package org.wildfly.security.http.oidc;

import java.io.FileInputStream;
import java.io.InputStream;
import java.net.URI;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.HttpHost;
import org.apache.http.client.CookieStore;
import org.apache.http.client.HttpClient;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.cookie.Cookie;
import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.ssl.TrustStrategy;
import org.keycloak.common.constants.GenericConstants;
import org.wildfly.security.http.oidc.Oidc;

/* loaded from: input_file:WEB-INF/lib/wildfly-elytron-1.15.16.Final.jar:org/wildfly/security/http/oidc/HttpClientBuilder.class */
public class HttpClientBuilder {
    private KeyStore truststore;
    private boolean disableTrustManager;
    private KeyStore clientKeyStore;
    private String clientPrivateKeyPassword;
    private HttpHost proxyHost;
    private SSLContext sslContext;
    private boolean disableCookieCache = true;
    private int connectionPoolSize = 100;
    protected int maxPooledPerRoute = 0;
    private HostnameVerificationPolicy policy = HostnameVerificationPolicy.WILDCARD;
    private HostnameVerifier verifier = null;
    private long connectionTimeToLive = -1;
    private TimeUnit connectionTimeToLiveUnit = TimeUnit.MILLISECONDS;
    private long socketTimeout = -1;
    private TimeUnit socketTimeoutUnits = TimeUnit.MILLISECONDS;
    private long establishConnectionTimeout = -1;
    private TimeUnit establishConnectionTimeoutUnits = TimeUnit.MILLISECONDS;

    /* loaded from: input_file:WEB-INF/lib/wildfly-elytron-1.15.16.Final.jar:org/wildfly/security/http/oidc/HttpClientBuilder$HostnameVerificationPolicy.class */
    public enum HostnameVerificationPolicy {
        ANY,
        WILDCARD
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/wildfly-elytron-1.15.16.Final.jar:org/wildfly/security/http/oidc/HttpClientBuilder$PassthroughTrustManager.class */
    public static class PassthroughTrustManager implements X509TrustManager {
        private PassthroughTrustManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/wildfly-elytron-1.15.16.Final.jar:org/wildfly/security/http/oidc/HttpClientBuilder$VerifierWrapper.class */
    public static class VerifierWrapper implements HostnameVerifier {
        protected HostnameVerifier verifier;

        VerifierWrapper(HostnameVerifier hostnameVerifier) {
            this.verifier = hostnameVerifier;
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            return this.verifier.verify(str, sSLSession);
        }
    }

    public HttpClientBuilder setDisableTrustManager() {
        this.disableTrustManager = true;
        return this;
    }

    public HttpClientBuilder setDisableCookieCache(boolean z) {
        this.disableCookieCache = z;
        return this;
    }

    public HttpClientBuilder setKeyStore(KeyStore keyStore, String str) {
        this.clientKeyStore = keyStore;
        this.clientPrivateKeyPassword = str;
        return this;
    }

    public HttpClientBuilder setConnectionPoolSize(int i) {
        this.connectionPoolSize = i;
        return this;
    }

    public HttpClientBuilder setHostnameVerification(HostnameVerificationPolicy hostnameVerificationPolicy) {
        this.policy = hostnameVerificationPolicy;
        return this;
    }

    public HttpClientBuilder setTrustStore(KeyStore keyStore) {
        this.truststore = keyStore;
        return this;
    }

    public HttpClientBuilder setConnectionTimeToLive(long j, TimeUnit timeUnit) {
        this.connectionTimeToLive = j;
        this.connectionTimeToLiveUnit = timeUnit;
        return this;
    }

    public HttpClientBuilder setMaxPooledPerRoute(int i) {
        this.maxPooledPerRoute = i;
        return this;
    }

    public HttpClientBuilder setSocketTimeout(long j, TimeUnit timeUnit) {
        this.socketTimeout = j;
        this.socketTimeoutUnits = timeUnit;
        return this;
    }

    public HttpClientBuilder setEstablishConnectionTimeout(long j, TimeUnit timeUnit) {
        this.establishConnectionTimeout = j;
        this.establishConnectionTimeoutUnits = timeUnit;
        return this;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v57, types: [org.apache.http.impl.conn.PoolingHttpClientConnectionManager] */
    public HttpClient build() {
        SSLConnectionSocketFactory sSLConnectionSocketFactory;
        BasicHttpClientConnectionManager basicHttpClientConnectionManager;
        HostnameVerifier hostnameVerifier = null;
        if (this.verifier == null) {
            switch (this.policy) {
                case ANY:
                    hostnameVerifier = new NoopHostnameVerifier();
                    break;
                case WILDCARD:
                    hostnameVerifier = new DefaultHostnameVerifier();
                    break;
            }
        } else {
            hostnameVerifier = new VerifierWrapper(this.verifier);
        }
        try {
            SSLContext sSLContext = this.sslContext;
            if (this.disableTrustManager) {
                SSLContext sSLContext2 = SSLContext.getInstance("TLS");
                sSLContext2.init(null, new TrustManager[]{new PassthroughTrustManager()}, new SecureRandom());
                sSLConnectionSocketFactory = new SSLConnectionSocketFactory(sSLContext2, new NoopHostnameVerifier());
            } else if (sSLContext != null) {
                sSLConnectionSocketFactory = new SSLConnectionSocketFactory(sSLContext, hostnameVerifier);
            } else if (this.clientKeyStore == null && this.truststore == null) {
                SSLContext sSLContext3 = SSLContext.getInstance("TLS");
                sSLContext3.init(null, null, null);
                sSLConnectionSocketFactory = new SSLConnectionSocketFactory(sSLContext3, hostnameVerifier);
            } else {
                sSLConnectionSocketFactory = new SSLConnectionSocketFactory(SSLContexts.custom().setProtocol("TLS").setSecureRandom(null).loadKeyMaterial(this.clientKeyStore, this.clientPrivateKeyPassword != null ? this.clientPrivateKeyPassword.toCharArray() : null).loadTrustMaterial(this.truststore, (TrustStrategy) null).build(), hostnameVerifier);
            }
            Registry build = RegistryBuilder.create().register("http", PlainConnectionSocketFactory.getSocketFactory()).register("https", sSLConnectionSocketFactory).build();
            if (this.connectionPoolSize > 0) {
                ?? poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager(build, null, null, null, this.connectionTimeToLive, this.connectionTimeToLiveUnit);
                poolingHttpClientConnectionManager.setMaxTotal(this.connectionPoolSize);
                if (this.maxPooledPerRoute == 0) {
                    this.maxPooledPerRoute = this.connectionPoolSize;
                }
                poolingHttpClientConnectionManager.setDefaultMaxPerRoute(this.maxPooledPerRoute);
                basicHttpClientConnectionManager = poolingHttpClientConnectionManager;
            } else {
                basicHttpClientConnectionManager = new BasicHttpClientConnectionManager(build);
            }
            org.apache.http.impl.client.HttpClientBuilder create = org.apache.http.impl.client.HttpClientBuilder.create();
            create.setConnectionManager(basicHttpClientConnectionManager);
            RequestConfig.Builder custom = RequestConfig.custom();
            if (this.proxyHost != null) {
                custom.setProxy(this.proxyHost);
            }
            if (this.socketTimeout > -1) {
                custom.setSocketTimeout((int) this.socketTimeoutUnits.toMillis(this.socketTimeout));
            }
            if (this.establishConnectionTimeout > -1) {
                custom.setConnectTimeout((int) this.establishConnectionTimeoutUnits.toMillis(this.establishConnectionTimeout));
            }
            create.setDefaultRequestConfig(custom.build());
            if (this.disableCookieCache) {
                create.setDefaultCookieStore(new CookieStore() { // from class: org.wildfly.security.http.oidc.HttpClientBuilder.1
                    @Override // org.apache.http.client.CookieStore
                    public void addCookie(Cookie cookie) {
                    }

                    @Override // org.apache.http.client.CookieStore
                    public List<Cookie> getCookies() {
                        return Collections.emptyList();
                    }

                    @Override // org.apache.http.client.CookieStore
                    public boolean clearExpired(Date date) {
                        return false;
                    }

                    @Override // org.apache.http.client.CookieStore
                    public void clear() {
                    }
                });
            }
            return create.build();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public HttpClient build(OidcJsonConfiguration oidcJsonConfiguration) {
        setDisableCookieCache(true);
        String truststore = oidcJsonConfiguration.getTruststore();
        if (truststore != null) {
            try {
                this.truststore = loadKeyStore(Oidc.EnvUtil.replace(truststore), oidcJsonConfiguration.getTruststorePassword());
            } catch (Exception e) {
                throw ElytronMessages.log.unableToLoadKeyStore(e);
            }
        }
        String clientKeystore = oidcJsonConfiguration.getClientKeystore();
        if (clientKeystore != null) {
            String replace = Oidc.EnvUtil.replace(clientKeystore);
            String clientKeystorePassword = oidcJsonConfiguration.getClientKeystorePassword();
            try {
                setKeyStore(loadKeyStore(replace, clientKeystorePassword), clientKeystorePassword);
            } catch (Exception e2) {
                throw ElytronMessages.log.unableToLoadTrustStore(e2);
            }
        }
        int i = 10;
        if (oidcJsonConfiguration.getConnectionPoolSize() > 0) {
            i = oidcJsonConfiguration.getConnectionPoolSize();
        }
        HostnameVerificationPolicy hostnameVerificationPolicy = HostnameVerificationPolicy.WILDCARD;
        if (oidcJsonConfiguration.isAllowAnyHostname()) {
            hostnameVerificationPolicy = HostnameVerificationPolicy.ANY;
        }
        setConnectionPoolSize(i);
        setHostnameVerification(hostnameVerificationPolicy);
        if (oidcJsonConfiguration.isDisableTrustManager()) {
            setDisableTrustManager();
        } else {
            setTrustStore(this.truststore);
        }
        configureProxyForAuthServerIfProvided(oidcJsonConfiguration);
        return build();
    }

    private void configureProxyForAuthServerIfProvided(OidcJsonConfiguration oidcJsonConfiguration) {
        if (oidcJsonConfiguration == null || oidcJsonConfiguration.getProxyUrl() == null || oidcJsonConfiguration.getProxyUrl().trim().isEmpty()) {
            return;
        }
        URI create = URI.create(oidcJsonConfiguration.getProxyUrl());
        this.proxyHost = new HttpHost(create.getHost(), create.getPort(), create.getScheme());
    }

    private static KeyStore loadKeyStore(String str, String str2) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        InputStream inputStream = null;
        if (str.startsWith(GenericConstants.PROTOCOL_CLASSPATH)) {
            String replace = str.replace(GenericConstants.PROTOCOL_CLASSPATH, "");
            if (Thread.currentThread().getContextClassLoader() != null) {
                inputStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(replace);
            }
            if (inputStream == null) {
                inputStream = HttpClientBuilder.class.getResourceAsStream(replace);
            }
            if (inputStream == null) {
                throw ElytronMessages.log.unableToFindTrustStoreFile(str);
            }
        } else {
            inputStream = new FileInputStream(str);
        }
        InputStream inputStream2 = inputStream;
        try {
            keyStore.load(inputStream2, str2.toCharArray());
            if (inputStream2 != null) {
                inputStream2.close();
            }
            return keyStore;
        } catch (Throwable th) {
            if (inputStream2 != null) {
                try {
                    inputStream2.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
