder, Destination destination) {
        PoolingHttpClientConnectionManager poolingHttpClientConnectionManager;
        if (destination == null || !"https".equalsIgnoreCase(destination.getUri().getScheme())) {
            poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager();
        } else {
            try {
                TrustManager[] trustManagers = getTrustManagers(destination);
                KeyManager[] keyManagers = getKeyManagers(destination);
                String str = destination.getPropertiesByName().get("TLSVersion");
                SSLContext sSLContext = SSLContext.getInstance(str != null ? str : "TLSv1.2");
                sSLContext.init(keyManagers, trustManagers, new SecureRandom());
                SSLConnectionSocketFactory sSLConnectionSocketFactory = new SSLConnectionSocketFactory(sSLContext, new DefaultHostnameVerifier());
                httpClientBuilder.setSSLSocketFactory(sSLConnectionSocketFactory);
                RegistryBuilder register = RegistryBuilder.create().register("https", sSLConnectionSocketFactory);
                if (destination.getProxyConfiguration().isPresent()) {
                    register.register(HttpHost.DEFAULT_SCHEME_NAME, PlainConnectionSocketFactory.getSocketFactory());
                }
                poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager((Registry<ConnectionSocketFactory>) register.build());
            } catch (IOException | GeneralSecurityException e) {
                throw new HttpClientInstantiationException(e);
            }
        }
        poolingHttpClientConnectionManager.setMaxTotal(200);
        poolingHttpClientConnectionManager.setDefaultMaxPerRoute(100);
        httpClientBuilder.setConnectionManager(poolingHttpClientConnectionManager);
    }

    private void setTimeout(org.apache.http.impl.client.HttpClientBuilder httpClientBuilder) {
        int millis = (int) TimeUnit.MINUTES.toMillis(2L);
        try {
            SocketConfig build = SocketConfig.custom().setSoTimeout(millis).build();
            RequestConfig build2 = RequestConfig.custom().setConnectTimeout(millis).build();
            httpClientBuilder.setDefaultSocketConfig(build);
            httpClientBuilder.setDefaultRequestConfig(build2);
        } catch (IllegalArgumentException e) {
            logger.error("Failed to set timeout on " + HttpClient.class.getSimpleName() + ". This is expected within unit tests.");
        }
    }

    private void setProxy(Destination destination, org.apache.http.impl.client.HttpClientBuilder httpClientBuilder) {
        try {
            ProxyConfiguration orElse = destination.getProxyConfiguration().orElse(null);
            if (orElse != null) {
                URI uri = orElse.getUri();
                if (uri == null) {
                    logger.error("Failed to set proxy: undefined URI in proxy configuration. This behavior may be expected in tests and some local runtimes.");
                    return;
                }
                String host = uri.getHost();
                if (host == null) {
                    logger.error("Failed to set proxy: undefined host in URI of proxy configuration. This behavior may be expected in tests and some local runtimes.");
                    return;
                }
                int port = uri.getPort();
                if (port < 0) {
                    logger.error("Failed to set proxy: undefined port in URI of proxy configuration. This behavior may be expected in tests and some local runtimes.");
                    return;
                }
                Credentials orElse2 = orElse.getCredentials().orElse(null);
                if (orElse2 instanceof BasicCredentials) {
                    BasicCredentials basicCredentials = (BasicCredentials) orElse2;
                    SystemDefaultCredentialsProvider systemDefaultCredentialsProvider = new SystemDefaultCredentialsProvider();
                    systemDefaultCredentialsProvider.setCredentials(new AuthScope(host, port), new UsernamePasswordCredentials(basicCredentials.getUsername(), basicCredentials.getPassword()));
                    httpClientBuilder.setDefaultCredentialsProvider(systemDefaultCredentialsProvider);
                }
                httpClientBuilder.setDefaultRequestConfig(RequestConfig.custom().setProxy(new HttpHost(host, port, uri.getScheme())).build());
            }
        } catch (DestinationAccessException e) {
            logger.error("Failed to set proxy: failed to retrieve proxy configuration.", (Throwable) e);
        }
    }

    private TrustManager[] getTrustManagers(Destination destination) throws GeneralSecurityException, IOException {
        ArrayList arrayList = new ArrayList();
        if (destination.isTrustingAllCertificates()) {
            arrayList.add(new TrustAllTrustManager());
        } else {
            TrustManager createTrustManager = createTrustManager(getJdkTrustStore());
            if (createTrustManager != null) {
                arrayList.add(createTrustManager);
            }
            TrustManager createTrustManager2 = createTrustManager(destination.getTrustStore().orElse(null));
            if (createTrustManager2 != null) {
                arrayList.add(createTrustManager2);
            }
        }
        return (TrustManager[]) arrayList.toArray(new TrustManager[0]);
    }

    private TrustManager createTrustManager(@Nullable KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
        if (keyStore == null) {
            return null;
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers == null || trustManagers.length <= 0) {
            return null;
        }
        return trustManagers[0];
    }

    private KeyStore getJdkTrustStore() throws IOException, GeneralSecurityException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        FileInputStream fileInputStream = new FileInputStream(JDK_TRUST_STORE_FILE.getCanonicalFile());
        Throwable th = null;
        try {
            try {
                keyStore.load(fileInputStream, null);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                return keyStore;
            } finally {
            }
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (th != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }

    private KeyManager[] getKeyManagers(Destination destination) throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
        KeyStore orElse = destination.getKeyStore().orElse(null);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(orElse, destination.getKeyStorePassword().orElse("").toCharArray());
        return keyManagerFactory.getKeyManagers();
    }
}
