package org.zowe.apiml.product.web;

import com.netflix.discovery.AbstractDiscoveryClientOptionalArgs;
import com.netflix.discovery.shared.transport.jersey.EurekaJerseyClient;
import com.netflix.discovery.shared.transport.jersey.EurekaJerseyClientImpl;
import java.util.Set;
import java.util.function.Supplier;
import javax.annotation.PostConstruct;
import javax.annotation.Resource;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.impl.client.CloseableHttpClient;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.web.client.RestTemplate;
import org.zowe.apiml.message.log.ApimlLogger;
import org.zowe.apiml.product.logging.annotations.InjectApimlLogger;
import org.zowe.apiml.security.HttpsConfig;
import org.zowe.apiml.security.HttpsConfigError;
import org.zowe.apiml.security.HttpsFactory;
import org.zowe.apiml.security.SecurityUtils;

@Configuration
/* loaded from: input_file:BOOT-INF/lib/apiml-common-2.3.1.jar:org/zowe/apiml/product/web/HttpConfig.class */
public class HttpConfig {

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) HttpConfig.class);

    @Value("${server.ssl.protocol:TLSv1.2}")
    private String protocol;

    @Value("${server.ssl.trustStore:#{null}}")
    private String trustStore;

    @Value("${server.ssl.trustStorePassword:#{null}}")
    private char[] trustStorePassword;

    @Value("${server.ssl.trustStoreType:PKCS12}")
    private String trustStoreType;

    @Value("${server.ssl.keyAlias:#{null}}")
    private String keyAlias;

    @Value("${server.ssl.keyStore:#{null}}")
    private String keyStore;

    @Value("${server.ssl.keyStorePassword:#{null}}")
    private char[] keyStorePassword;

    @Value("${server.ssl.keyPassword:#{null}}")
    private char[] keyPassword;

    @Value("${server.ssl.keyStoreType:PKCS12}")
    private String keyStoreType;

    @Value("${server.ssl.ciphers:.*}")
    private String[] ciphers;

    @Value("${apiml.security.ssl.verifySslCertificatesOfServices:true}")
    private boolean verifySslCertificatesOfServices;

    @Value("${apiml.security.ssl.nonStrictVerifySslCertificatesOfServices:false}")
    private boolean nonStrictVerifySslCertificatesOfServices;

    @Value("${spring.application.name}")
    private String serviceId;

    @Value("${server.ssl.trustStoreRequired:false}")
    private boolean trustStoreRequired;

    @Value("${eureka.client.serviceUrl.defaultZone}")
    private String eurekaServerUrl;

    @Value("${server.maxConnectionsPerRoute:#{10}}")
    private Integer maxConnectionsPerRoute;

    @Value("${server.maxTotalConnections:#{100}}")
    private Integer maxTotalConnections;

    @Value("${apiml.httpclient.conn-pool.idleConnTimeoutSeconds:#{5}}")
    private int idleConnTimeoutSeconds;

    @Value("${apiml.httpclient.conn-pool.requestConnectionTimeout:#{10000}}")
    private int requestConnectionTimeout;

    @Value("${apiml.httpclient.conn-pool.readTimeout:#{10000}}")
    private int readTimeout;

    @Value("${apiml.httpclient.conn-pool.timeToLive:#{10000}}")
    private int timeToLive;

    @Value("${server.attls.enabled:false}")
    private boolean isAttlsEnabled;
    private CloseableHttpClient secureHttpClient;
    private CloseableHttpClient secureHttpClientWithoutKeystore;
    private SSLContext secureSslContext;
    private HostnameVerifier secureHostnameVerifier;
    private EurekaJerseyClientImpl.EurekaJerseyClientBuilder eurekaJerseyClientBuilder;

    @InjectApimlLogger
    private ApimlLogger apimlLog = ApimlLogger.empty();
    private Set<String> publicKeyCertificatesBase64;

    @Resource
    private AbstractDiscoveryClientOptionalArgs<?> optionalArgs;

    @PostConstruct
    public void init() {
        try {
            Supplier supplier = () -> {
                return HttpsConfig.builder().protocol(this.protocol).trustStore(this.trustStore).trustStoreType(this.trustStoreType).trustStorePassword(this.trustStorePassword).trustStoreRequired(this.trustStoreRequired).verifySslCertificatesOfServices(this.verifySslCertificatesOfServices).nonStrictVerifySslCertificatesOfServices(this.nonStrictVerifySslCertificatesOfServices).maxConnectionsPerRoute(this.maxConnectionsPerRoute.intValue()).maxTotalConnections(this.maxTotalConnections.intValue()).idleConnTimeoutSeconds(this.idleConnTimeoutSeconds).requestConnectionTimeout(this.requestConnectionTimeout).timeToLive(this.timeToLive);
            };
            HttpsConfig build = ((HttpsConfig.HttpsConfigBuilder) supplier.get()).keyAlias(this.keyAlias).keyStore(this.keyStore).keyPassword(this.keyPassword).keyStorePassword(this.keyStorePassword).keyStoreType(this.keyStoreType).trustStore(this.trustStore).build();
            HttpsConfig build2 = ((HttpsConfig.HttpsConfigBuilder) supplier.get()).build();
            log.info("Using HTTPS configuration: {}", build.toString());
            HttpsFactory httpsFactory = new HttpsFactory(build);
            this.secureHttpClient = httpsFactory.createSecureHttpClient();
            this.secureSslContext = httpsFactory.createSslContext();
            this.secureHostnameVerifier = httpsFactory.createHostnameVerifier();
            this.eurekaJerseyClientBuilder = httpsFactory.createEurekaJerseyClientBuilder(this.eurekaServerUrl, this.serviceId);
            this.optionalArgs.setEurekaJerseyClient(eurekaJerseyClient());
            this.secureHttpClientWithoutKeystore = new HttpsFactory(build2).createSecureHttpClient();
            httpsFactory.setSystemSslProperties();
            this.publicKeyCertificatesBase64 = SecurityUtils.loadCertificateChainBase64(build);
        } catch (HttpsConfigError e) {
            System.exit(1);
        } catch (Exception e2) {
            this.apimlLog.log("org.zowe.apiml.common.unknownHttpsConfigError", e2.getMessage());
            System.exit(1);
        }
    }

    @Bean
    @Qualifier("publicKeyCertificatesBase64")
    public Set<String> publicKeyCertificatesBase64() {
        return this.publicKeyCertificatesBase64;
    }

    private void setTruststore(SslContextFactory sslContextFactory) {
        if (StringUtils.isNotEmpty(this.trustStore)) {
            sslContextFactory.setTrustStorePath(SecurityUtils.replaceFourSlashes(this.trustStore));
            sslContextFactory.setTrustStoreType(this.trustStoreType);
            sslContextFactory.setTrustStorePassword(this.trustStorePassword == null ? null : String.valueOf(this.trustStorePassword));
        }
    }

    @Bean
    @Qualifier("jettyClientSslContextFactory")
    public SslContextFactory.Client jettyClientSslContextFactory() {
        SslContextFactory.Client client = new SslContextFactory.Client();
        client.setProtocol(this.protocol);
        client.setExcludeCipherSuites("^.*_(MD5|SHA|SHA1)$", "^TLS_RSA_.*$");
        setTruststore(client);
        log.debug("jettySslContextFactory: {}", client.dump());
        client.setHostnameVerifier(secureHostnameVerifier());
        if (!this.verifySslCertificatesOfServices) {
            client.setTrustAll(true);
        }
        return client;
    }

    @Bean
    @Primary
    @Qualifier("restTemplateWithKeystore")
    public RestTemplate restTemplateWithKeystore() {
        HttpComponentsClientHttpRequestFactory httpComponentsClientHttpRequestFactory = new HttpComponentsClientHttpRequestFactory(this.secureHttpClient);
        httpComponentsClientHttpRequestFactory.setReadTimeout(this.readTimeout);
        httpComponentsClientHttpRequestFactory.setConnectTimeout(this.requestConnectionTimeout);
        return new RestTemplate(httpComponentsClientHttpRequestFactory);
    }

    @Bean
    @Qualifier("restTemplateWithoutKeystore")
    public RestTemplate restTemplateWithoutKeystore() {
        HttpComponentsClientHttpRequestFactory httpComponentsClientHttpRequestFactory = new HttpComponentsClientHttpRequestFactory(this.secureHttpClientWithoutKeystore);
        httpComponentsClientHttpRequestFactory.setReadTimeout(this.readTimeout);
        httpComponentsClientHttpRequestFactory.setConnectTimeout(this.requestConnectionTimeout);
        return new RestTemplate(httpComponentsClientHttpRequestFactory);
    }

    @Bean
    @Primary
    @Qualifier("secureHttpClientWithKeystore")
    public CloseableHttpClient secureHttpClient() {
        return this.secureHttpClient;
    }

    @Bean
    @Qualifier("secureHttpClientWithoutKeystore")
    public CloseableHttpClient secureHttpClientWithoutKeystore() {
        return this.secureHttpClientWithoutKeystore;
    }

    @Bean
    public SSLContext secureSslContext() {
        return this.secureSslContext;
    }

    @Bean
    public HostnameVerifier secureHostnameVerifier() {
        return this.secureHostnameVerifier;
    }

    @Bean
    public EurekaJerseyClient eurekaJerseyClient() {
        return this.eurekaJerseyClientBuilder.build();
    }
}
