package com.palantir.dialogue.hc4;

import com.codahale.metrics.Meter;
import com.google.common.collect.ImmutableSet;
import com.google.common.io.Closer;
import com.google.common.primitives.Ints;
import com.google.common.util.concurrent.ThreadFactoryBuilder;
import com.palantir.conjure.java.api.config.service.BasicCredentials;
import com.palantir.conjure.java.client.config.CipherSuites;
import com.palantir.conjure.java.client.config.ClientConfiguration;
import com.palantir.dialogue.Channel;
import com.palantir.dialogue.blocking.BlockingChannelAdapter;
import com.palantir.dialogue.core.DialogueChannel;
import com.palantir.dialogue.core.DialogueInternalWeakReducingGauge;
import com.palantir.logsafe.Arg;
import com.palantir.logsafe.Preconditions;
import com.palantir.logsafe.Safe;
import com.palantir.logsafe.SafeArg;
import com.palantir.logsafe.UnsafeArg;
import com.palantir.logsafe.exceptions.SafeIllegalArgumentException;
import com.palantir.logsafe.exceptions.SafeRuntimeException;
import com.palantir.tritium.metrics.MetricRegistries;
import com.palantir.tritium.metrics.registry.MetricName;
import com.palantir.tritium.metrics.registry.TaggedMetricRegistry;
import java.io.Closeable;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.time.Duration;
import java.util.ArrayDeque;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Map;
import java.util.Objects;
import java.util.Queue;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.ThreadFactory;
import java.util.concurrent.TimeUnit;
import javax.annotation.Nullable;
import javax.net.ssl.SSLSocketFactory;
import org.apache.http.Header;
import org.apache.http.HttpHost;
import org.apache.http.HttpResponse;
import org.apache.http.auth.AuthOption;
import org.apache.http.auth.AuthScheme;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.Credentials;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.AuthenticationStrategy;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.config.SocketConfig;
import org.apache.http.conn.SchemePortResolver;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.auth.BasicSchemeFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.client.IdleConnectionEvictor;
import org.apache.http.impl.client.ProxyAuthenticationStrategy;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.impl.conn.SystemDefaultRoutePlanner;
import org.apache.http.pool.PoolStats;
import org.apache.http.protocol.HttpContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/palantir/dialogue/hc4/ApacheHttpClientChannels.class */
public final class ApacheHttpClientChannels {
    private static final Logger log = LoggerFactory.getLogger(ApacheHttpClientChannels.class);

    /* loaded from: input_file:com/palantir/dialogue/hc4/ApacheHttpClientChannels$ClientBuilder.class */
    public static final class ClientBuilder {

        @Nullable
        private ClientConfiguration clientConfiguration;

        @Nullable
        private String clientName;

        @Nullable
        private ExecutorService executor;

        private ClientBuilder() {
        }

        public ClientBuilder clientConfiguration(ClientConfiguration clientConfiguration) {
            this.clientConfiguration = (ClientConfiguration) Preconditions.checkNotNull(clientConfiguration, "ClientConfiguration is required");
            return this;
        }

        public ClientBuilder clientName(@Safe String str) {
            this.clientName = (String) Preconditions.checkNotNull(str, "clientName is required");
            return this;
        }

        public ClientBuilder executor(ExecutorService executorService) {
            this.executor = (ExecutorService) Preconditions.checkNotNull(executorService, "ExecutorService is required");
            return this;
        }

        public CloseableClient build() {
            ClientConfiguration clientConfiguration = (ClientConfiguration) Preconditions.checkNotNull(this.clientConfiguration, "ClientConfiguration is required");
            String str = (String) Preconditions.checkNotNull(this.clientName, "Client name is required");
            Preconditions.checkArgument(!clientConfiguration.fallbackToCommonNameVerification(), "fallback-to-common-name-verification is not supported");
            Preconditions.checkArgument(!clientConfiguration.meshProxy().isPresent(), "Mesh proxy is not supported");
            long max = Math.max(clientConfiguration.readTimeout().toMillis(), clientConfiguration.writeTimeout().toMillis());
            int checkedCast = Ints.checkedCast(clientConfiguration.connectTimeout().toMillis());
            long min = Math.min(Duration.ofSeconds(50L).toMillis(), max);
            int i = (int) (min / 2.5d);
            SocketConfig build = SocketConfig.custom().setSoKeepAlive(true).build();
            SSLSocketFactory sslSocketFactory = clientConfiguration.sslSocketFactory();
            PoolingHttpClientConnectionManager poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager(RegistryBuilder.create().register("http", PlainConnectionSocketFactory.getSocketFactory()).register("https", new SSLConnectionSocketFactory(MetricRegistries.instrument(clientConfiguration.taggedMetricRegistry(), sslSocketFactory, str), new String[]{"TLSv1.2"}, ApacheHttpClientChannels.supportedCipherSuites(clientConfiguration.enableGcmCipherSuites() ? CipherSuites.allCipherSuites() : CipherSuites.fastCipherSuites(), sslSocketFactory, str), new DefaultHostnameVerifier())).build());
            ApacheHttpClientChannels.setupConnectionPoolMetrics(clientConfiguration.taggedMetricRegistry(), str, poolingHttpClientConnectionManager);
            poolingHttpClientConnectionManager.setDefaultSocketConfig(build);
            poolingHttpClientConnectionManager.setMaxTotal(Integer.MAX_VALUE);
            poolingHttpClientConnectionManager.setDefaultMaxPerRoute(Integer.MAX_VALUE);
            poolingHttpClientConnectionManager.setValidateAfterInactivity(i);
            HttpClientBuilder defaultAuthSchemeRegistry = HttpClients.custom().setDefaultRequestConfig(RequestConfig.custom().setSocketTimeout(Ints.checkedCast(max)).setConnectTimeout(checkedCast).setConnectionRequestTimeout(checkedCast).setRedirectsEnabled(false).setRelativeRedirectsAllowed(false).setNormalizeUri(false).build()).setConnectionManagerShared(true).setConnectionManager(poolingHttpClientConnectionManager).setRoutePlanner(new SystemDefaultRoutePlanner((SchemePortResolver) null, clientConfiguration.proxy())).disableAutomaticRetries().disableConnectionState().disableCookieManagement().disableContentCompression().setDefaultCredentialsProvider(NullCredentialsProvider.INSTANCE).setTargetAuthenticationStrategy(NullAuthenticationStrategy.INSTANCE).setProxyAuthenticationStrategy(NullAuthenticationStrategy.INSTANCE).setDefaultAuthSchemeRegistry(RegistryBuilder.create().build());
            clientConfiguration.proxyCredentials().ifPresent(basicCredentials -> {
                defaultAuthSchemeRegistry.setDefaultCredentialsProvider(new SingleCredentialsProvider(basicCredentials)).setProxyAuthenticationStrategy(ProxyAuthenticationStrategy.INSTANCE).setDefaultAuthSchemeRegistry(RegistryBuilder.create().register("Basic", new BasicSchemeFactory()).build());
            });
            return CloseableClient.wrap(defaultAuthSchemeRegistry.build(), str, poolingHttpClientConnectionManager, new IdleConnectionEvictor(poolingHttpClientConnectionManager, ApacheHttpClientChannels.idleConnectionEvictorThreadFactory(str, clientConfiguration.taggedMetricRegistry()), Math.min(min, 5000L), TimeUnit.MILLISECONDS, min, TimeUnit.MILLISECONDS), clientConfiguration, this.executor);
        }
    }

    /* loaded from: input_file:com/palantir/dialogue/hc4/ApacheHttpClientChannels$CloseableClient.class */
    public static final class CloseableClient implements Closeable {
        private static final String APACHE = "apache";
        private final String clientName;
        private final CloseableHttpClient apacheClient;
        private final PoolingHttpClientConnectionManager pool;
        private final ResponseLeakDetector leakDetector;

        @Nullable
        private final ExecutorService executor;
        private final Closer closer = Closer.create();

        private CloseableClient(CloseableHttpClient closeableHttpClient, @Safe String str, PoolingHttpClientConnectionManager poolingHttpClientConnectionManager, IdleConnectionEvictor idleConnectionEvictor, TaggedMetricRegistry taggedMetricRegistry, ResponseLeakDetector responseLeakDetector, @Nullable ExecutorService executorService) {
            this.clientName = str;
            this.apacheClient = closeableHttpClient;
            this.pool = poolingHttpClientConnectionManager;
            this.leakDetector = responseLeakDetector;
            this.executor = executorService;
            this.closer.register(() -> {
                idleConnectionEvictor.shutdown();
                try {
                    idleConnectionEvictor.awaitTermination(1L, TimeUnit.SECONDS);
                } catch (InterruptedException e) {
                    Thread.currentThread().interrupt();
                }
            });
            idleConnectionEvictor.start();
            this.closer.register(closeableHttpClient);
            Closer closer = this.closer;
            Objects.requireNonNull(poolingHttpClientConnectionManager);
            closer.register(poolingHttpClientConnectionManager::shutdown);
            Closer closer2 = this.closer;
            Meter build = DialogueClientMetrics.of(taggedMetricRegistry).close().clientName(str).clientType(APACHE).build();
            Objects.requireNonNull(build);
            closer2.register(build::mark);
        }

        static CloseableClient wrap(CloseableHttpClient closeableHttpClient, @Safe String str, PoolingHttpClientConnectionManager poolingHttpClientConnectionManager, IdleConnectionEvictor idleConnectionEvictor, ClientConfiguration clientConfiguration, @Nullable ExecutorService executorService) {
            CloseableClient closeableClient = new CloseableClient(closeableHttpClient, str, poolingHttpClientConnectionManager, idleConnectionEvictor, clientConfiguration.taggedMetricRegistry(), ResponseLeakDetector.of(str, clientConfiguration.taggedMetricRegistry()), executorService);
            ApacheHttpClientChannels.log.info("Created Apache client {} {} {} {}", new Object[]{SafeArg.of("name", str), SafeArg.of("client", Integer.toHexString(System.identityHashCode(closeableHttpClient))), UnsafeArg.of("clientConfiguration", clientConfiguration), UnsafeArg.of("executor", executorService)});
            DialogueClientMetrics.of(clientConfiguration.taggedMetricRegistry()).create().clientName(str).clientType(APACHE).build().mark();
            return closeableClient;
        }

        @Override // java.io.Closeable, java.lang.AutoCloseable
        public void close() throws IOException {
            if (ApacheHttpClientChannels.log.isDebugEnabled()) {
                PoolStats totalStats = this.pool.getTotalStats();
                ApacheHttpClientChannels.log.debug("ApacheHttpClientChannels#close - {} {} {} {} {}", new Object[]{SafeArg.of("name", this.clientName), SafeArg.of("client", Integer.toHexString(System.identityHashCode(this.apacheClient))), SafeArg.of("idle", Integer.valueOf(totalStats.getAvailable())), SafeArg.of("leased", Integer.valueOf(totalStats.getLeased())), SafeArg.of("pending", Integer.valueOf(totalStats.getPending())), new SafeRuntimeException("Exception for stacktrace", new Arg[0])});
            }
            this.pool.closeIdleConnections(0L, TimeUnit.NANOSECONDS);
        }

        protected void finalize() throws Throwable {
            try {
                finalizeApacheClient();
            } finally {
                super.finalize();
            }
        }

        private void finalizeApacheClient() throws IOException {
            if (ApacheHttpClientChannels.log.isInfoEnabled()) {
                PoolStats totalStats = this.pool.getTotalStats();
                ApacheHttpClientChannels.log.info("ApacheHttpClientChannels#finalize - {} {} {} {} {}", new Object[]{SafeArg.of("name", this.clientName), SafeArg.of("client", Integer.toHexString(System.identityHashCode(this.apacheClient))), SafeArg.of("idle", Integer.valueOf(totalStats.getAvailable())), SafeArg.of("leased", Integer.valueOf(totalStats.getLeased())), SafeArg.of("pending", Integer.valueOf(totalStats.getPending()))});
            }
            this.closer.close();
        }

        public String toString() {
            return "CloseableClient@" + Integer.toHexString(System.identityHashCode(this)) + "{clientName='" + this.clientName + "', client=" + this.apacheClient + ", pool=" + this.pool + ", leakDetector=" + this.leakDetector + ", executor=" + this.executor + '}';
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/palantir/dialogue/hc4/ApacheHttpClientChannels$NullAuthenticationStrategy.class */
    public enum NullAuthenticationStrategy implements AuthenticationStrategy {
        INSTANCE;

        public boolean isAuthenticationRequested(HttpHost httpHost, HttpResponse httpResponse, HttpContext httpContext) {
            return false;
        }

        public Map<String, Header> getChallenges(HttpHost httpHost, HttpResponse httpResponse, HttpContext httpContext) {
            return Collections.emptyMap();
        }

        public Queue<AuthOption> select(Map<String, Header> map, HttpHost httpHost, HttpResponse httpResponse, HttpContext httpContext) {
            return new ArrayDeque(1);
        }

        public void authSucceeded(HttpHost httpHost, AuthScheme authScheme, HttpContext httpContext) {
        }

        public void authFailed(HttpHost httpHost, AuthScheme authScheme, HttpContext httpContext) {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/palantir/dialogue/hc4/ApacheHttpClientChannels$NullCredentialsProvider.class */
    public enum NullCredentialsProvider implements CredentialsProvider {
        INSTANCE;

        @Override // org.apache.http.client.CredentialsProvider
        public void setCredentials(AuthScope authScope, Credentials credentials) {
        }

        @Override // org.apache.http.client.CredentialsProvider
        @Nullable
        public Credentials getCredentials(AuthScope authScope) {
            return null;
        }

        @Override // org.apache.http.client.CredentialsProvider
        public void clear() {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/palantir/dialogue/hc4/ApacheHttpClientChannels$SingleCredentialsProvider.class */
    public static final class SingleCredentialsProvider implements CredentialsProvider {
        private final Credentials credentials;

        SingleCredentialsProvider(BasicCredentials basicCredentials) {
            this.credentials = new UsernamePasswordCredentials(basicCredentials.username(), basicCredentials.password());
        }

        @Override // org.apache.http.client.CredentialsProvider
        public void setCredentials(AuthScope authScope, Credentials credentials) {
        }

        @Override // org.apache.http.client.CredentialsProvider
        public Credentials getCredentials(AuthScope authScope) {
            return this.credentials;
        }

        @Override // org.apache.http.client.CredentialsProvider
        public void clear() {
        }
    }

    private ApacheHttpClientChannels() {
    }

    public static Channel create(ClientConfiguration clientConfiguration) {
        CloseableClient createCloseableHttpClient = createCloseableHttpClient(clientConfiguration, "apache-channel");
        return DialogueChannel.builder().channelName("apache-channel").clientConfiguration(clientConfiguration).channelFactory(str -> {
            return createSingleUri(str, createCloseableHttpClient);
        }).build();
    }

    public static Channel createSingleUri(String str, CloseableClient closeableClient) {
        ApacheHttpClientBlockingChannel apacheHttpClientBlockingChannel = new ApacheHttpClientBlockingChannel(closeableClient.apacheClient, url(str), closeableClient.leakDetector);
        return closeableClient.executor == null ? BlockingChannelAdapter.of(apacheHttpClientBlockingChannel) : BlockingChannelAdapter.of(apacheHttpClientBlockingChannel, closeableClient.executor);
    }

    @Deprecated
    public static CloseableClient createCloseableHttpClient(ClientConfiguration clientConfiguration) {
        return createCloseableHttpClient(clientConfiguration, "apache-channel");
    }

    public static CloseableClient createCloseableHttpClient(ClientConfiguration clientConfiguration, String str) {
        return clientBuilder().clientConfiguration(clientConfiguration).clientName(str).build();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void setupConnectionPoolMetrics(TaggedMetricRegistry taggedMetricRegistry, String str, PoolingHttpClientConnectionManager poolingHttpClientConnectionManager) {
        DialogueInternalWeakReducingGauge.getOrCreate(taggedMetricRegistry, clientPoolSizeMetricName(str, "idle"), poolingHttpClientConnectionManager2 -> {
            return poolingHttpClientConnectionManager2.getTotalStats().getAvailable();
        }, (v0) -> {
            return v0.sum();
        }, poolingHttpClientConnectionManager);
        DialogueInternalWeakReducingGauge.getOrCreate(taggedMetricRegistry, clientPoolSizeMetricName(str, "leased"), poolingHttpClientConnectionManager3 -> {
            return poolingHttpClientConnectionManager3.getTotalStats().getLeased();
        }, (v0) -> {
            return v0.sum();
        }, poolingHttpClientConnectionManager);
        DialogueInternalWeakReducingGauge.getOrCreate(taggedMetricRegistry, clientPoolSizeMetricName(str, "pending"), poolingHttpClientConnectionManager4 -> {
            return poolingHttpClientConnectionManager4.getTotalStats().getPending();
        }, (v0) -> {
            return v0.sum();
        }, poolingHttpClientConnectionManager);
    }

    private static MetricName clientPoolSizeMetricName(String str, String str2) {
        return MetricName.builder().safeName("dialogue.client.pool.size").putSafeTags("client-name", str).putSafeTags("state", str2).build();
    }

    public static ClientBuilder clientBuilder() {
        return new ClientBuilder();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static ThreadFactory idleConnectionEvictorThreadFactory(String str, TaggedMetricRegistry taggedMetricRegistry) {
        Preconditions.checkNotNull(str, "Client name is required");
        Preconditions.checkNotNull(taggedMetricRegistry, "TaggedMetricRegistry is required");
        return MetricRegistries.instrument(taggedMetricRegistry, new ThreadFactoryBuilder().setNameFormat(str + "-IdleConnectionEvictor-%d").setDaemon(true).build(), str + "-IdleConnectionEvictor");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String[] supportedCipherSuites(String[] strArr, SSLSocketFactory sSLSocketFactory, String str) {
        ImmutableSet<String> supportedCipherSuites = supportedCipherSuites(sSLSocketFactory);
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (String str2 : strArr) {
            if (supportedCipherSuites.contains(str2)) {
                arrayList.add(str2);
            } else {
                arrayList2.add(str2);
            }
        }
        if (!arrayList2.isEmpty()) {
            log.debug("Skipping unsupported cipher suites", new Object[]{SafeArg.of("client", str), SafeArg.of("numEnabled", Integer.valueOf(arrayList.size())), SafeArg.of("numUnsupported", Integer.valueOf(arrayList2.size())), SafeArg.of("cipher", arrayList2), SafeArg.of("javaVendor", System.getProperty("java.vendor")), SafeArg.of("javaVersion", System.getProperty("java.version"))});
        }
        Preconditions.checkState(!arrayList.isEmpty(), "Zero supported cipher suites");
        return (String[]) arrayList.toArray(new String[0]);
    }

    private static ImmutableSet<String> supportedCipherSuites(SSLSocketFactory sSLSocketFactory) {
        return ImmutableSet.copyOf(sSLSocketFactory.getSupportedCipherSuites());
    }

    private static URL url(String str) {
        try {
            return new URL(str);
        } catch (MalformedURLException e) {
            throw new SafeIllegalArgumentException("Failed to parse URL", e, new Arg[0]);
        }
    }
}
