package pl.edu.icm.unity.engine.files;

import com.google.common.base.Preconditions;
import eu.emi.security.authn.x509.X509CertChainValidatorExt;
import eu.emi.security.authn.x509.helpers.ssl.SSLTrustManagerWithHostnameChecking;
import eu.unicore.util.httpclient.DefaultClientConfiguration;
import eu.unicore.util.httpclient.EmptyHostnameVerifier;
import eu.unicore.util.httpclient.HostnameMismatchCallbackImpl;
import eu.unicore.util.httpclient.HttpClientProperties;
import eu.unicore.util.httpclient.ServerHostnameCheckingMode;
import java.io.IOException;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.time.Duration;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import org.apache.commons.io.IOUtils;
import org.apache.hc.client5.http.classic.HttpClient;
import org.apache.hc.client5.http.classic.methods.HttpGet;
import org.apache.hc.client5.http.config.ConnectionConfig;
import org.apache.hc.client5.http.config.RequestConfig;
import org.apache.hc.client5.http.impl.DefaultHttpRequestRetryStrategy;
import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
import org.apache.hc.client5.http.protocol.HttpClientContext;
import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory;
import org.apache.hc.core5.http.ClassicHttpResponse;
import org.apache.hc.core5.http.Header;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.http.ParseException;
import org.apache.hc.core5.http.io.entity.EntityUtils;
import org.apache.hc.core5.util.TimeValue;
import org.apache.hc.core5.util.Timeout;
import pl.edu.icm.unity.engine.api.PKIManagement;
import pl.edu.icm.unity.exceptions.EngineException;

/* loaded from: input_file:pl/edu/icm/unity/engine/files/RemoteFileNetworkClient.class */
class RemoteFileNetworkClient {
    private static final long MAX_BODY_SIZE_TO_LOG = 10240;
    private PKIManagement pkiManagement;

    /* loaded from: input_file:pl/edu/icm/unity/engine/files/RemoteFileNetworkClient$ApacheHttpClientBuilder.class */
    private static class ApacheHttpClientBuilder {
        private static final int DEFAULT_RETRY_MECHANISM = -1;
        private final PKIManagement pkiManagement;
        private URL url;
        private String customTruststore;
        private Integer connectionTimeout;
        private Integer socketReadTimeout;
        private int retriesNumber = DEFAULT_RETRY_MECHANISM;

        ApacheHttpClientBuilder(PKIManagement pKIManagement) {
            this.pkiManagement = pKIManagement;
        }

        public ApacheHttpClientBuilder withDefaultRetries() {
            this.retriesNumber = DEFAULT_RETRY_MECHANISM;
            return this;
        }

        ApacheHttpClientBuilder withURL(URL url) {
            this.url = url;
            return this;
        }

        ApacheHttpClientBuilder withCustomTruststore(String str) {
            this.customTruststore = str;
            return this;
        }

        ApacheHttpClientBuilder withConnectionTimeout(int i) {
            this.connectionTimeout = Integer.valueOf(i);
            return this;
        }

        ApacheHttpClientBuilder withSocketReadTimeout(int i) {
            this.socketReadTimeout = Integer.valueOf(i);
            return this;
        }

        ApacheHttpClientBuilder withConnectionTimeout(Duration duration) {
            this.connectionTimeout = Integer.valueOf((int) duration.toMillis());
            return this;
        }

        ApacheHttpClientBuilder withSocketReadTimeout(Duration duration) {
            this.socketReadTimeout = Integer.valueOf((int) duration.toMillis());
            return this;
        }

        ApacheHttpClientBuilder withRetriesNumber(int i) {
            this.retriesNumber = i;
            return this;
        }

        HttpClient build() throws EngineException {
            Preconditions.checkNotNull(this.url, "url must not provided");
            Preconditions.checkNotNull(this.connectionTimeout, "connectionTimeout must not provided");
            Preconditions.checkNotNull(this.socketReadTimeout, "socketReadTimeout must not provided");
            HttpClientBuilder create = HttpClientBuilder.create();
            if (this.retriesNumber == 0) {
                create.disableAutomaticRetries();
            } else if (this.retriesNumber > 0) {
                create.setRetryStrategy(new DefaultHttpRequestRetryStrategy(this.retriesNumber, TimeValue.ofSeconds(5L)));
            } else if (this.retriesNumber == DEFAULT_RETRY_MECHANISM) {
                create.setRetryStrategy(new DefaultHttpRequestRetryStrategy());
            }
            create.setDefaultRequestConfig(RequestConfig.custom().setConnectionRequestTimeout(Timeout.ofMilliseconds(this.connectionTimeout.intValue())).build());
            PoolingHttpClientConnectionManagerBuilder create2 = PoolingHttpClientConnectionManagerBuilder.create();
            create2.setDefaultConnectionConfig(ConnectionConfig.custom().setConnectTimeout(Timeout.ofMilliseconds(this.connectionTimeout.intValue())).setSocketTimeout(Timeout.ofMilliseconds(this.socketReadTimeout.intValue())).build());
            if (this.customTruststore != null && this.url.getProtocol().equals("https")) {
                create2.setSSLSocketFactory(new SSLConnectionSocketFactory(new SSLContextBuilder(this.pkiManagement.getValidator(this.customTruststore)).build(), new EmptyHostnameVerifier()));
                create.setConnectionManager(create2.build());
            }
            return create.build();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:pl/edu/icm/unity/engine/files/RemoteFileNetworkClient$ContentsWithType.class */
    public static class ContentsWithType {
        final byte[] contents;
        final String mimeType;

        ContentsWithType(byte[] bArr, String str) {
            this.contents = bArr;
            this.mimeType = str;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:pl/edu/icm/unity/engine/files/RemoteFileNetworkClient$SSLContextBuilder.class */
    public static class SSLContextBuilder {
        private static final String TLSV_1_2 = "TLSv1.2";
        private final X509CertChainValidatorExt validator;

        SSLContextBuilder(X509CertChainValidatorExt x509CertChainValidatorExt) {
            this.validator = x509CertChainValidatorExt;
        }

        SSLContext build() {
            try {
                SSLContext sSLContext = SSLContext.getInstance(TLSV_1_2);
                sSLContext.init(null, new TrustManager[]{new SSLTrustManagerWithHostnameChecking(this.validator, new HostnameMismatchCallbackImpl(ServerHostnameCheckingMode.NONE))}, null);
                return sSLContext;
            } catch (KeyManagementException | NoSuchAlgorithmException e) {
                throw new IllegalStateException("Could not build SSLContext", e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RemoteFileNetworkClient(PKIManagement pKIManagement) {
        this.pkiManagement = pKIManagement;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ContentsWithType download(URL url, String str, Duration duration, Duration duration2, int i) throws EngineException, IOException {
        return download(new ApacheHttpClientBuilder(this.pkiManagement).withConnectionTimeout(duration).withSocketReadTimeout(duration2).withCustomTruststore(str).withRetriesNumber(i).withURL(url).build(), url);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ContentsWithType download(URL url, String str) throws EngineException, IOException {
        HttpClientProperties httpClientProperties = new DefaultClientConfiguration().getHttpClientProperties();
        return download(new ApacheHttpClientBuilder(this.pkiManagement).withCustomTruststore(str).withSocketReadTimeout(httpClientProperties.getIntValue("socket.timeout").intValue()).withConnectionTimeout(httpClientProperties.getIntValue("connection.timeout").intValue()).withDefaultRetries().withURL(url).build(), url);
    }

    private ContentsWithType download(HttpClient httpClient, URL url) throws EngineException, IOException {
        ClassicHttpResponse executeOpen = httpClient.executeOpen((HttpHost) null, new HttpGet(url.toString()), HttpClientContext.create());
        int code = executeOpen.getCode();
        if (code == 200) {
            Header firstHeader = executeOpen.getFirstHeader("Content-Type");
            return new ContentsWithType(IOUtils.toByteArray(executeOpen.getEntity().getContent()), firstHeader != null ? firstHeader.getValue() : null);
        }
        StringBuilder append = new StringBuilder().append("File download from ").append(url).append(", error: ").append(executeOpen.getReasonPhrase());
        if (code != 404 && code != 403) {
            try {
                append.append(", body: ").append(executeOpen.getEntity().getContentLength() < MAX_BODY_SIZE_TO_LOG ? EntityUtils.toString(executeOpen.getEntity()) : "HTTP body too large");
            } catch (ParseException e) {
                throw new IOException((Throwable) e);
            }
        }
        throw new IOException(append.toString());
    }
}
