package org.apache.nifi.c2.client.http;

import java.io.FileInputStream;
import java.security.KeyStore;
import java.util.concurrent.TimeUnit;
import okhttp3.ConnectionPool;
import okhttp3.OkHttpClient;
import okhttp3.logging.HttpLoggingInterceptor;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.c2.client.C2ClientConfig;
import org.apache.nifi.security.ssl.StandardKeyStoreBuilder;
import org.apache.nifi.security.ssl.StandardSslContextBuilder;
import org.apache.nifi.security.ssl.StandardTrustManagerBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/c2/client/http/OkHttpClientProvider.class */
public class OkHttpClientProvider {
    private static final Logger logger = LoggerFactory.getLogger(OkHttpClientProvider.class);
    private final C2ClientConfig clientConfig;

    public OkHttpClientProvider(C2ClientConfig c2ClientConfig) {
        this.clientConfig = c2ClientConfig;
    }

    public OkHttpClient okHttpClient() {
        OkHttpClient.Builder builder = new OkHttpClient.Builder();
        Logger logger2 = logger;
        logger2.getClass();
        HttpLoggingInterceptor httpLoggingInterceptor = new HttpLoggingInterceptor(logger2::debug);
        httpLoggingInterceptor.setLevel(HttpLoggingInterceptor.Level.BASIC);
        builder.addInterceptor(httpLoggingInterceptor);
        builder.followRedirects(true);
        builder.connectionPool(new ConnectionPool(this.clientConfig.getMaxIdleConnections(), this.clientConfig.getKeepAliveDuration(), TimeUnit.MILLISECONDS));
        builder.connectTimeout(this.clientConfig.getConnectTimeout(), TimeUnit.MILLISECONDS);
        builder.readTimeout(this.clientConfig.getReadTimeout(), TimeUnit.MILLISECONDS);
        builder.callTimeout(this.clientConfig.getCallTimeout(), TimeUnit.MILLISECONDS);
        if (StringUtils.isNotBlank(this.clientConfig.getKeystoreFilename())) {
            try {
                setSslSocketFactory(builder);
            } catch (Exception e) {
                throw new IllegalStateException("OkHttp TLS configuration failed", e);
            }
        }
        return builder.build();
    }

    private void setSslSocketFactory(OkHttpClient.Builder builder) throws Exception {
        String keystoreFilename = this.clientConfig.getKeystoreFilename();
        String keystoreType = this.clientConfig.getKeystoreType();
        String keystorePass = this.clientConfig.getKeystorePass();
        assertKeystorePropertiesSet(keystoreFilename, keystorePass, keystoreType);
        FileInputStream fileInputStream = new FileInputStream(keystoreFilename);
        Throwable th = null;
        try {
            try {
                KeyStore build = new StandardKeyStoreBuilder().type(keystoreType).inputStream(fileInputStream).password(keystorePass.toCharArray()).build();
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                String truststoreFilename = this.clientConfig.getTruststoreFilename();
                String truststorePass = this.clientConfig.getTruststorePass();
                String truststoreType = this.clientConfig.getTruststoreType();
                assertTruststorePropertiesSet(truststoreFilename, truststorePass, truststoreType);
                FileInputStream fileInputStream2 = new FileInputStream(truststoreFilename);
                Throwable th3 = null;
                try {
                    KeyStore build2 = new StandardKeyStoreBuilder().type(truststoreType).inputStream(fileInputStream2).password(truststorePass.toCharArray()).build();
                    if (fileInputStream2 != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream2.close();
                            } catch (Throwable th4) {
                                th3.addSuppressed(th4);
                            }
                        } else {
                            fileInputStream2.close();
                        }
                    }
                    builder.sslSocketFactory(new StandardSslContextBuilder().keyStore(build).keyPassword(keystorePass.toCharArray()).trustStore(build2).build().getSocketFactory(), new StandardTrustManagerBuilder().trustStore(build2).build());
                } catch (Throwable th5) {
                    if (fileInputStream2 != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream2.close();
                            } catch (Throwable th6) {
                                th3.addSuppressed(th6);
                            }
                        } else {
                            fileInputStream2.close();
                        }
                    }
                    throw th5;
                }
            } finally {
            }
        } catch (Throwable th7) {
            if (fileInputStream != null) {
                if (th != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th8) {
                        th.addSuppressed(th8);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th7;
        }
    }

    private void assertKeystorePropertiesSet(String str, String str2, String str3) {
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException(this.clientConfig.getKeystoreFilename() + " is null or is empty");
        }
        if (str2 == null || str2.isEmpty()) {
            throw new IllegalArgumentException("The client's keystore filename is set but its password is not (or is empty). If the location is set, the password must also be.");
        }
        if (str3 == null || str3.isEmpty()) {
            throw new IllegalArgumentException("The client's keystore filename is set but its type is not (or is empty). If the location is set, the type must also be.");
        }
    }

    private void assertTruststorePropertiesSet(String str, String str2, String str3) {
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("The client's truststore filename is not set or is empty");
        }
        if (str2 == null || str2.isEmpty()) {
            throw new IllegalArgumentException("The client's truststore filename is set but its password is not (or is empty). If the location is set, the password must also be.");
        }
        if (str3 == null || str3.isEmpty()) {
            throw new IllegalArgumentException("The client's truststore filename is set but its type is not (or is empty). If the location is set, the type must also be.");
        }
    }
}
