package org.arvados.client.api.client.factory;

import com.google.common.base.Suppliers;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.function.Supplier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import okhttp3.OkHttpClient;
import org.arvados.client.exception.ArvadosClientException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/arvados/client/api/client/factory/OkHttpClientFactory.class */
public final class OkHttpClientFactory {
    public static final OkHttpClientFactory INSTANCE = new OkHttpClientFactory();
    private final Logger log = LoggerFactory.getLogger(OkHttpClientFactory.class);
    private final OkHttpClient clientSecure = new OkHttpClient();
    private final Supplier<OkHttpClient> clientUnsecure = Suppliers.memoize(this::getDefaultClientAcceptingAllCertificates);

    private OkHttpClientFactory() {
    }

    public OkHttpClient create(boolean z) {
        return z ? getDefaultUnsecureClient() : getDefaultClient();
    }

    public OkHttpClient getDefaultClient() {
        return this.clientSecure;
    }

    public OkHttpClient getDefaultUnsecureClient() {
        return this.clientUnsecure.get();
    }

    public OkHttpClient.Builder getDefaultClientBuilder() {
        return this.clientSecure.newBuilder();
    }

    public OkHttpClient.Builder getDefaultUnsecureClientBuilder() {
        return this.clientUnsecure.get().newBuilder();
    }

    private OkHttpClient getDefaultClientAcceptingAllCertificates() {
        this.log.warn("Creating unsafe OkHttpClient. All SSL certificates will be accepted.");
        try {
            TrustManager[] trustManagerArr = {createX509TrustManager()};
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
            OkHttpClient.Builder newBuilder = this.clientSecure.newBuilder();
            newBuilder.sslSocketFactory(socketFactory, (X509TrustManager) trustManagerArr[0]);
            newBuilder.hostnameVerifier((str, sSLSession) -> {
                return true;
            });
            return newBuilder.build();
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new ArvadosClientException("Error establishing SSL context", e);
        }
    }

    private static X509TrustManager createX509TrustManager() {
        return new X509TrustManager() { // from class: org.arvados.client.api.client.factory.OkHttpClientFactory.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        };
    }
}
