package io.camunda.zeebe.client.impl.http;

import com.fasterxml.jackson.databind.ObjectMapper;
import io.camunda.zeebe.client.ZeebeClientConfiguration;
import io.camunda.zeebe.client.impl.NoopCredentialsProvider;
import io.camunda.zeebe.client.impl.util.VersionUtil;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collections;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManagerFactory;
import org.apache.hc.client5.http.config.RequestConfig;
import org.apache.hc.client5.http.impl.async.HttpAsyncClientBuilder;
import org.apache.hc.client5.http.impl.async.HttpAsyncClients;
import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder;
import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder;
import org.apache.hc.client5.http.ssl.DefaultHostnameVerifier;
import org.apache.hc.client5.http.ssl.HttpClientHostnameVerifier;
import org.apache.hc.core5.http.ContentType;
import org.apache.hc.core5.http.config.CharCodingConfig;
import org.apache.hc.core5.http.message.BasicHeader;
import org.apache.hc.core5.net.URIBuilder;
import org.apache.hc.core5.ssl.SSLContexts;
import org.apache.hc.core5.util.TimeValue;
import org.apache.hc.core5.util.Timeout;

/* loaded from: input_file:BOOT-INF/lib/zeebe-client-java-8.5.2.jar:io/camunda/zeebe/client/impl/http/HttpClientFactory.class */
public class HttpClientFactory {
    private static final String REST_API_PATH = "/v1";
    private static final ObjectMapper JSON_MAPPER = new ObjectMapper();
    private final ZeebeClientConfiguration config;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/zeebe-client-java-8.5.2.jar:io/camunda/zeebe/client/impl/http/HttpClientFactory$HostnameVerifier.class */
    public static final class HostnameVerifier implements HttpClientHostnameVerifier {
        private final HttpClientHostnameVerifier delegate;
        private final String overriddenAuthority;

        private HostnameVerifier(String str) {
            this.delegate = new DefaultHostnameVerifier();
            this.overriddenAuthority = str;
        }

        @Override // org.apache.hc.client5.http.ssl.HttpClientHostnameVerifier
        public void verify(String str, X509Certificate x509Certificate) throws SSLException {
            String str2 = "0.0.0.0".equals(str) ? "localhost" : str;
            if (this.overriddenAuthority != null) {
                this.delegate.verify(this.overriddenAuthority, x509Certificate);
            } else {
                this.delegate.verify(str2, x509Certificate);
            }
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            return this.delegate.verify(this.overriddenAuthority == null ? "0.0.0.0".equals(str) ? "localhost" : str : this.overriddenAuthority, sSLSession);
        }
    }

    public HttpClientFactory(ZeebeClientConfiguration zeebeClientConfiguration) {
        this.config = zeebeClientConfiguration;
    }

    public HttpClient createClient() {
        RequestConfig build = defaultClientRequestConfigBuilder().build();
        return new HttpClient(defaultClientBuilder().setDefaultRequestConfig(build).build(), JSON_MAPPER, buildGatewayAddress(), build, this.config.getMaxMessageSize(), TimeValue.ofSeconds(15L), this.config.getCredentialsProvider() != null ? this.config.getCredentialsProvider() : new NoopCredentialsProvider());
    }

    private URI buildGatewayAddress() {
        String uri = this.config.getRestAddress().toString();
        if (uri.endsWith("/")) {
            uri = uri.substring(0, uri.length() - 1);
        }
        try {
            URIBuilder appendPath = new URIBuilder(uri).appendPath(REST_API_PATH);
            appendPath.setScheme(this.config.isPlaintextConnectionEnabled() ? "http" : "https");
            return appendPath.build();
        } catch (URISyntaxException e) {
            throw new RuntimeException(e);
        }
    }

    private HttpAsyncClientBuilder defaultClientBuilder() {
        return HttpAsyncClients.custom().setConnectionManager(PoolingAsyncClientConnectionManagerBuilder.create().setTlsStrategy(ClientTlsStrategyBuilder.create().setSslContext(createSslContext()).setHostnameVerifier(new HostnameVerifier(this.config.getOverrideAuthority())).build()).build()).setDefaultHeaders(Collections.singletonList(new BasicHeader("Accept", String.join(", ", ContentType.APPLICATION_JSON.getMimeType(), ContentType.APPLICATION_PROBLEM_JSON.getMimeType())))).setUserAgent("zeebe-client-java/" + VersionUtil.getVersion()).evictExpiredConnections().setCharCodingConfig(CharCodingConfig.custom().setCharset(StandardCharsets.UTF_8).build()).evictIdleConnections(TimeValue.ofSeconds(30L)).useSystemProperties();
    }

    private RequestConfig.Builder defaultClientRequestConfigBuilder() {
        return RequestConfig.custom().setResponseTimeout(Timeout.of(this.config.getDefaultRequestTimeout())).setConnectionKeepAlive(TimeValue.of(this.config.getKeepAlive())).setHardCancellationEnabled(false);
    }

    private SSLContext createSslContext() {
        if (this.config.isPlaintextConnectionEnabled() || this.config.getCaCertificatePath() == null) {
            return SSLContexts.createDefault();
        }
        KeyStore createKeyStore = createKeyStore();
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(createKeyStore);
            SSLContext build = SSLContexts.custom().build();
            build.init(null, trustManagerFactory.getTrustManagers(), null);
            return build;
        } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    private KeyStore createKeyStore() {
        try {
            FileInputStream fileInputStream = new FileInputStream(new File(this.config.getCaCertificatePath()));
            try {
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null);
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                int i = 1;
                while (fileInputStream.available() > 0) {
                    keyStore.setCertificateEntry(Integer.toString(i), certificateFactory.generateCertificate(fileInputStream));
                    i++;
                }
                fileInputStream.close();
                return keyStore;
            } catch (Throwable th) {
                try {
                    fileInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new RuntimeException(e);
        }
    }
}
