package org.springframework.cloud.config.client;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import org.apache.commons.logging.Log;
import org.apache.hc.client5.http.impl.classic.HttpClients;
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager;
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder;
import org.apache.hc.core5.http.io.SocketConfig;
import org.apache.hc.core5.util.Timeout;
import org.springframework.cloud.configuration.SSLContextFactory;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpRequest;
import org.springframework.http.client.ClientHttpRequestExecution;
import org.springframework.http.client.ClientHttpRequestFactory;
import org.springframework.http.client.ClientHttpRequestInterceptor;
import org.springframework.http.client.ClientHttpResponse;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.http.client.SimpleClientHttpRequestFactory;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:BOOT-INF/lib/spring-cloud-config-client-4.2.1.jar:org/springframework/cloud/config/client/ConfigClientRequestTemplateFactory.class */
public class ConfigClientRequestTemplateFactory {
    private final Log log;
    private final ConfigClientProperties properties;

    /* loaded from: input_file:BOOT-INF/lib/spring-cloud-config-client-4.2.1.jar:org/springframework/cloud/config/client/ConfigClientRequestTemplateFactory$GenericRequestHeaderInterceptor.class */
    public static class GenericRequestHeaderInterceptor implements ClientHttpRequestInterceptor {
        private final Map<String, String> headers;

        public GenericRequestHeaderInterceptor(Map<String, String> map) {
            this.headers = map;
        }

        @Override // org.springframework.http.client.ClientHttpRequestInterceptor
        public ClientHttpResponse intercept(HttpRequest httpRequest, byte[] bArr, ClientHttpRequestExecution clientHttpRequestExecution) throws IOException {
            for (Map.Entry<String, String> entry : this.headers.entrySet()) {
                httpRequest.getHeaders().add(entry.getKey(), entry.getValue());
            }
            return clientHttpRequestExecution.execute(httpRequest, bArr);
        }

        protected Map<String, String> getHeaders() {
            return this.headers;
        }
    }

    public ConfigClientRequestTemplateFactory(Log log, ConfigClientProperties configClientProperties) {
        this.log = log;
        this.properties = configClientProperties;
    }

    public Log getLog() {
        return this.log;
    }

    public ConfigClientProperties getProperties() {
        return this.properties;
    }

    public RestTemplate create() {
        if (this.properties.getRequestReadTimeout() < 0) {
            throw new IllegalStateException("Invalid Value for Read Timeout set.");
        }
        if (this.properties.getRequestConnectTimeout() < 0) {
            throw new IllegalStateException("Invalid Value for Connect Timeout set.");
        }
        RestTemplate restTemplate = new RestTemplate(createHttpRequestFactory(this.properties));
        HashMap hashMap = new HashMap(this.properties.getHeaders());
        hashMap.remove(ConfigClientProperties.AUTHORIZATION);
        if (!hashMap.isEmpty()) {
            restTemplate.setInterceptors(Arrays.asList(new GenericRequestHeaderInterceptor(hashMap)));
        }
        return restTemplate;
    }

    protected ClientHttpRequestFactory createHttpRequestFactory(ConfigClientProperties configClientProperties) {
        if (!configClientProperties.getTls().isEnabled()) {
            SimpleClientHttpRequestFactory simpleClientHttpRequestFactory = new SimpleClientHttpRequestFactory();
            simpleClientHttpRequestFactory.setReadTimeout(configClientProperties.getRequestReadTimeout());
            simpleClientHttpRequestFactory.setConnectTimeout(configClientProperties.getRequestConnectTimeout());
            return simpleClientHttpRequestFactory;
        }
        try {
            HttpComponentsClientHttpRequestFactory httpComponentsClientHttpRequestFactory = new HttpComponentsClientHttpRequestFactory(HttpClients.custom().setConnectionManager(createConnectionManagerForTls(configClientProperties)).build());
            httpComponentsClientHttpRequestFactory.setConnectTimeout(configClientProperties.getRequestConnectTimeout());
            return httpComponentsClientHttpRequestFactory;
        } catch (IOException | GeneralSecurityException e) {
            this.log.error(e);
            throw new IllegalStateException("Failed to create config client with TLS.", e);
        }
    }

    protected PoolingHttpClientConnectionManager createConnectionManagerForTls(ConfigClientProperties configClientProperties) throws GeneralSecurityException, IOException {
        SSLContext createSSLContext = new SSLContextFactory(configClientProperties.getTls()).createSSLContext();
        SSLConnectionSocketFactoryBuilder create = SSLConnectionSocketFactoryBuilder.create();
        create.setSslContext(createSSLContext);
        return PoolingHttpClientConnectionManagerBuilder.create().setDefaultSocketConfig(createSocketBuilderForTls(configClientProperties).build()).setSSLSocketFactory(create.build()).build();
    }

    protected SocketConfig.Builder createSocketBuilderForTls(ConfigClientProperties configClientProperties) {
        return SocketConfig.custom().setSoTimeout(Timeout.of(configClientProperties.getRequestReadTimeout(), TimeUnit.MILLISECONDS));
    }

    public void addAuthorizationToken(HttpHeaders httpHeaders, String str, String str2) {
        String str3 = this.properties.getHeaders().get(ConfigClientProperties.AUTHORIZATION);
        if (str2 != null && str3 != null) {
            throw new IllegalStateException("You must set either 'password' or 'authorization'");
        }
        if (str2 != null) {
            httpHeaders.add("Authorization", "Basic " + new String(Base64.getEncoder().encode((str + ":" + str2).getBytes())));
        } else if (str3 != null) {
            httpHeaders.add("Authorization", str3);
        }
    }
}
