package org.kuali.common.httplib.impl;

import com.google.common.base.Charsets;
import com.google.common.base.Optional;
import com.google.common.io.ByteSource;
import com.google.common.io.Closer;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.apache.http.client.HttpClient;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.config.SocketConfig;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContextBuilder;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMReader;
import org.bouncycastle.openssl.PasswordFinder;
import org.kuali.common.httplib.api.HttpClientFactory;
import org.kuali.common.httplib.api.model.HttpOptions;
import org.kuali.common.httplib.api.model.SecurityContext;
import org.kuali.common.jute.base.Exceptions;

/* loaded from: input_file:org/kuali/common/httplib/impl/DefaultHttpClientFactory.class */
public final class DefaultHttpClientFactory implements HttpClientFactory {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/kuali/common/httplib/impl/DefaultHttpClientFactory$DefaultPasswordFinder.class */
    public enum DefaultPasswordFinder implements PasswordFinder {
        INSTANCE;

        public char[] getPassword() {
            return "password".toCharArray();
        }
    }

    @Override // org.kuali.common.httplib.api.HttpClientFactory
    public HttpClient getHttpClient(HttpOptions httpOptions) {
        SocketConfig buildSocketConfig = buildSocketConfig(httpOptions);
        RequestConfig buildRequestConfig = buildRequestConfig(httpOptions);
        HttpClientBuilder custom = HttpClients.custom();
        custom.setDefaultSocketConfig(buildSocketConfig);
        custom.setDefaultRequestConfig(buildRequestConfig);
        custom.disableAutomaticRetries();
        if (!httpOptions.isFollowRedirects()) {
            custom.disableRedirectHandling();
        }
        if (httpOptions.isIgnoreSecurity()) {
            custom.setSSLSocketFactory(buildInsecureSocketFactory());
        } else if (httpOptions.getSecurity().isPresent()) {
            custom.setSSLSocketFactory(buildCustomSocketFactory((SecurityContext) httpOptions.getSecurity().get()));
        }
        return custom.build();
    }

    private RequestConfig buildRequestConfig(HttpOptions httpOptions) {
        RequestConfig.Builder custom = RequestConfig.custom();
        Optional<Integer> timeout = getTimeout(httpOptions);
        if (timeout.isPresent()) {
            custom.setSocketTimeout(((Integer) timeout.get()).intValue());
            custom.setConnectionRequestTimeout(((Integer) timeout.get()).intValue());
            custom.setConnectTimeout(((Integer) timeout.get()).intValue());
        }
        return custom.build();
    }

    private SocketConfig buildSocketConfig(HttpOptions httpOptions) {
        SocketConfig.Builder custom = SocketConfig.custom();
        Optional<Integer> timeout = getTimeout(httpOptions);
        if (timeout.isPresent()) {
            custom.setSoTimeout(((Integer) timeout.get()).intValue());
        }
        return custom.build();
    }

    private Optional<Integer> getTimeout(HttpOptions httpOptions) {
        return min(httpOptions.getMaxTimeMillis(), httpOptions.getConnectTimeoutMillis());
    }

    private Optional<Integer> min(Optional<Integer> optional, Optional<Integer> optional2) {
        return (optional.isPresent() && optional2.isPresent()) ? Optional.of(Integer.valueOf(Math.min(((Integer) optional.get()).intValue(), ((Integer) optional2.get()).intValue()))) : optional.isPresent() ? optional : optional2;
    }

    private SSLConnectionSocketFactory buildInsecureSocketFactory() {
        try {
            return new SSLConnectionSocketFactory(new SSLContextBuilder().loadTrustMaterial((KeyStore) null, TrustEveryoneStrategy.INSTANCE).build(), SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        } catch (GeneralSecurityException e) {
            throw Exceptions.illegalState(e);
        }
    }

    private SSLConnectionSocketFactory buildCustomSocketFactory(SecurityContext securityContext) {
        try {
            Security.addProvider(new BouncyCastleProvider());
            Certificate[] clientCertificateChain = getClientCertificateChain(securityContext);
            PrivateKey privateKey = getPrivateKey(securityContext);
            X509Certificate rootCertificate = getRootCertificate(securityContext);
            KeyStore.PrivateKeyEntry privateKeyEntry = new KeyStore.PrivateKeyEntry(privateKey, clientCertificateChain);
            KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(DefaultPasswordFinder.INSTANCE.getPassword());
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null);
            keyStore.setEntry("alias1", privateKeyEntry, passwordProtection);
            KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore2.load(null);
            keyStore2.setCertificateEntry("alias2", rootCertificate);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
            keyManagerFactory.init(keyStore, DefaultPasswordFinder.INSTANCE.getPassword());
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
            trustManagerFactory.init(keyStore2);
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
            return new SSLConnectionSocketFactory(sSLContext, (X509HostnameVerifier) null);
        } catch (Exception e) {
            throw Exceptions.illegalState(e);
        }
    }

    private X509Certificate getRootCertificate(SecurityContext securityContext) throws IOException {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(securityContext.getRootCertificate().read()));
        } catch (CertificateException e) {
            throw Exceptions.illegalState(e);
        }
    }

    private Certificate[] getClientCertificateChain(SecurityContext securityContext) throws IOException {
        try {
            ByteSource clientCertificate = securityContext.getClientCertificate();
            return new Certificate[]{CertificateFactory.getInstance(securityContext.getClientCertificateType()).generateCertificate(new ByteArrayInputStream(clientCertificate.read()))};
        } catch (CertificateException e) {
            throw Exceptions.illegalState(e);
        }
    }

    private PrivateKey getPrivateKey(SecurityContext securityContext) throws IOException {
        Closer create = Closer.create();
        try {
            try {
                PrivateKey privateKey = ((KeyPair) create.register(new PEMReader(new BufferedReader(new InputStreamReader(new ByteArrayInputStream(securityContext.getPrivateKey().read()), Charsets.UTF_8)), DefaultPasswordFinder.INSTANCE)).readObject()).getPrivate();
                create.close();
                return privateKey;
            } catch (Throwable th) {
                throw create.rethrow(th);
            }
        } catch (Throwable th2) {
            create.close();
            throw th2;
        }
    }
}
