package io.axual.helper.discovery.internals;

import io.axual.helper.config.AxualConfig;
import io.axual.helper.config.KafkaConfig;
import io.axual.helper.config.parser.ConfigParser;
import io.axual.helper.config.parser.KafkaConfigParser;
import io.axual.helper.discovery.KafkaSslConfigurer;
import io.axual.helper.discovery.util.VersionUtil;
import io.axual.helper.resolver.exception.ConfigurationException;
import io.axual.helper.util.keystore.CertLoader;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
import org.apache.hc.client5.http.impl.classic.HttpClients;
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder;
import org.apache.hc.core5.http.Header;
import org.apache.hc.core5.http.message.BasicHeader;
import org.apache.kafka.common.config.types.Password;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/axual/helper/discovery/internals/KafkaPropertyBasedHttpClientFactory.class */
public class KafkaPropertyBasedHttpClientFactory {
    private static final Logger log = LoggerFactory.getLogger(KafkaPropertyBasedHttpClientFactory.class);
    static KafkaPropertyBasedHttpClientFactory instance = new KafkaPropertyBasedHttpClientFactory();
    private final CertLoader certLoader = new CertLoader();

    private KafkaPropertyBasedHttpClientFactory() {
    }

    public static KafkaPropertyBasedHttpClientFactory instance() {
        return instance;
    }

    public CloseableHttpClient createClient(Map<String, Object> map, AxualConfig axualConfig) {
        SSLConnectionSocketFactoryBuilder create = SSLConnectionSocketFactoryBuilder.create();
        PoolingHttpClientConnectionManagerBuilder create2 = PoolingHttpClientConnectionManagerBuilder.create();
        if (axualConfig.getEndpoint().startsWith("https://")) {
            if (!KafkaSslConfigurer.enableHostNameVerification(map)) {
                create.setHostnameVerifier(new NoopHostnameVerifier());
            }
            create.setSslContext(createSSLContext(map));
            create2.setSSLSocketFactory(create.build());
        }
        return HttpClients.custom().setDefaultHeaders(getHttpHeaders(axualConfig)).setConnectionManager(create2.build()).evictExpiredConnections().build();
    }

    private SSLContext createSSLContext(Map<String, Object> map) {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(createKeyManager(map).getKeyManagers(), createTrustManager(map).getTrustManagers(), new SecureRandom());
            return sSLContext;
        } catch (IOException | GeneralSecurityException e) {
            throw new ConfigurationException(e.getMessage());
        }
    }

    private KeyManagerFactory createKeyManager(Map<String, Object> map) throws IOException, GeneralSecurityException {
        KeyStore createKeystoreFromFile;
        String parseStringConfig = ConfigParser.parseStringConfig(map, KafkaConfig.DISCOVERY_SSL_KEYSTORE_TYPE_CONFIG, "ssl.keystore.type", true, "JKS");
        String parseStringConfig2 = ConfigParser.parseStringConfig(map, KafkaConfig.DISCOVERY_SSL_KEYSTORE_LOCATION_CONFIG, "ssl.keystore.location", false, KafkaConfig.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_DEFAULT);
        Optional<Password> parsePasswordConfig = KafkaConfigParser.parsePasswordConfig(map, KafkaConfig.DISCOVERY_SSL_KEYSTORE_PASSWORD_CONFIG, "ssl.keystore.password", false);
        Optional<Password> parsePasswordConfig2 = KafkaConfigParser.parsePasswordConfig((Map<?, ?>) map, KafkaConfig.DISCOVERY_SSL_KEY_PASSWORD_CONFIG, "ssl.key.password", false, KafkaConfig.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_DEFAULT);
        Optional<Password> parsePasswordConfig3 = KafkaConfigParser.parsePasswordConfig(map, KafkaConfig.DISCOVERY_SSL_KEYSTORE_KEY_CONFIG, "ssl.keystore.key", false);
        Optional<Password> parsePasswordConfig4 = KafkaConfigParser.parsePasswordConfig(map, KafkaConfig.DISCOVERY_SSL_KEYSTORE_CERTIFICATE_CHAIN_CONFIG, "ssl.keystore.certificate.chain", false);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        if (isPemStringBased(parseStringConfig, parsePasswordConfig3.isPresent())) {
            if (parsePasswordConfig4.isEmpty() || parsePasswordConfig2.isEmpty() || parsePasswordConfig3.isEmpty()) {
                throw new ConfigurationException(KafkaConfig.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_DEFAULT);
            }
            createKeystoreFromFile = this.certLoader.loadStringBasedPemKeyStore(parsePasswordConfig4.get().value(), parsePasswordConfig3.get().value(), !parsePasswordConfig2.get().value().isEmpty() ? parsePasswordConfig2.get().value().toCharArray() : null);
        } else if (isPemFileBased(parseStringConfig, parseStringConfig2)) {
            if (parsePasswordConfig2.isEmpty()) {
                throw new ConfigurationException(KafkaConfig.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_DEFAULT);
            }
            createKeystoreFromFile = this.certLoader.getFileBasedPemKeyStore(parseStringConfig2, !parsePasswordConfig2.get().value().isEmpty() ? parsePasswordConfig2.get().value().toCharArray() : null);
        } else {
            if (parsePasswordConfig.isEmpty() || parsePasswordConfig2.isEmpty()) {
                throw new ConfigurationException(KafkaConfig.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_DEFAULT);
            }
            createKeystoreFromFile = this.certLoader.createKeystoreFromFile(parseStringConfig, parseStringConfig2, !parsePasswordConfig.get().value().isEmpty() ? parsePasswordConfig.get().value().toCharArray() : null);
        }
        keyManagerFactory.init(createKeystoreFromFile, parsePasswordConfig2.get().value().toCharArray());
        return keyManagerFactory;
    }

    private TrustManagerFactory createTrustManager(Map<String, Object> map) throws IOException, GeneralSecurityException {
        KeyStore createKeystoreFromFile;
        String parseStringConfig = ConfigParser.parseStringConfig(map, KafkaConfig.DISCOVERY_SSL_TRUSTSTORE_TYPE_CONFIG, "ssl.truststore.type", true, "JKS");
        String parseStringConfig2 = ConfigParser.parseStringConfig(map, KafkaConfig.DISCOVERY_SSL_TRUSTSTORE_LOCATION_CONFIG, "ssl.truststore.location", false, (String) null);
        String parseStringConfig3 = ConfigParser.parseStringConfig(map, KafkaConfig.DISCOVERY_SSL_TRUSTMANAGER_ALGORITHM_CONFIG, "ssl.trustmanager.algorithm", false, "SunX509");
        Optional<Password> parsePasswordConfig = KafkaConfigParser.parsePasswordConfig(map, KafkaConfig.DISCOVERY_SSL_TRUSTSTORE_PASSWORD_CONFIG, "ssl.truststore.password", false);
        Optional<Password> parsePasswordConfig2 = KafkaConfigParser.parsePasswordConfig(map, KafkaConfig.DISCOVERY_SSL_TRUSTSTORE_CERTIFICATES_CONFIG, "ssl.truststore.certificates", false);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(parseStringConfig3);
        if (parsePasswordConfig2.isPresent()) {
            createKeystoreFromFile = this.certLoader.loadStringBasedPemTrustStore(parsePasswordConfig2.get().value());
        } else if (isPemFileBased(parseStringConfig, parseStringConfig2)) {
            createKeystoreFromFile = this.certLoader.getFileBasedPemTrustStore(parseStringConfig2);
        } else {
            if (parsePasswordConfig.isEmpty()) {
                throw new ConfigurationException(KafkaConfig.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_DEFAULT);
            }
            createKeystoreFromFile = this.certLoader.createKeystoreFromFile(parseStringConfig, parseStringConfig2, !parsePasswordConfig.get().value().isEmpty() ? parsePasswordConfig.get().value().toCharArray() : null);
        }
        trustManagerFactory.init(createKeystoreFromFile);
        return trustManagerFactory;
    }

    List<Header> getHttpHeaders(AxualConfig axualConfig) {
        return Arrays.asList(new BasicHeader("Cache-Control", "no-cache"), new BasicHeader("X-Application-Id", axualConfig.getApplicationId()), new BasicHeader("X-Application-Version", axualConfig.getApplicationVersion()), new BasicHeader("X-Client-Library-Version", VersionUtil.getProjectVersion(KafkaPropertyBasedHttpClientFactory.class)));
    }

    boolean isPemFileBased(String str, String str2) {
        return "PEM".equalsIgnoreCase(str) && Objects.nonNull(str2);
    }

    boolean isPemStringBased(String str, boolean z) {
        return "PEM".equalsIgnoreCase(str) && z;
    }
}
