package io.quarkus.spring.cloud.config.client.runtime;

import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.http.HttpEntity;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScheme;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.AuthCache;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.TrustAllStrategy;
import org.apache.http.impl.auth.BasicScheme;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.ssl.TrustStrategy;
import org.apache.http.util.EntityUtils;

/* loaded from: input_file:io/quarkus/spring/cloud/config/client/runtime/DefaultSpringCloudConfigClientGateway.class */
class DefaultSpringCloudConfigClientGateway implements SpringCloudConfigClientGateway {
    private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper().configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
    private final SpringCloudConfigClientConfig springCloudConfigClientConfig;
    private final SSLConnectionSocketFactory sslSocketFactory;
    private final URI baseURI;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/quarkus/spring/cloud/config/client/runtime/DefaultSpringCloudConfigClientGateway$InMemoryAuthCache.class */
    public static class InMemoryAuthCache implements AuthCache {
        static final InMemoryAuthCache INSTANCE = new InMemoryAuthCache();
        private final Map<HttpHost, AuthScheme> map = new ConcurrentHashMap();

        private InMemoryAuthCache() {
        }

        public void put(HttpHost httpHost, AuthScheme authScheme) {
            this.map.put(httpHost, authScheme);
        }

        public AuthScheme get(HttpHost httpHost) {
            return this.map.get(httpHost);
        }

        public void remove(HttpHost httpHost) {
            this.map.remove(httpHost);
        }

        public void clear() {
            this.map.clear();
        }
    }

    public DefaultSpringCloudConfigClientGateway(SpringCloudConfigClientConfig springCloudConfigClientConfig) {
        this.springCloudConfigClientConfig = springCloudConfigClientConfig;
        try {
            this.baseURI = determineBaseUri(springCloudConfigClientConfig);
            if (springCloudConfigClientConfig.trustStore.isPresent() || springCloudConfigClientConfig.keyStore.isPresent() || springCloudConfigClientConfig.trustCerts) {
                this.sslSocketFactory = createFactoryFromAgentConfig(springCloudConfigClientConfig);
            } else {
                this.sslSocketFactory = null;
            }
        } catch (URISyntaxException e) {
            throw new IllegalArgumentException("Value: '" + springCloudConfigClientConfig.url + "' of property 'quarkus.spring-cloud-config.url' is invalid", e);
        }
    }

    private URI determineBaseUri(SpringCloudConfigClientConfig springCloudConfigClientConfig) throws URISyntaxException {
        String str = springCloudConfigClientConfig.url;
        if (null == str || str.isEmpty()) {
            throw new IllegalArgumentException("The 'quarkus.spring-cloud-config.url' property cannot be empty");
        }
        return str.endsWith("/") ? new URI(str.substring(0, str.length() - 1)) : new URI(str);
    }

    private SSLConnectionSocketFactory createFactoryFromAgentConfig(SpringCloudConfigClientConfig springCloudConfigClientConfig) {
        try {
            SSLContextBuilder custom = SSLContexts.custom();
            if (springCloudConfigClientConfig.trustStore.isPresent()) {
                custom = custom.loadTrustMaterial(readStore(springCloudConfigClientConfig.trustStore.get(), springCloudConfigClientConfig.trustStorePassword), (TrustStrategy) null);
            } else if (springCloudConfigClientConfig.trustCerts) {
                custom = custom.loadTrustMaterial(TrustAllStrategy.INSTANCE);
            }
            if (springCloudConfigClientConfig.keyStore.isPresent()) {
                custom = custom.loadKeyMaterial(readStore(springCloudConfigClientConfig.keyStore.get(), springCloudConfigClientConfig.keyStorePassword), springCloudConfigClientConfig.keyPassword.orElse(springCloudConfigClientConfig.keyStorePassword.orElse("")).toCharArray());
            }
            return new SSLConnectionSocketFactory(custom.build(), NoopHostnameVerifier.INSTANCE);
        } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            throw new RuntimeException(e);
        }
    }

    private static String findKeystoreFileType(Path path) {
        String lowerCase = path.toString().toLowerCase();
        return (lowerCase.endsWith(".p12") || lowerCase.endsWith(".pkcs12") || lowerCase.endsWith(".pfx")) ? "PKS12" : "JKS";
    }

    private static KeyStore readStore(Path path, Optional<String> optional) throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException {
        String findKeystoreFileType = findKeystoreFileType(path);
        InputStream resourceAsStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(path.toString());
        if (resourceAsStream != null) {
            Throwable th = null;
            try {
                try {
                    KeyStore doReadStore = doReadStore(resourceAsStream, findKeystoreFileType, optional);
                    if (resourceAsStream != null) {
                        if (0 != 0) {
                            try {
                                resourceAsStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            resourceAsStream.close();
                        }
                    }
                    return doReadStore;
                } finally {
                }
            } catch (Throwable th3) {
                if (resourceAsStream != null) {
                    if (th != null) {
                        try {
                            resourceAsStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        resourceAsStream.close();
                    }
                }
                throw th3;
            }
        }
        InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
        Throwable th5 = null;
        try {
            try {
                KeyStore doReadStore2 = doReadStore(newInputStream, findKeystoreFileType, optional);
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th6) {
                            th5.addSuppressed(th6);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                return doReadStore2;
            } finally {
            }
        } catch (Throwable th7) {
            if (newInputStream != null) {
                if (th5 != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th8) {
                        th5.addSuppressed(th8);
                    }
                } else {
                    newInputStream.close();
                }
            }
            throw th7;
        }
    }

    private static KeyStore doReadStore(InputStream inputStream, String str, Optional<String> optional) throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException {
        KeyStore keyStore = KeyStore.getInstance(str);
        keyStore.load(inputStream, optional.isPresent() ? optional.get().toCharArray() : null);
        return keyStore;
    }

    @Override // io.quarkus.spring.cloud.config.client.runtime.SpringCloudConfigClientGateway
    public Response exchange(String str, String str2) throws Exception {
        HttpClientBuilder defaultRequestConfig = HttpClientBuilder.create().setDefaultRequestConfig(RequestConfig.custom().setConnectionRequestTimeout((int) this.springCloudConfigClientConfig.connectionTimeout.toMillis()).setSocketTimeout((int) this.springCloudConfigClientConfig.readTimeout.toMillis()).build());
        if (this.sslSocketFactory != null) {
            defaultRequestConfig.setSSLSocketFactory(this.sslSocketFactory);
        }
        CloseableHttpClient build = defaultRequestConfig.build();
        Throwable th = null;
        try {
            URI finalURI = finalURI(str, str2);
            HttpGet httpGet = new HttpGet(finalURI);
            httpGet.addHeader("Accept", "application/json");
            for (Map.Entry<String, String> entry : this.springCloudConfigClientConfig.headers.entrySet()) {
                httpGet.setHeader(entry.getKey(), entry.getValue());
            }
            CloseableHttpResponse execute = build.execute(httpGet, setupContext(finalURI));
            Throwable th2 = null;
            try {
                if (execute.getStatusLine().getStatusCode() != 200) {
                    throw new RuntimeException("Got unexpected HTTP response code " + execute.getStatusLine().getStatusCode() + " from " + finalURI);
                }
                HttpEntity entity = execute.getEntity();
                if (entity == null) {
                    throw new RuntimeException("Got empty HTTP response body " + finalURI);
                }
                Response response = (Response) OBJECT_MAPPER.readValue(EntityUtils.toString(entity), Response.class);
                if (execute != null) {
                    if (0 != 0) {
                        try {
                            execute.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    } else {
                        execute.close();
                    }
                }
                return response;
            } catch (Throwable th4) {
                if (execute != null) {
                    if (0 != 0) {
                        try {
                            execute.close();
                        } catch (Throwable th5) {
                            th2.addSuppressed(th5);
                        }
                    } else {
                        execute.close();
                    }
                }
                throw th4;
            }
        } finally {
            if (build != null) {
                if (0 != 0) {
                    try {
                        build.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    build.close();
                }
            }
        }
    }

    private URI finalURI(String str, String str2) throws URISyntaxException {
        URIBuilder uRIBuilder = new URIBuilder(this.baseURI);
        if (uRIBuilder.getPort() == -1) {
            uRIBuilder.setPort(uRIBuilder.getScheme().equalsIgnoreCase("http") ? 80 : 443);
        }
        ArrayList arrayList = new ArrayList(uRIBuilder.getPathSegments());
        arrayList.add(str);
        arrayList.add(str2);
        if (this.springCloudConfigClientConfig.label.isPresent()) {
            arrayList.add(this.springCloudConfigClientConfig.label.get());
        }
        uRIBuilder.setPathSegments(arrayList);
        return uRIBuilder.build();
    }

    private HttpClientContext setupContext(URI uri) {
        HttpClientContext create = HttpClientContext.create();
        if (this.baseURI.getUserInfo() != null || this.springCloudConfigClientConfig.usernameAndPasswordSet()) {
            InMemoryAuthCache inMemoryAuthCache = InMemoryAuthCache.INSTANCE;
            inMemoryAuthCache.put(new HttpHost(uri.getHost(), uri.getPort(), uri.getScheme()), new BasicScheme());
            create.setAuthCache(inMemoryAuthCache);
            if (this.springCloudConfigClientConfig.usernameAndPasswordSet()) {
                BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
                basicCredentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(this.springCloudConfigClientConfig.username.get(), this.springCloudConfigClientConfig.password.get()));
                create.setCredentialsProvider(basicCredentialsProvider);
            }
        }
        return create;
    }
}
