package org.commonjava.util.jhttpc;

import java.io.Closeable;
import java.io.IOException;
import java.net.MalformedURLException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.client.CookieStore;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.BasicCookieStore;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.DefaultProxyRoutePlanner;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;
import org.commonjava.util.jhttpc.INTERNAL.conn.ConnectionManagerCache;
import org.commonjava.util.jhttpc.INTERNAL.conn.ConnectionManagerTracker;
import org.commonjava.util.jhttpc.INTERNAL.conn.SiteConnectionConfig;
import org.commonjava.util.jhttpc.INTERNAL.conn.TrackedHttpClient;
import org.commonjava.util.jhttpc.INTERNAL.util.CertEnumerator;
import org.commonjava.util.jhttpc.INTERNAL.util.MonolithicKeyStrategy;
import org.commonjava.util.jhttpc.INTERNAL.util.SSLUtils;
import org.commonjava.util.jhttpc.auth.BasicAuthenticator;
import org.commonjava.util.jhttpc.auth.ClientAuthenticator;
import org.commonjava.util.jhttpc.auth.PasswordKey;
import org.commonjava.util.jhttpc.auth.PasswordManager;
import org.commonjava.util.jhttpc.auth.PasswordType;
import org.commonjava.util.jhttpc.model.SiteConfig;
import org.commonjava.util.jhttpc.model.SiteTrustType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/commonjava/util/jhttpc/HttpFactory.class */
public class HttpFactory implements Closeable {
    private static final String SSL_FACTORY_ATTRIB = "ssl-factory";
    private static final String COOKIE_STORE = "cookie-store";
    private final Logger logger;
    private final PasswordManager passwords;
    private final ClientAuthenticator authenticator;
    private final ConnectionManagerCache connectionCache;

    public HttpFactory(PasswordManager passwordManager) {
        this.logger = LoggerFactory.getLogger(getClass());
        this.passwords = passwordManager;
        this.authenticator = new BasicAuthenticator(passwordManager);
        this.connectionCache = new ConnectionManagerCache();
    }

    public HttpFactory(ClientAuthenticator clientAuthenticator) {
        this.logger = LoggerFactory.getLogger(getClass());
        this.authenticator = clientAuthenticator;
        this.passwords = null;
        this.connectionCache = new ConnectionManagerCache();
    }

    public PasswordManager getPasswordManager() {
        return this.passwords;
    }

    public CloseableHttpClient createClient() throws JHttpCException {
        return createClient(null);
    }

    public CloseableHttpClient createClient(SiteConfig siteConfig) throws JHttpCException {
        CloseableHttpClient createDefault;
        if (siteConfig != null) {
            HttpClientBuilder custom = HttpClients.custom();
            if (this.authenticator != null) {
                custom = this.authenticator.decorateClientBuilder(custom);
            }
            this.logger.debug("Using site config: {} for advanced client options", siteConfig);
            SiteConnectionConfig siteConnectionConfig = new SiteConnectionConfig(siteConfig);
            SSLConnectionSocketFactory createSSLSocketFactory = createSSLSocketFactory(siteConfig);
            if (createSSLSocketFactory != null) {
                custom.setSSLSocketFactory(createSSLSocketFactory);
                siteConnectionConfig.withSSLConnectionSocketFactory(createSSLSocketFactory);
            }
            ConnectionManagerTracker trackerFor = this.connectionCache.getTrackerFor(siteConnectionConfig);
            this.logger.debug("Using connection manager tracker: {}", trackerFor);
            custom.setConnectionManager(trackerFor.acquire());
            if (siteConfig.getProxyHost() != null) {
                custom.setRoutePlanner(new DefaultProxyRoutePlanner(new HttpHost(siteConfig.getProxyHost(), getProxyPort(siteConfig))));
            }
            int requestTimeoutSeconds = 1000 * siteConfig.getRequestTimeoutSeconds();
            custom.setDefaultRequestConfig(RequestConfig.custom().setConnectionRequestTimeout(requestTimeoutSeconds).setSocketTimeout(requestTimeoutSeconds).setConnectTimeout(requestTimeoutSeconds).build());
            createDefault = new TrackedHttpClient(custom.build(), trackerFor);
        } else {
            createDefault = HttpClients.createDefault();
        }
        return createDefault;
    }

    private int getProxyPort(SiteConfig siteConfig) {
        int proxyPort = siteConfig.getProxyPort();
        if (proxyPort < 1) {
            proxyPort = -1;
        }
        return proxyPort;
    }

    public HttpClientContext createContext() throws JHttpCException {
        return createContext(null);
    }

    public HttpClientContext createContext(SiteConfig siteConfig) throws JHttpCException {
        HttpClientContext create = HttpClientContext.create();
        if (siteConfig != null) {
            CookieStore cookieStore = (CookieStore) siteConfig.getAttribute(COOKIE_STORE);
            if (cookieStore == null) {
                cookieStore = new BasicCookieStore();
                siteConfig.setAttribute(COOKIE_STORE, cookieStore);
            }
            create.setCookieStore(cookieStore);
            try {
                AuthScope authScope = new AuthScope(siteConfig.getHost(), siteConfig.getPort());
                if (siteConfig.getUser() != null && this.authenticator != null) {
                    create = this.authenticator.decoratePrototypeContext(authScope, siteConfig, PasswordType.USER, create);
                }
                if (siteConfig.getProxyHost() != null && siteConfig.getProxyUser() != null && this.authenticator != null) {
                    create = this.authenticator.decoratePrototypeContext(new AuthScope(siteConfig.getProxyHost(), getProxyPort(siteConfig)), siteConfig, PasswordType.PROXY, create);
                }
            } catch (MalformedURLException e) {
                throw new JHttpCException("Failed to parse site URL for host and port: %s (site id: %s). Reason: %s", e, siteConfig.getUri(), siteConfig.getId(), e.getMessage());
            }
        }
        return create;
    }

    private SSLConnectionSocketFactory createSSLSocketFactory(SiteConfig siteConfig) throws JHttpCException {
        SSLConnectionSocketFactory sSLConnectionSocketFactory = (SSLConnectionSocketFactory) siteConfig.getAttribute(SSL_FACTORY_ATTRIB);
        if (sSLConnectionSocketFactory != null) {
            return sSLConnectionSocketFactory;
        }
        KeyStore keyStore = null;
        KeyStore keyStore2 = null;
        String keyCertPem = siteConfig.getKeyCertPem();
        String lookup = this.passwords == null ? null : this.passwords.lookup(new PasswordKey(siteConfig, PasswordType.KEY));
        if (keyCertPem != null) {
            this.logger.debug("Adding client key/certificate from: {}", siteConfig);
            if (lookup == null || lookup.length() < 1) {
                this.logger.error("Invalid configuration. Location: {} cannot have an empty key password!", siteConfig.getUri());
                throw new JHttpCException("Location: " + siteConfig.getUri() + " is misconfigured! Key password cannot be empty.", new Object[0]);
            }
            try {
                this.logger.trace("Reading Client SSL key from:\n\n{}\n\n", keyCertPem);
                keyStore = SSLUtils.readKeyAndCert(keyCertPem, lookup);
                this.logger.trace("Keystore contains the following certificates: {}", new CertEnumerator(keyStore, lookup));
            } catch (IOException e) {
                throw new JHttpCException("Failed to read client SSL key/certificate from: %s. Reason: %s", e, siteConfig, e.getMessage());
            } catch (KeyStoreException e2) {
                this.logger.error(String.format("Invalid configuration. Cannot initialize keystore for repository: %s. Error: %s", siteConfig.getUri(), e2.getMessage()), (Throwable) e2);
                throw new JHttpCException("Failed to initialize SSL connection for repository: " + siteConfig.getUri(), new Object[0]);
            } catch (NoSuchAlgorithmException e3) {
                this.logger.error(String.format("Invalid configuration. Cannot initialize keystore for repository: %s. Error: %s", siteConfig.getUri(), e3.getMessage()), (Throwable) e3);
                throw new JHttpCException("Failed to initialize SSL connection for repository: " + siteConfig.getUri(), new Object[0]);
            } catch (CertificateException e4) {
                this.logger.error(String.format("Invalid configuration. Location: %s has an invalid client certificate! Error: %s", siteConfig.getUri(), e4.getMessage()), (Throwable) e4);
                throw new JHttpCException("Failed to initialize SSL connection for repository: " + siteConfig.getUri(), new Object[0]);
            } catch (InvalidKeySpecException e5) {
                this.logger.error(String.format("Invalid configuration. Invalid client key for repository: %s. Error: %s", siteConfig.getUri(), e5.getMessage()), (Throwable) e5);
                throw new JHttpCException("Failed to initialize SSL connection for repository: " + siteConfig.getUri(), new Object[0]);
            } catch (JHttpCException e6) {
                throw new JHttpCException("Failed to read client SSL key/certificate from: %s. Reason: %s", e6, siteConfig, e6.getMessage());
            }
        } else {
            this.logger.debug("No client key/certificate found");
        }
        String serverCertPem = siteConfig.getServerCertPem();
        if (serverCertPem != null) {
            this.logger.debug("Loading TrustStore (server SSL) information from: {}", siteConfig);
            try {
                this.logger.trace("Reading Server SSL cert from:\n\n{}\n\n", serverCertPem);
                keyStore2 = SSLUtils.decodePEMTrustStore(serverCertPem, siteConfig.getHost());
                this.logger.trace("Trust store contains the following certificates:\n{}", new CertEnumerator(keyStore2, null));
            } catch (IOException e7) {
                throw new JHttpCException("Failed to read server SSL certificate(s) (or couldn't parse server hostname) from: %s. Reason: %s", e7, siteConfig, e7.getMessage());
            } catch (KeyStoreException e8) {
                this.logger.error(String.format("Invalid configuration. Cannot initialize keystore for repository: %s. Error: %s", siteConfig.getUri(), e8.getMessage()), (Throwable) e8);
                throw new JHttpCException("Failed to initialize SSL connection for repository: " + siteConfig.getUri(), new Object[0]);
            } catch (NoSuchAlgorithmException e9) {
                this.logger.error(String.format("Invalid configuration. Cannot initialize keystore for repository: %s. Error: %s", siteConfig.getUri(), e9.getMessage()), (Throwable) e9);
                throw new JHttpCException("Failed to initialize SSL connection for repository: " + siteConfig.getUri(), new Object[0]);
            } catch (CertificateException e10) {
                this.logger.error(String.format("Invalid configuration. Location: %s has an invalid server certificate! Error: %s", siteConfig.getUri(), e10.getMessage()), (Throwable) e10);
                throw new JHttpCException("Failed to initialize SSL connection for repository: " + siteConfig.getUri(), new Object[0]);
            }
        } else {
            this.logger.debug("No server certificates found");
        }
        if (keyStore == null && keyStore2 == null) {
            this.logger.debug("No SSL configuration present; no SSL context created.");
            return null;
        }
        this.logger.debug("Setting up SSL context.");
        try {
            SSLContextBuilder useProtocol = SSLContexts.custom().useProtocol("TLS");
            if (keyStore != null) {
                this.logger.trace("Loading key material for SSL context...");
                useProtocol.loadKeyMaterial(keyStore, lookup.toCharArray(), new MonolithicKeyStrategy());
            }
            if (keyStore2 != null) {
                this.logger.trace("Loading trust material for SSL context...");
                SiteTrustType trustType = siteConfig.getTrustType();
                if (trustType == null) {
                    trustType = SiteTrustType.DEFAULT;
                }
                useProtocol.loadTrustMaterial(keyStore2, trustType.getTrustStrategy());
            }
            SSLConnectionSocketFactory sSLConnectionSocketFactory2 = new SSLConnectionSocketFactory(useProtocol.build(), new DefaultHostnameVerifier());
            siteConfig.setAttribute(SSL_FACTORY_ATTRIB, sSLConnectionSocketFactory2);
            return sSLConnectionSocketFactory2;
        } catch (KeyManagementException e11) {
            this.logger.error("Invalid configuration. Cannot initialize SSL socket factory for repository: {}. Error: {}", e11, siteConfig.getUri(), e11.getMessage());
            throw new JHttpCException("Failed to initialize SSL connection for repository: " + siteConfig.getUri(), new Object[0]);
        } catch (KeyStoreException e12) {
            this.logger.error("Invalid configuration. Cannot initialize SSL socket factory for repository: {}. Error: {}", e12, siteConfig.getUri(), e12.getMessage());
            throw new JHttpCException("Failed to initialize SSL connection for repository: " + siteConfig.getUri(), new Object[0]);
        } catch (NoSuchAlgorithmException e13) {
            this.logger.error("Invalid configuration. Cannot initialize SSL socket factory for repository: {}. Error: {}", e13, siteConfig.getUri(), e13.getMessage());
            throw new JHttpCException("Failed to initialize SSL connection for repository: " + siteConfig.getUri(), new Object[0]);
        } catch (UnrecoverableKeyException e14) {
            this.logger.error("Invalid configuration. Cannot initialize SSL socket factory for repository: {}. Error: {}", e14, siteConfig.getUri(), e14.getMessage());
            throw new JHttpCException("Failed to initialize SSL connection for repository: " + siteConfig.getUri(), new Object[0]);
        }
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
    }
}
