package org.jfrog.client.http;

import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.Principal;
import java.util.Arrays;
import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import org.apache.commons.lang.StringUtils;
import org.apache.http.HeaderElement;
import org.apache.http.HttpException;
import org.apache.http.HttpHost;
import org.apache.http.HttpRequestInterceptor;
import org.apache.http.HttpResponseInterceptor;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.Credentials;
import org.apache.http.auth.NTCredentials;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.RedirectStrategy;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.ConnectionKeepAliveStrategy;
import org.apache.http.conn.DnsResolver;
import org.apache.http.conn.HttpConnectionFactory;
import org.apache.http.conn.SchemePortResolver;
import org.apache.http.conn.routing.HttpRoute;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.auth.SPNegoSchemeFactory;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.DefaultHttpRequestRetryHandler;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.DefaultRoutePlanner;
import org.apache.http.impl.conn.DefaultSchemePortResolver;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.message.BasicHeaderElementIterator;
import org.apache.http.protocol.HttpContext;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.ssl.TrustStrategy;
import org.jfrog.client.http.HttpBuilderBase;
import org.jfrog.client.http.auth.ProxyPreemptiveAuthInterceptor;
import org.jfrog.client.http.model.ProxyConfig;
import org.jfrog.client.util.KeyStoreProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jfrog/client/http/HttpBuilderBase.class */
public abstract class HttpBuilderBase<T extends HttpBuilderBase> {
    private static final Logger log = LoggerFactory.getLogger(HttpBuilderBase.class);
    protected HttpHost defaultHost;
    protected boolean allowAnyHostAuth;
    protected String proxyHost;
    private KeyStoreProvider keyStoreProvider;
    private KeyStoreProvider clientCertKeyStoreProvider;
    private String clientCertAlias;
    protected SSLContextBuilder sslContextBuilder;
    private RequestConfig defaultRequestConfig;
    public static final int CONNECTION_POOL_TIME_TO_LIVE = 30;
    private static final int DEFAULT_MAX_CONNECTIONS = 50;
    protected HttpClientBuilder builder = HttpClients.custom();
    protected RequestConfig.Builder config = RequestConfig.custom();
    protected JFrogAuthScheme chosenAuthScheme = JFrogAuthScheme.BASIC;
    protected boolean cookieSupportEnabled = false;
    private boolean trustSelfSignCert = false;
    private boolean noHostVerification = false;
    protected int maxConnectionsTotal = DEFAULT_MAX_CONNECTIONS;
    protected int maxConnectionsPerRoute = DEFAULT_MAX_CONNECTIONS;
    private int connectionPoolTimeToLive = 30;
    protected BasicCredentialsProvider credsProvider = new BasicCredentialsProvider();

    /* loaded from: input_file:org/jfrog/client/http/HttpBuilderBase$DefaultHostRoutePlanner.class */
    public static class DefaultHostRoutePlanner extends DefaultRoutePlanner {
        private final HttpHost defaultHost;

        DefaultHostRoutePlanner(HttpHost httpHost) {
            super(DefaultSchemePortResolver.INSTANCE);
            this.defaultHost = httpHost;
        }

        public HttpRoute determineRoute(HttpHost httpHost, org.apache.http.HttpRequest httpRequest, HttpContext httpContext) throws HttpException {
            if (httpHost == null) {
                httpHost = this.defaultHost;
            }
            return super.determineRoute(httpHost, httpRequest, httpContext);
        }

        public HttpHost getDefaultHost() {
            return this.defaultHost;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/jfrog/client/http/HttpBuilderBase$JFrogAuthScheme.class */
    public enum JFrogAuthScheme {
        BASIC,
        BEARER,
        SPNEGO
    }

    /* loaded from: input_file:org/jfrog/client/http/HttpBuilderBase$ProxyConfigBuilder.class */
    public class ProxyConfigBuilder {
        private final String proxyHost;
        private final int proxyPort;
        Credentials creds;

        public ProxyConfigBuilder(String str, int i) {
            this.proxyHost = str;
            this.proxyPort = i;
            HttpBuilderBase.this.config.setProxy(new HttpHost(str, i));
        }

        public HttpBuilderBase<T>.ProxyConfigBuilder authentication(String str, String str2) {
            this.creds = new UsernamePasswordCredentials(str, str2);
            HttpBuilderBase.this.config.setProxyPreferredAuthSchemes(Arrays.asList("Digest", "Basic", "NTLM"));
            HttpBuilderBase.this.builder.addInterceptorFirst(new ProxyPreemptiveAuthInterceptor());
            setProxyCreds(this.proxyHost, this.proxyPort);
            return this;
        }

        public HttpBuilderBase<T>.ProxyConfigBuilder ntlmAuthentication(String str, String str2, String str3, String str4) {
            this.creds = new NTCredentials(str, str2, str3, str4);
            HttpBuilderBase.this.builder.addInterceptorFirst(new ProxyPreemptiveAuthInterceptor());
            setProxyCreds(this.proxyHost, this.proxyPort);
            return this;
        }

        public HttpBuilderBase<T>.ProxyConfigBuilder redirectToHostProxies(String[] strArr) {
            if (this.creds != null && strArr != null) {
                for (String str : strArr) {
                    setProxyCreds(str, this.proxyPort);
                }
            }
            return this;
        }

        private void setProxyCreds(String str, int i) {
            if (StringUtils.isBlank(this.proxyHost) || i == 0) {
                throw new IllegalStateException("Proxy host and port must be set before creating authentication");
            }
            HttpBuilderBase.this.credsProvider.setCredentials(new AuthScope(str, i, AuthScope.ANY_REALM), this.creds);
        }
    }

    public HttpBuilderBase() {
        this.config.setMaxRedirects(20);
    }

    public CloseableHttpClient build() {
        return build(false);
    }

    public CloseableHttpClient build(boolean z) {
        if (this.defaultHost != null) {
            this.builder.setRoutePlanner(new DefaultHostRoutePlanner(this.defaultHost));
        }
        PoolingHttpClientConnectionManager configConnectionManager = configConnectionManager();
        if (z) {
            return new CloseableHttpClientWithParamsDecorator(this.builder.build(), configConnectionManager, this.chosenAuthScheme == JFrogAuthScheme.SPNEGO, this.defaultRequestConfig);
        }
        return new CloseableHttpClientDecorator(this.builder.build(), configConnectionManager, this.chosenAuthScheme == JFrogAuthScheme.SPNEGO, this.defaultRequestConfig);
    }

    private T self() {
        return this;
    }

    public T userAgent(String str) {
        this.builder.setUserAgent(str);
        return self();
    }

    public T disableGzipResponse() {
        this.builder.disableContentCompression();
        return self();
    }

    public T host(String str) {
        return host(str, 80);
    }

    public T host(String str, int i) {
        return host(str, i, i != 443 ? "http" : "https");
    }

    public T host(String str, int i, String str2) {
        if (StringUtils.isNotBlank(str)) {
            this.defaultHost = new HttpHost(str, i, str2);
        } else {
            this.defaultHost = null;
        }
        return self();
    }

    public T hostFromUrl(String str) {
        if (StringUtils.isNotBlank(str)) {
            try {
                URL url = new URL(str);
                this.defaultHost = new HttpHost(url.getHost(), url.getPort(), url.getProtocol());
            } catch (MalformedURLException e) {
                throw new IllegalArgumentException("Cannot parse the url " + str, e);
            }
        } else {
            this.defaultHost = null;
        }
        return self();
    }

    public T maxConnectionsPerRoute(int i) {
        this.maxConnectionsPerRoute = i;
        return self();
    }

    public T maxTotalConnections(int i) {
        this.maxConnectionsTotal = i;
        return self();
    }

    public T connectionTimeout(int i) {
        this.config.setConnectTimeout(i);
        return self();
    }

    public T socketTimeout(int i) {
        this.config.setSocketTimeout(i);
        return self();
    }

    public T staleCheckingEnabled(boolean z) {
        this.config.setStaleConnectionCheckEnabled(z);
        return self();
    }

    public T noRetry() {
        return retry(0, false);
    }

    public T retry(int i) {
        return retry(i, false);
    }

    public T retry(int i, boolean z) {
        if (i == 0) {
            this.builder.disableAutomaticRetries();
        } else {
            this.builder.setRetryHandler(new DefaultHttpRequestRetryHandler(i, z));
        }
        return self();
    }

    public T localAddress(String str) {
        if (StringUtils.isNotBlank(str)) {
            try {
                this.config.setLocalAddress(InetAddress.getByName(str));
            } catch (UnknownHostException e) {
                throw new IllegalArgumentException("Invalid local address: " + str, e);
            }
        }
        return self();
    }

    public T connectionPoolTTL(int i) {
        this.connectionPoolTimeToLive = i;
        return self();
    }

    public T enableCookieManagement(boolean z) {
        if (z) {
            this.config.setCookieSpec("compatibility");
        } else {
            this.config.setCookieSpec((String) null);
        }
        this.cookieSupportEnabled = z;
        return self();
    }

    public T keyStoreProvider(KeyStoreProvider keyStoreProvider) {
        this.keyStoreProvider = keyStoreProvider;
        return self();
    }

    public T clientCertKeyStoreProvider(KeyStoreProvider keyStoreProvider) {
        this.clientCertKeyStoreProvider = keyStoreProvider;
        return self();
    }

    public T clientCertAlias(String str) {
        this.clientCertAlias = str;
        return self();
    }

    public T useKerberos(boolean z) {
        if (z) {
            Credentials credentials = new Credentials() { // from class: org.jfrog.client.http.HttpBuilderBase.1
                @Override // org.apache.http.auth.Credentials
                public String getPassword() {
                    return null;
                }

                @Override // org.apache.http.auth.Credentials
                public Principal getUserPrincipal() {
                    return null;
                }
            };
            BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
            basicCredentialsProvider.setCredentials(new AuthScope(null, -1, null), credentials);
            this.builder.setDefaultAuthSchemeRegistry(RegistryBuilder.create().register("Negotiate", new SPNegoSchemeFactory(true)).build()).setDefaultCredentialsProvider(basicCredentialsProvider);
            this.chosenAuthScheme = JFrogAuthScheme.SPNEGO;
        }
        return self();
    }

    public T trustSelfSignCert(boolean z) {
        this.trustSelfSignCert = z;
        return self();
    }

    public T sslContextBuilder(SSLContextBuilder sSLContextBuilder) {
        this.sslContextBuilder = sSLContextBuilder;
        return self();
    }

    public T noHostVerification(boolean z) {
        this.noHostVerification = z;
        return self();
    }

    public T authentication(UsernamePasswordCredentials usernamePasswordCredentials) {
        if (usernamePasswordCredentials != null) {
            authentication(usernamePasswordCredentials.getUserName(), usernamePasswordCredentials.getPassword());
        }
        return self();
    }

    public T authentication(String str, String str2) {
        return authentication(str, str2, false);
    }

    public T authentication(String str, String str2, boolean z, List<String> list) {
        if (StringUtils.isNotBlank(str)) {
            if (this.defaultHost == null || StringUtils.isBlank(this.defaultHost.getHostName())) {
                throw new IllegalStateException("Cannot configure authentication when host is not set.");
            }
            this.allowAnyHostAuth = z;
            this.credsProvider.setCredentials(z ? new AuthScope(AuthScope.ANY_HOST, -1, AuthScope.ANY_REALM) : new AuthScope(this.defaultHost.getHostName(), -1, AuthScope.ANY_REALM), new UsernamePasswordCredentials(str, str2));
            if (list != null) {
                list.forEach(str3 -> {
                    this.credsProvider.setCredentials(new AuthScope(str3, -1, AuthScope.ANY_REALM), new UsernamePasswordCredentials(str, str2));
                });
            }
        }
        return self();
    }

    public T authentication(String str, String str2, boolean z) {
        return authentication(str, str2, z, null);
    }

    public T addRequestInterceptor(HttpRequestInterceptor httpRequestInterceptor) {
        this.builder.addInterceptorFirst(httpRequestInterceptor);
        return self();
    }

    public T addResponseInterceptor(HttpResponseInterceptor httpResponseInterceptor) {
        this.builder.addInterceptorLast(httpResponseInterceptor);
        return self();
    }

    public T redirectStrategy(RedirectStrategy redirectStrategy) {
        this.builder.setRedirectStrategy(redirectStrategy);
        return self();
    }

    public T normalize(boolean z) {
        this.config.setNormalizeUri(z);
        return self();
    }

    public T proxy(ProxyConfig proxyConfig) {
        if (proxyConfig == null) {
            return self();
        }
        this.proxyHost = proxyConfig.getHost();
        HttpBuilderBase<T>.ProxyConfigBuilder proxy = proxy(proxyConfig.getHost(), proxyConfig.getPort());
        if (StringUtils.isNotBlank(proxyConfig.getUsername())) {
            if (proxyConfig.getDomain() == null) {
                proxy.authentication(proxyConfig.getUsername(), proxyConfig.getPassword());
            } else {
                try {
                    proxy.ntlmAuthentication(proxyConfig.getUsername(), proxyConfig.getPassword(), StringUtils.isBlank(proxyConfig.getNtHost()) ? InetAddress.getLocalHost().getHostName() : proxyConfig.getNtHost(), proxyConfig.getDomain());
                } catch (UnknownHostException e) {
                    log.error("Failed to determine required local hostname for NTLM credentials.", e);
                }
            }
            proxy.redirectToHostProxies(proxyConfig.getRedirectedToHostsList());
        }
        return self();
    }

    public HttpBuilderBase<T>.ProxyConfigBuilder proxy(String str, int i) {
        return new ProxyConfigBuilder(str, i);
    }

    public boolean isCookieSupportEnabled() {
        return this.cookieSupportEnabled;
    }

    public static ConnectionKeepAliveStrategy createConnectionKeepAliveStrategy() {
        return (httpResponse, httpContext) -> {
            BasicHeaderElementIterator basicHeaderElementIterator = new BasicHeaderElementIterator(httpResponse.headerIterator("Keep-Alive"));
            while (basicHeaderElementIterator.hasNext()) {
                HeaderElement nextElement = basicHeaderElementIterator.nextElement();
                String name = nextElement.getName();
                String value = nextElement.getValue();
                if (value != null && name.equalsIgnoreCase("timeout")) {
                    try {
                        return Long.parseLong(value) * 1000;
                    } catch (NumberFormatException e) {
                    }
                }
            }
            return 30000L;
        };
    }

    public RequestConfig getDefaultRequestConfig() {
        return this.defaultRequestConfig;
    }

    protected PoolingHttpClientConnectionManager configConnectionManager() {
        if (!isCookieSupportEnabled()) {
            this.builder.disableCookieManagement();
        }
        if (hasCredentials()) {
            this.builder.setDefaultCredentialsProvider(this.credsProvider);
        }
        this.defaultRequestConfig = this.config.build();
        this.builder.setDefaultRequestConfig(this.defaultRequestConfig);
        this.builder.setKeepAliveStrategy(createConnectionKeepAliveStrategy());
        this.builder.setMaxConnTotal(this.maxConnectionsTotal);
        this.builder.setMaxConnPerRoute(this.maxConnectionsPerRoute);
        PoolingHttpClientConnectionManager createConnectionMgr = createConnectionMgr();
        this.builder.setConnectionManager(createConnectionMgr);
        return createConnectionMgr;
    }

    private PoolingHttpClientConnectionManager createConnectionMgr() {
        PoolingHttpClientConnectionManager poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager(RegistryBuilder.create().register("http", PlainConnectionSocketFactory.getSocketFactory()).register("https", new SSLConnectionSocketFactory(buildSslContext(), this.noHostVerification ? NoopHostnameVerifier.INSTANCE : new DefaultHostnameVerifier())).build(), (HttpConnectionFactory) null, (SchemePortResolver) null, (DnsResolver) null, this.connectionPoolTimeToLive, TimeUnit.SECONDS);
        poolingHttpClientConnectionManager.setMaxTotal(this.maxConnectionsTotal);
        poolingHttpClientConnectionManager.setDefaultMaxPerRoute(this.maxConnectionsPerRoute);
        poolingHttpClientConnectionManager.setMaxPerRoute(new HttpRoute(new HttpHost("localhost", 80)), this.maxConnectionsPerRoute);
        return poolingHttpClientConnectionManager;
    }

    private SSLContext buildSslContext() {
        SSLContext sSLContext = null;
        try {
            SSLContextBuilder sSLContextBuilder = this.sslContextBuilder;
            if (this.trustSelfSignCert) {
                sSLContextBuilder = sSLContextBuilder != null ? sSLContextBuilder : SSLContexts.custom();
                sSLContextBuilder.loadTrustMaterial(TrustSelfSignedMultiChainStrategy.INSTANCE);
            }
            if (this.keyStoreProvider != null) {
                KeyStore provide = this.keyStoreProvider.provide();
                sSLContextBuilder = sSLContextBuilder != null ? sSLContextBuilder : SSLContexts.custom();
                sSLContextBuilder.loadTrustMaterial(provide, (TrustStrategy) null);
            }
            if (this.clientCertKeyStoreProvider != null && StringUtils.isNotBlank(this.clientCertAlias)) {
                sSLContextBuilder = sSLContextBuilder != null ? sSLContextBuilder : SSLContexts.custom();
                sSLContextBuilder.loadKeyMaterial(this.clientCertKeyStoreProvider.provide(), this.clientCertKeyStoreProvider.getPassword(), (map, socket) -> {
                    return this.clientCertAlias;
                });
            }
            if (sSLContextBuilder != null) {
                sSLContext = sSLContextBuilder.build();
            }
        } catch (Exception e) {
            log.error("SSLContexts initiation has failed, " + e.getMessage());
        }
        return sSLContext != null ? sSLContext : SSLContexts.createDefault();
    }

    private boolean hasCredentials() {
        return this.credsProvider.getCredentials(AuthScope.ANY) != null;
    }
}
