package com.ibm.cloud.sdk.core.http;

import com.ibm.cloud.sdk.core.http.HttpConfigOptions;
import com.ibm.cloud.sdk.core.http.gzip.GzipRequestInterceptor;
import com.ibm.cloud.sdk.core.http.ratelimit.RateLimitInterceptor;
import com.ibm.cloud.sdk.core.service.BaseService;
import com.ibm.cloud.sdk.core.service.security.DelegatingSSLSocketFactory;
import java.io.IOException;
import java.net.CookieManager;
import java.net.CookiePolicy;
import java.net.Proxy;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.Authenticator;
import okhttp3.ConnectionSpec;
import okhttp3.Interceptor;
import okhttp3.OkHttpClient;
import okhttp3.TlsVersion;
import okhttp3.logging.HttpLoggingInterceptor;

/* loaded from: input_file:com/ibm/cloud/sdk/core/http/HttpClientSingleton.class */
public class HttpClientSingleton {
    private static HttpClientSingleton instance = null;
    private static final Logger LOG = Logger.getLogger(BaseService.class.getName());
    private static final TrustManager[] trustAllCerts = {new X509TrustManager() { // from class: com.ibm.cloud.sdk.core.http.HttpClientSingleton.1
        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }};
    private OkHttpClient okHttpClient = configureHttpClient();

    public static HttpClientSingleton getInstance() {
        if (instance == null) {
            instance = new HttpClientSingleton();
        }
        return instance;
    }

    protected HttpClientSingleton() {
    }

    private OkHttpClient configureHttpClient() {
        OkHttpClient.Builder builder = new OkHttpClient.Builder();
        addCookieJar(builder);
        builder.connectTimeout(60L, TimeUnit.SECONDS);
        builder.writeTimeout(60L, TimeUnit.SECONDS);
        builder.readTimeout(90L, TimeUnit.SECONDS);
        builder.connectionSpecs(Arrays.asList(new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS).allEnabledCipherSuites().build(), ConnectionSpec.CLEARTEXT));
        setupTLSProtocol(builder);
        return builder.build();
    }

    private void addCookieJar(OkHttpClient.Builder builder) {
        CookieManager cookieManager = new CookieManager();
        cookieManager.setCookiePolicy(CookiePolicy.ACCEPT_ALL);
        builder.cookieJar(new ServiceCookieJar(cookieManager));
    }

    private OkHttpClient disableSslVerification(OkHttpClient okHttpClient) {
        try {
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(null, trustAllCerts, new SecureRandom());
            SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
            OkHttpClient.Builder newBuilder = okHttpClient.newBuilder();
            newBuilder.sslSocketFactory(socketFactory, (X509TrustManager) trustAllCerts[0]);
            newBuilder.hostnameVerifier(new HostnameVerifier() { // from class: com.ibm.cloud.sdk.core.http.HttpClientSingleton.2
                @Override // javax.net.ssl.HostnameVerifier
                public boolean verify(String str, SSLSession sSLSession) {
                    return true;
                }
            });
            return newBuilder.build();
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    private OkHttpClient setProxy(OkHttpClient okHttpClient, Proxy proxy) {
        return okHttpClient.newBuilder().proxy(proxy).build();
    }

    private OkHttpClient setProxyAuthenticator(OkHttpClient okHttpClient, Authenticator authenticator) {
        return okHttpClient.newBuilder().proxyAuthenticator(authenticator).build();
    }

    private OkHttpClient setLoggingLevel(OkHttpClient okHttpClient, HttpConfigOptions.LoggingLevel loggingLevel) {
        HttpLoggingInterceptor httpLoggingInterceptor = new HttpLoggingInterceptor();
        switch (loggingLevel) {
            case BODY:
                httpLoggingInterceptor.setLevel(HttpLoggingInterceptor.Level.BODY);
                break;
            case HEADERS:
                httpLoggingInterceptor.setLevel(HttpLoggingInterceptor.Level.HEADERS);
                break;
            case BASIC:
                httpLoggingInterceptor.setLevel(HttpLoggingInterceptor.Level.BASIC);
                break;
            default:
                httpLoggingInterceptor.setLevel(HttpLoggingInterceptor.Level.NONE);
                break;
        }
        return okHttpClient.newBuilder().addNetworkInterceptor(httpLoggingInterceptor).build();
    }

    private void setupTLSProtocol(OkHttpClient.Builder builder) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
                throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
            }
            X509TrustManager x509TrustManager = (X509TrustManager) trustManagers[0];
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{x509TrustManager}, null);
            builder.sslSocketFactory(new DelegatingSSLSocketFactory(sSLContext.getSocketFactory()) { // from class: com.ibm.cloud.sdk.core.http.HttpClientSingleton.3
                @Override // com.ibm.cloud.sdk.core.service.security.DelegatingSSLSocketFactory
                protected SSLSocket configureSocket(SSLSocket sSLSocket) throws IOException {
                    sSLSocket.setEnabledProtocols(new String[]{TlsVersion.TLS_1_0.javaName(), TlsVersion.TLS_1_1.javaName(), TlsVersion.TLS_1_2.javaName()});
                    return sSLSocket;
                }
            }, x509TrustManager);
        } catch (KeyManagementException e) {
            LOG.log(Level.SEVERE, "Error initializing the SSL Context.", (Throwable) e);
        } catch (KeyStoreException e2) {
            LOG.log(Level.SEVERE, "Error using the keystore.", (Throwable) e2);
        } catch (NoSuchAlgorithmException e3) {
            LOG.log(Level.SEVERE, "The cryptographic algorithm requested is not available in the environment.", (Throwable) e3);
        }
    }

    private OkHttpClient reconfigureClientInterceptors(OkHttpClient okHttpClient, String str) {
        OkHttpClient.Builder newBuilder = okHttpClient.newBuilder();
        if (!newBuilder.interceptors().isEmpty()) {
            Iterator<Interceptor> it = newBuilder.interceptors().iterator();
            while (it.hasNext()) {
                String simpleName = it.next().getClass().getSimpleName();
                if (simpleName.equals(str)) {
                    LOG.log(Level.INFO, "Removing interceptor" + simpleName + " from http client instance.");
                    it.remove();
                }
            }
        }
        return newBuilder.build();
    }

    public OkHttpClient createHttpClient() {
        OkHttpClient.Builder newBuilder = this.okHttpClient.newBuilder();
        addCookieJar(newBuilder);
        return newBuilder.build();
    }

    public OkHttpClient configureClient(HttpConfigOptions httpConfigOptions) {
        this.okHttpClient = configureClient(this.okHttpClient, httpConfigOptions);
        return this.okHttpClient;
    }

    public OkHttpClient configureClient(OkHttpClient okHttpClient, HttpConfigOptions httpConfigOptions) {
        if (httpConfigOptions != null) {
            if (httpConfigOptions.shouldDisableSslVerification()) {
                okHttpClient = disableSslVerification(okHttpClient);
            }
            if (httpConfigOptions.getProxy() != null) {
                okHttpClient = setProxy(okHttpClient, httpConfigOptions.getProxy());
            }
            if (httpConfigOptions.getProxyAuthenticator() != null) {
                okHttpClient = setProxyAuthenticator(okHttpClient, httpConfigOptions.getProxyAuthenticator());
            }
            if (httpConfigOptions.getLoggingLevel() != null) {
                okHttpClient = setLoggingLevel(okHttpClient, httpConfigOptions.getLoggingLevel());
            }
            if (httpConfigOptions.getDefaultRetryInterval() > 0) {
                okHttpClient = okHttpClient.newBuilder().addInterceptor(new RateLimitInterceptor(httpConfigOptions.getAuthenticator(), httpConfigOptions.getDefaultRetryInterval(), httpConfigOptions.getMaxRetries())).build();
            }
            Boolean gzipCompression = httpConfigOptions.getGzipCompression();
            if (gzipCompression != null) {
                okHttpClient = reconfigureClientInterceptors(okHttpClient, "GzipRequestInterceptor");
                if (gzipCompression.booleanValue()) {
                    okHttpClient = okHttpClient.newBuilder().addInterceptor(new GzipRequestInterceptor()).build();
                }
            }
        }
        return okHttpClient;
    }
}
