package keywhiz.testing;

import com.google.common.base.Preconditions;
import com.google.common.base.Throwables;
import com.squareup.okhttp.ConnectionSpec;
import com.squareup.okhttp.Interceptor;
import com.squareup.okhttp.OkHttpClient;
import java.io.IOException;
import java.net.CookieManager;
import java.net.CookiePolicy;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.annotation.Nullable;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
import org.apache.http.HttpHost;
import org.apache.http.conn.ssl.SSLContextBuilder;
import org.apache.http.conn.ssl.TrustStrategy;

/* loaded from: input_file:keywhiz/testing/HttpClients.class */
public class HttpClients {

    /* loaded from: input_file:keywhiz/testing/HttpClients$LocalhostClientBuilder.class */
    public static class LocalhostClientBuilder {
        private KeyStore keyStore;
        private String password;
        private List<Interceptor> requestInterceptors;

        private LocalhostClientBuilder() {
            this.requestInterceptors = new ArrayList();
        }

        public LocalhostClientBuilder withClientCert(KeyStore keyStore, String str) {
            this.keyStore = keyStore;
            this.password = str;
            return this;
        }

        public LocalhostClientBuilder addRequestInterceptors(Interceptor interceptor, Interceptor... interceptorArr) {
            Preconditions.checkNotNull(interceptor);
            this.requestInterceptors.add(interceptor);
            this.requestInterceptors.addAll(Arrays.asList(interceptorArr));
            return this;
        }

        public OkHttpClient build(X509Certificate x509Certificate, int i) {
            TrustStrategy trustStrategy = HttpClients.trustStrategy(x509Certificate);
            try {
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, "changeit".toCharArray());
                keyStore.setCertificateEntry("serverCert", x509Certificate);
                return HttpClients.localhostSslClient(i, this.keyStore, this.password, keyStore, trustStrategy, this.requestInterceptors);
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                throw Throwables.propagate(e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:keywhiz/testing/HttpClients$LocalhostSslClientHostnameVerifier.class */
    public static class LocalhostSslClientHostnameVerifier implements HostnameVerifier {
        private LocalhostSslClientHostnameVerifier() {
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            return true;
        }
    }

    private HttpClients() {
    }

    public static OkHttpClient boundToHost(HttpHost httpHost, OkHttpClient okHttpClient) {
        Preconditions.checkNotNull(httpHost);
        Preconditions.checkNotNull(okHttpClient);
        return new HostBoundWrappedHttpClient(httpHost, okHttpClient);
    }

    public static TrustStrategy trustStrategy(X509Certificate x509Certificate) {
        Preconditions.checkNotNull(x509Certificate);
        return (x509CertificateArr, str) -> {
            return x509CertificateArr.length > 0 && x509CertificateArr[0].equals(x509Certificate);
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static OkHttpClient localhostSslClient(int i, @Nullable KeyStore keyStore, @Nullable String str, KeyStore keyStore2, TrustStrategy trustStrategy, List<Interceptor> list) {
        boolean z = (keyStore == null || str == null) ? false : true;
        try {
            SSLContextBuilder loadTrustMaterial = new SSLContextBuilder().useProtocol("TLSv1.2").loadTrustMaterial(keyStore2, trustStrategy);
            if (z) {
                loadTrustMaterial.loadKeyMaterial(keyStore, str.toCharArray());
            }
            OkHttpClient hostnameVerifier = new OkHttpClient().setSslSocketFactory(loadTrustMaterial.build().getSocketFactory()).setConnectionSpecs(Arrays.asList(ConnectionSpec.MODERN_TLS)).setFollowSslRedirects(false).setHostnameVerifier(new LocalhostSslClientHostnameVerifier());
            hostnameVerifier.setFollowRedirects(false);
            hostnameVerifier.setRetryOnConnectionFailure(false);
            if (!z) {
                CookieManager cookieManager = new CookieManager();
                cookieManager.setCookiePolicy(CookiePolicy.ACCEPT_ALL);
                hostnameVerifier.setCookieHandler(cookieManager);
            }
            Iterator<Interceptor> it = list.iterator();
            while (it.hasNext()) {
                hostnameVerifier.networkInterceptors().add(it.next());
            }
            return boundToHost(new HttpHost("localhost", i, "https"), hostnameVerifier);
        } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            throw Throwables.propagate(e);
        }
    }

    public static LocalhostClientBuilder builder() {
        return new LocalhostClientBuilder();
    }
}
