package org.apache.james.backends.rabbitmq;

import com.google.common.collect.ImmutableList;
import com.rabbitmq.client.Address;
import com.rabbitmq.client.Connection;
import com.rabbitmq.client.ConnectionFactory;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.time.Duration;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.TimeoutException;
import javax.inject.Inject;
import javax.net.ssl.SSLContext;
import org.apache.commons.lang3.NotImplementedException;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.TrustStrategy;
import org.apache.james.backends.rabbitmq.RabbitMQConfiguration;
import reactor.core.publisher.Mono;
import reactor.core.scheduler.Schedulers;
import reactor.util.retry.Retry;

/* loaded from: input_file:org/apache/james/backends/rabbitmq/RabbitMQConnectionFactory.class */
public class RabbitMQConnectionFactory {
    private static final TrustStrategy TRUST_ALL = (x509CertificateArr, str) -> {
        return true;
    };
    private final ConnectionFactory connectionFactory;
    private final RabbitMQConfiguration configuration;

    @Inject
    public RabbitMQConnectionFactory(RabbitMQConfiguration rabbitMQConfiguration) {
        this.configuration = rabbitMQConfiguration;
        this.connectionFactory = from(rabbitMQConfiguration);
    }

    private ConnectionFactory from(RabbitMQConfiguration rabbitMQConfiguration) {
        try {
            ConnectionFactory connectionFactory = new ConnectionFactory();
            connectionFactory.setUri(rabbitMQConfiguration.getUri());
            connectionFactory.setHandshakeTimeout(rabbitMQConfiguration.getHandshakeTimeoutInMs());
            connectionFactory.setShutdownTimeout(rabbitMQConfiguration.getShutdownTimeoutInMs());
            connectionFactory.setChannelRpcTimeout(rabbitMQConfiguration.getChannelRpcTimeoutInMs());
            connectionFactory.setConnectionTimeout(rabbitMQConfiguration.getConnectionTimeoutInMs());
            connectionFactory.setNetworkRecoveryInterval(rabbitMQConfiguration.getNetworkRecoveryIntervalInMs());
            connectionFactory.setUsername(rabbitMQConfiguration.getManagementCredentials().getUser());
            connectionFactory.setPassword(String.valueOf(rabbitMQConfiguration.getManagementCredentials().getPassword()));
            if (this.configuration.useSsl().booleanValue()) {
                setupSslConfiguration(connectionFactory);
            }
            return connectionFactory;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private void setupSslConfiguration(ConnectionFactory connectionFactory) throws CertificateException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyManagementException, KeyStoreException, IOException {
        connectionFactory.useSslProtocol(sslContext(this.configuration));
        setupHostNameVerification(connectionFactory);
    }

    private SSLContext sslContext(RabbitMQConfiguration rabbitMQConfiguration) throws KeyManagementException, NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException, UnrecoverableKeyException {
        SSLContextBuilder sSLContextBuilder = new SSLContextBuilder();
        RabbitMQConfiguration.SSLConfiguration sslConfiguration = rabbitMQConfiguration.getSslConfiguration();
        setupSslValidationStrategy(sSLContextBuilder, sslConfiguration);
        setupClientCertificateAuthentication(sSLContextBuilder, sslConfiguration);
        return sSLContextBuilder.build();
    }

    private void setupClientCertificateAuthentication(SSLContextBuilder sSLContextBuilder, RabbitMQConfiguration.SSLConfiguration sSLConfiguration) throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, CertificateException, IOException {
        Optional<RabbitMQConfiguration.SSLConfiguration.SSLKeyStore> keyStore = sSLConfiguration.getKeyStore();
        if (keyStore.isPresent()) {
            RabbitMQConfiguration.SSLConfiguration.SSLKeyStore sSLKeyStore = keyStore.get();
            sSLContextBuilder.loadKeyMaterial(sSLKeyStore.getFile(), sSLKeyStore.getPassword(), sSLKeyStore.getPassword());
        }
    }

    private void setupSslValidationStrategy(SSLContextBuilder sSLContextBuilder, RabbitMQConfiguration.SSLConfiguration sSLConfiguration) throws NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException {
        RabbitMQConfiguration.SSLConfiguration.SSLValidationStrategy strategy = sSLConfiguration.getStrategy();
        switch (strategy) {
            case DEFAULT:
                return;
            case IGNORE:
                sSLContextBuilder.loadTrustMaterial(TRUST_ALL);
                return;
            case OVERRIDE:
                applyTrustStore(sSLContextBuilder);
                return;
            default:
                throw new NotImplementedException(String.format("unrecognized strategy '%s'", strategy.name()));
        }
    }

    private SSLContextBuilder applyTrustStore(SSLContextBuilder sSLContextBuilder) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException {
        RabbitMQConfiguration.SSLConfiguration.SSLTrustStore orElseThrow = this.configuration.getSslConfiguration().getTrustStore().orElseThrow(() -> {
            return new IllegalStateException("SSLTrustStore cannot to be empty");
        });
        return sSLContextBuilder.loadTrustMaterial(orElseThrow.getFile(), orElseThrow.getPassword());
    }

    private void setupHostNameVerification(ConnectionFactory connectionFactory) {
        if (this.configuration.getSslConfiguration().getHostNameVerifier() == RabbitMQConfiguration.SSLConfiguration.HostNameVerifier.DEFAULT) {
            connectionFactory.enableHostnameVerification();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Connection create() {
        return (Connection) connectionMono().block();
    }

    Mono<Connection> connectionMono() {
        return Mono.fromCallable(this::createConnection).retryWhen(Retry.backoff(this.configuration.getMaxRetries(), Duration.ofMillis(this.configuration.getMinDelayInMs())).scheduler(Schedulers.elastic()));
    }

    private Connection createConnection() throws IOException, TimeoutException {
        return this.connectionFactory.newConnection((List) this.configuration.rabbitMQHosts().stream().map(host -> {
            return new Address(host.getHostName(), host.getPort());
        }).collect(ImmutableList.toImmutableList()));
    }
}
