package eu.arrowhead.common.http;

import eu.arrowhead.common.CommonConstants;
import eu.arrowhead.common.SSLProperties;
import eu.arrowhead.common.Utilities;
import eu.arrowhead.common.exception.AuthException;
import eu.arrowhead.common.exception.UnavailableServerException;
import java.io.IOException;
import java.net.URI;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import javax.annotation.PostConstruct;
import javax.el.MethodNotFoundException;
import javax.net.ssl.SSLContext;
import javax.security.auth.x500.X500Principal;
import org.apache.http.client.HttpClient;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.protocol.BasicHttpContext;
import org.apache.http.protocol.HttpContext;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpMethod;
import org.springframework.http.ResponseEntity;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.stereotype.Component;
import org.springframework.util.Assert;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.web.client.ResourceAccessException;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.util.UriComponents;

@Component
/* loaded from: input_file:eu/arrowhead/common/http/HttpService.class */
public class HttpService {
    private static final String ERROR_MESSAGE_PART_PKIX_PATH = "PKIX path";
    private static final String ERROR_MESSAGE_PART_SUBJECT_ALTERNATIVE_NAMES = "doesn't match any of the subject alternative names";
    private static final List<HttpMethod> NOT_SUPPORTED_METHODS = List.of(HttpMethod.HEAD, HttpMethod.OPTIONS, HttpMethod.TRACE);
    private final Logger logger = LogManager.getLogger(HttpService.class);

    @Value(CommonConstants.$DISABLE_HOSTNAME_VERIFIER_WD)
    private boolean disableHostnameVerifier;

    @Value(CommonConstants.$HTTP_CLIENT_CONNECTION_TIMEOUT_WD)
    private int connectionTimeout;

    @Value(CommonConstants.$HTTP_CLIENT_SOCKET_TIMEOUT_WD)
    private int socketTimeout;

    @Value(CommonConstants.$HTTP_CLIENT_CONNECTION_MANAGER_TIMEOUT_WD)
    private int connectionManagerTimeout;

    @Autowired
    private SSLProperties sslProperties;
    private String clientName;

    @Autowired
    private ArrowheadHttpClientResponseErrorHandler errorHandler;
    private RestTemplate template;
    private RestTemplate sslTemplate;

    @PostConstruct
    public void init() throws Exception {
        this.logger.debug("Initializing HttpService...");
        this.template = createTemplate(null);
        if (this.sslProperties.isSslEnabled()) {
            try {
                this.sslTemplate = createTemplate(createSSLContext());
            } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
                this.logger.error("Error while creating SSL context: {}", e.getMessage());
                this.logger.debug("Exception", e);
                throw e;
            }
        }
        this.logger.debug("HttpService is initialized.");
    }

    public <T, P> ResponseEntity<T> sendRequest(UriComponents uriComponents, HttpMethod httpMethod, Class<T> cls, P p, SSLContext sSLContext) {
        RestTemplate restTemplate;
        Assert.notNull(httpMethod, "Request method is not defined.");
        this.logger.debug("Sending {} request to: {}", httpMethod, uriComponents);
        if (uriComponents == null) {
            this.logger.error("sendRequest() is called with null URI.");
            throw new NullPointerException("HttpService.sendRequest method received null URI. This most likely means the invoking Core System could not fetch the service of another Core System from the Service Registry!");
        }
        if (NOT_SUPPORTED_METHODS.contains(httpMethod)) {
            throw new MethodNotFoundException("Invalid method type was given to the HttpService.sendRequest() method.");
        }
        boolean equalsIgnoreCase = CommonConstants.HTTPS.equalsIgnoreCase(uriComponents.getScheme());
        if (equalsIgnoreCase && this.sslTemplate == null) {
            this.logger.debug("sendRequest(): secure request sending was invoked in insecure mode.");
            throw new AuthException("SSL Context is not set, but secure request sending was invoked. An insecure module can not send requests to secure modules.", 401);
        }
        if (equalsIgnoreCase) {
            restTemplate = sSLContext != null ? createTemplate(sSLContext) : this.sslTemplate;
        } else {
            restTemplate = this.template;
        }
        try {
            return restTemplate.exchange(uriComponents.toUri(), httpMethod, getHttpEntity(p), cls);
        } catch (ResourceAccessException e) {
            if (e.getMessage().contains(ERROR_MESSAGE_PART_PKIX_PATH)) {
                this.logger.error("The system at {} is not part of the same certificate chain of trust!", uriComponents.toUriString());
                throw new AuthException("The system at " + uriComponents.toUriString() + " is not part of the same certificate chain of trust!", 401, (Throwable) e);
            }
            if (e.getMessage().contains(ERROR_MESSAGE_PART_SUBJECT_ALTERNATIVE_NAMES)) {
                this.logger.error("The certificate of the system at {} does not contain the specified IP address or DNS name as a Subject Alternative Name.", uriComponents.toString());
                throw new AuthException("The certificate of the system at " + uriComponents.toString() + " does not contain the specified IP address or DNS name as a Subject Alternative Name.");
            }
            this.logger.error("UnavailableServerException occurred at {}", uriComponents.toUriString());
            this.logger.debug("Exception", e);
            throw new UnavailableServerException("Could not get any response from: " + uriComponents.toUriString(), 503, (Throwable) e);
        }
    }

    public <T, P> ResponseEntity<T> sendRequest(UriComponents uriComponents, HttpMethod httpMethod, Class<T> cls, P p) {
        return sendRequest(uriComponents, httpMethod, cls, p, null);
    }

    public <T> ResponseEntity<T> sendRequest(UriComponents uriComponents, HttpMethod httpMethod, Class<T> cls, SSLContext sSLContext) {
        return sendRequest(uriComponents, httpMethod, cls, null, sSLContext);
    }

    public <T> ResponseEntity<T> sendRequest(UriComponents uriComponents, HttpMethod httpMethod, Class<T> cls) {
        return sendRequest(uriComponents, httpMethod, cls, null, null);
    }

    private <P> HttpEntity<P> getHttpEntity(P p) {
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        linkedMultiValueMap.put("Accept", Arrays.asList("text/plain", "application/json"));
        if (p != null) {
            linkedMultiValueMap.put("Content-Type", Collections.singletonList("application/json"));
        }
        return p != null ? new HttpEntity<>(p, linkedMultiValueMap) : new HttpEntity<>(linkedMultiValueMap);
    }

    private RestTemplate createTemplate(SSLContext sSLContext) {
        RestTemplate restTemplate = new RestTemplate(new HttpComponentsClientHttpRequestFactory(createClient(sSLContext)) { // from class: eu.arrowhead.common.http.HttpService.1
            protected HttpContext createHttpContext(HttpMethod httpMethod, URI uri) {
                HttpClientContext httpClientContext = new HttpClientContext(new BasicHttpContext());
                if (!Utilities.isEmpty(HttpService.this.clientName)) {
                    httpClientContext.setAttribute("http.user-token", new X500Principal(HttpService.this.clientName));
                }
                return httpClientContext;
            }
        });
        restTemplate.setErrorHandler(this.errorHandler);
        return restTemplate;
    }

    private HttpClient createClient(SSLContext sSLContext) {
        CloseableHttpClient build;
        if (sSLContext == null) {
            build = HttpClients.custom().setDefaultRequestConfig(createRequestConfig()).build();
        } else {
            build = HttpClients.custom().setDefaultRequestConfig(createRequestConfig()).setSSLSocketFactory(this.disableHostnameVerifier ? new SSLConnectionSocketFactory(sSLContext, (str, sSLSession) -> {
                return true;
            }) : new SSLConnectionSocketFactory(sSLContext)).build();
        }
        return build;
    }

    private SSLContext createSSLContext() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, KeyManagementException, UnrecoverableKeyException {
        Assert.isTrue(!Utilities.isEmpty(this.sslProperties.getKeyStoreType()), "server.ssl.key-store-type is not defined.");
        Assert.notNull(this.sslProperties.getKeyStore(), "server.ssl.key-store is not defined.");
        Assert.isTrue(this.sslProperties.getKeyStore().exists(), "server.ssl.key-store file is not found.");
        Assert.notNull(this.sslProperties.getKeyStorePassword(), "server.ssl.key-store-password is not defined.");
        Assert.notNull(this.sslProperties.getKeyPassword(), "server.ssl.key-password is not defined.");
        Assert.notNull(this.sslProperties.getTrustStore(), "server.ssl.trust-store is not defined.");
        Assert.isTrue(this.sslProperties.getTrustStore().exists(), "server.ssl.trust-store file is not found.");
        Assert.notNull(this.sslProperties.getTrustStorePassword(), "server.ssl.trust-store-password is not defined.");
        KeyStore keyStore = KeyStore.getInstance(this.sslProperties.getKeyStoreType());
        keyStore.load(this.sslProperties.getKeyStore().getInputStream(), this.sslProperties.getKeyStorePassword().toCharArray());
        this.clientName = Utilities.getSystemCertFromKeyStore(keyStore).getSubjectDN().getName();
        return new SSLContextBuilder().loadTrustMaterial(this.sslProperties.getTrustStore().getURL(), this.sslProperties.getTrustStorePassword().toCharArray()).loadKeyMaterial(keyStore, this.sslProperties.getKeyPassword().toCharArray()).setKeyStoreType(this.sslProperties.getKeyStoreType()).build();
    }

    private RequestConfig createRequestConfig() {
        return RequestConfig.custom().setConnectTimeout(this.connectionTimeout).setSocketTimeout(this.socketTimeout).setConnectionRequestTimeout(this.connectionManagerTimeout).build();
    }
}
