package org.zowe.apiml.zaasclient.service.internal;

import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import lombok.Generated;
import org.apache.http.client.CookieStore;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.BasicCookieStore;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.tomcat.util.net.Constants;
import org.zowe.apiml.zaasclient.config.ConfigProperties;
import org.zowe.apiml.zaasclient.exception.ZaasConfigurationErrorCodes;
import org.zowe.apiml.zaasclient.exception.ZaasConfigurationException;

/* loaded from: input_file:BOOT-INF/lib/zaas-client-1.25.3.jar:org/zowe/apiml/zaasclient/service/internal/ZaasHttpsClientProvider.class */
class ZaasHttpsClientProvider implements CloseableClientProvider {
    private static final int REQUEST_TIMEOUT = 30000;
    private final RequestConfig requestConfig;
    public static final String SAFKEYRING = "safkeyring";
    private TrustManagerFactory tmf;
    private KeyManagerFactory kmf;
    private final char[] keyStorePassword;
    private final String keyStoreType;
    private final String keyStorePath;
    private final HostnameVerifier hostnameVerifier;
    private final CookieStore cookieStore;
    private CloseableHttpClient httpsClient;

    public ZaasHttpsClientProvider(ConfigProperties configProperties) throws ZaasConfigurationException {
        this.cookieStore = new BasicCookieStore();
        this.requestConfig = buildCustomRequestConfig();
        if (configProperties.getTrustStorePath() == null) {
            throw new ZaasConfigurationException(ZaasConfigurationErrorCodes.TRUST_STORE_NOT_PROVIDED);
        }
        initializeTrustManagerFactory(configProperties.getTrustStorePath(), configProperties.getTrustStoreType(), configProperties.getTrustStorePassword());
        this.hostnameVerifier = configProperties.isNonStrictVerifySslCertificatesOfServices() ? new NoopHostnameVerifier() : SSLConnectionSocketFactory.getDefaultHostnameVerifier();
        this.keyStorePath = configProperties.getKeyStorePath();
        this.keyStorePassword = configProperties.getKeyStorePassword();
        this.keyStoreType = configProperties.getKeyStoreType();
    }

    public void clearCookieStore() {
        this.cookieStore.clear();
    }

    @Override // org.zowe.apiml.zaasclient.service.internal.CloseableClientProvider
    public synchronized CloseableHttpClient getHttpClient() throws ZaasConfigurationException {
        if (this.httpsClient == null) {
            if (this.kmf == null) {
                initializeKeyStoreManagerFactory();
            }
            this.httpsClient = sharedHttpClientConfiguration(getSSLContext()).build();
        }
        return this.httpsClient;
    }

    private void initializeTrustManagerFactory(String str, String str2, char[] cArr) throws ZaasConfigurationException {
        try {
            this.tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            this.tmf.init(getKeystore(str, str2, cArr));
        } catch (IOException e) {
            throw new ZaasConfigurationException(ZaasConfigurationErrorCodes.IO_CONFIGURATION_ISSUE, e);
        } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
            throw new ZaasConfigurationException(ZaasConfigurationErrorCodes.WRONG_CRYPTO_CONFIGURATION, e2);
        }
    }

    private void initializeKeyStoreManagerFactory() throws ZaasConfigurationException {
        try {
            KeyStore keystore = this.keyStorePath != null ? getKeystore(this.keyStorePath, this.keyStoreType, this.keyStorePassword) : getEmptyKeystore();
            this.kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            this.kmf.init(keystore, this.keyStorePassword);
        } catch (IOException e) {
            throw new ZaasConfigurationException(ZaasConfigurationErrorCodes.IO_CONFIGURATION_ISSUE, e);
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e2) {
            throw new ZaasConfigurationException(ZaasConfigurationErrorCodes.WRONG_CRYPTO_CONFIGURATION, e2);
        }
    }

    private KeyStore getKeystore(String str, String str2, char[] cArr) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
        KeyStore keyStore = KeyStore.getInstance(str2);
        InputStream correctInputStream = getCorrectInputStream(str);
        Throwable th = null;
        try {
            try {
                keyStore.load(correctInputStream, cArr);
                if (correctInputStream != null) {
                    if (0 != 0) {
                        try {
                            correctInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        correctInputStream.close();
                    }
                }
                return keyStore;
            } finally {
            }
        } catch (Throwable th3) {
            if (correctInputStream != null) {
                if (th != null) {
                    try {
                        correctInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    correctInputStream.close();
                }
            }
            throw th3;
        }
    }

    private KeyStore getEmptyKeystore() throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        return keyStore;
    }

    private InputStream getCorrectInputStream(String str) throws IOException {
        return str.startsWith("safkeyring:////") ? new URL(replaceFourSlashes(str)).openStream() : new FileInputStream(str);
    }

    public static String replaceFourSlashes(String str) {
        if (str == null) {
            return null;
        }
        return str.replaceFirst("////", "//");
    }

    private SSLContext getSSLContext() throws ZaasConfigurationException {
        try {
            SSLContext sSLContext = SSLContext.getInstance(Constants.SSL_PROTO_TLSv1_2);
            sSLContext.init(this.kmf != null ? this.kmf.getKeyManagers() : null, this.tmf.getTrustManagers(), new SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
            HttpsURLConnection.setDefaultHostnameVerifier(this.hostnameVerifier);
            return sSLContext;
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new ZaasConfigurationException(ZaasConfigurationErrorCodes.WRONG_CRYPTO_CONFIGURATION, e);
        }
    }

    private HttpClientBuilder sharedHttpClientConfiguration(SSLContext sSLContext) {
        return HttpClients.custom().setSSLSocketFactory(new SSLConnectionSocketFactory(sSLContext, this.hostnameVerifier)).setDefaultRequestConfig(this.requestConfig).setMaxConnTotal(9).setMaxConnPerRoute(3).setDefaultCookieStore(this.cookieStore);
    }

    private RequestConfig buildCustomRequestConfig() {
        RequestConfig.Builder custom = RequestConfig.custom();
        custom.setConnectionRequestTimeout(30000);
        custom.setSocketTimeout(30000);
        custom.setConnectTimeout(30000);
        return custom.build();
    }

    @Generated
    public ZaasHttpsClientProvider(RequestConfig requestConfig, TrustManagerFactory trustManagerFactory, KeyManagerFactory keyManagerFactory, char[] cArr, String str, String str2, HostnameVerifier hostnameVerifier, CloseableHttpClient closeableHttpClient) {
        this.cookieStore = new BasicCookieStore();
        this.requestConfig = requestConfig;
        this.tmf = trustManagerFactory;
        this.kmf = keyManagerFactory;
        this.keyStorePassword = cArr;
        this.keyStoreType = str;
        this.keyStorePath = str2;
        this.hostnameVerifier = hostnameVerifier;
        this.httpsClient = closeableHttpClient;
    }
}
