package org.springframework.vault.config;

import com.squareup.okhttp.OkHttpClient;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
import java.io.IOException;
import java.io.InputStream;
import java.net.ProxySelector;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import okhttp3.OkHttpClient;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.DefaultSchemePortResolver;
import org.apache.http.impl.conn.SystemDefaultRoutePlanner;
import org.springframework.core.io.Resource;
import org.springframework.http.client.ClientHttpRequestFactory;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.http.client.Netty4ClientHttpRequestFactory;
import org.springframework.http.client.OkHttp3ClientHttpRequestFactory;
import org.springframework.http.client.OkHttpClientHttpRequestFactory;
import org.springframework.http.client.SimpleClientHttpRequestFactory;
import org.springframework.util.Assert;
import org.springframework.util.ClassUtils;
import org.springframework.util.StringUtils;
import org.springframework.vault.support.ClientOptions;
import org.springframework.vault.support.SslConfiguration;

/* loaded from: input_file:org/springframework/vault/config/ClientHttpRequestFactoryFactory.class */
public class ClientHttpRequestFactoryFactory {
    private static final Log logger = LogFactory.getLog(ClientHttpRequestFactoryFactory.class);
    private static final boolean HTTP_COMPONENTS_PRESENT = ClassUtils.isPresent("org.apache.http.client.HttpClient", ClientHttpRequestFactoryFactory.class.getClassLoader());
    private static final boolean OKHTTP_PRESENT = ClassUtils.isPresent("com.squareup.okhttp.OkHttpClient", ClientHttpRequestFactoryFactory.class.getClassLoader());
    private static final boolean OKHTTP3_PRESENT = ClassUtils.isPresent("okhttp3.OkHttpClient", ClientHttpRequestFactoryFactory.class.getClassLoader());
    private static final boolean NETTY_PRESENT = ClassUtils.isPresent("io.netty.channel.nio.NioEventLoopGroup", ClientHttpRequestFactoryFactory.class.getClassLoader());

    /* loaded from: input_file:org/springframework/vault/config/ClientHttpRequestFactoryFactory$HttpComponents.class */
    static class HttpComponents {
        HttpComponents() {
        }

        static ClientHttpRequestFactory usingHttpComponents(ClientOptions clientOptions, SslConfiguration sslConfiguration) throws GeneralSecurityException, IOException {
            HttpClientBuilder custom = HttpClients.custom();
            custom.setRoutePlanner(new SystemDefaultRoutePlanner(DefaultSchemePortResolver.INSTANCE, ProxySelector.getDefault()));
            if (ClientHttpRequestFactoryFactory.hasSslConfiguration(sslConfiguration)) {
                SSLContext sSLContext = ClientHttpRequestFactoryFactory.getSSLContext(sslConfiguration);
                custom.setSSLSocketFactory(new SSLConnectionSocketFactory(sSLContext));
                custom.setSSLContext(sSLContext);
            }
            custom.setDefaultRequestConfig(RequestConfig.custom().setConnectTimeout(clientOptions.getConnectionTimeout()).setSocketTimeout(clientOptions.getReadTimeout()).setAuthenticationEnabled(true).build());
            return new HttpComponentsClientHttpRequestFactory(custom.build());
        }
    }

    /* loaded from: input_file:org/springframework/vault/config/ClientHttpRequestFactoryFactory$Netty.class */
    static class Netty {
        Netty() {
        }

        static ClientHttpRequestFactory usingNetty(ClientOptions clientOptions, SslConfiguration sslConfiguration) throws GeneralSecurityException, IOException {
            Netty4ClientHttpRequestFactory netty4ClientHttpRequestFactory = new Netty4ClientHttpRequestFactory();
            if (ClientHttpRequestFactoryFactory.hasSslConfiguration(sslConfiguration)) {
                SslContextBuilder forClient = SslContextBuilder.forClient();
                if (sslConfiguration.getTrustStore() != null) {
                    forClient.trustManager(ClientHttpRequestFactoryFactory.createTrustManagerFactory(sslConfiguration.getTrustStore(), sslConfiguration.getTrustStorePassword()));
                }
                if (sslConfiguration.getKeyStore() != null) {
                    forClient.keyManager(ClientHttpRequestFactoryFactory.createKeyManagerFactory(sslConfiguration.getKeyStore(), sslConfiguration.getKeyStorePassword()));
                }
                netty4ClientHttpRequestFactory.setSslContext(forClient.sslProvider(SslProvider.JDK).build());
            }
            netty4ClientHttpRequestFactory.setConnectTimeout(clientOptions.getConnectionTimeout());
            netty4ClientHttpRequestFactory.setReadTimeout(clientOptions.getReadTimeout());
            return netty4ClientHttpRequestFactory;
        }
    }

    /* loaded from: input_file:org/springframework/vault/config/ClientHttpRequestFactoryFactory$OkHttp.class */
    static class OkHttp {
        OkHttp() {
        }

        static ClientHttpRequestFactory usingOkHttp(ClientOptions clientOptions, SslConfiguration sslConfiguration) throws GeneralSecurityException, IOException {
            final OkHttpClient okHttpClient = new OkHttpClient();
            OkHttpClientHttpRequestFactory okHttpClientHttpRequestFactory = new OkHttpClientHttpRequestFactory(okHttpClient) { // from class: org.springframework.vault.config.ClientHttpRequestFactoryFactory.OkHttp.1
                public void destroy() throws IOException {
                    if (okHttpClient.getCache() != null) {
                        okHttpClient.getCache().close();
                    }
                    okHttpClient.getDispatcher().getExecutorService().shutdown();
                }
            };
            if (ClientHttpRequestFactoryFactory.hasSslConfiguration(sslConfiguration)) {
                okHttpClient.setSslSocketFactory(ClientHttpRequestFactoryFactory.getSSLContext(sslConfiguration).getSocketFactory());
            }
            okHttpClientHttpRequestFactory.setConnectTimeout(clientOptions.getConnectionTimeout());
            okHttpClientHttpRequestFactory.setReadTimeout(clientOptions.getReadTimeout());
            return okHttpClientHttpRequestFactory;
        }
    }

    /* loaded from: input_file:org/springframework/vault/config/ClientHttpRequestFactoryFactory$OkHttp3.class */
    static class OkHttp3 {
        OkHttp3() {
        }

        static ClientHttpRequestFactory usingOkHttp3(ClientOptions clientOptions, SslConfiguration sslConfiguration) throws GeneralSecurityException, IOException {
            OkHttpClient.Builder builder = new OkHttpClient.Builder();
            if (ClientHttpRequestFactoryFactory.hasSslConfiguration(sslConfiguration)) {
                builder.sslSocketFactory(ClientHttpRequestFactoryFactory.getSSLContext(sslConfiguration).getSocketFactory());
            }
            builder.connectTimeout(clientOptions.getConnectionTimeout(), TimeUnit.MILLISECONDS).readTimeout(clientOptions.getReadTimeout(), TimeUnit.MILLISECONDS);
            return new OkHttp3ClientHttpRequestFactory(builder.build());
        }
    }

    public static ClientHttpRequestFactory create(ClientOptions clientOptions, SslConfiguration sslConfiguration) {
        Assert.notNull(clientOptions, "ClientOptions must not be null");
        Assert.notNull(sslConfiguration, "SslConfiguration must not be null");
        try {
            if (HTTP_COMPONENTS_PRESENT) {
                return HttpComponents.usingHttpComponents(clientOptions, sslConfiguration);
            }
            if (OKHTTP3_PRESENT) {
                return OkHttp3.usingOkHttp3(clientOptions, sslConfiguration);
            }
            if (OKHTTP_PRESENT) {
                return OkHttp.usingOkHttp(clientOptions, sslConfiguration);
            }
            if (NETTY_PRESENT) {
                return Netty.usingNetty(clientOptions, sslConfiguration);
            }
            if (hasSslConfiguration(sslConfiguration)) {
                logger.warn("VaultProperties has SSL configured but the SSL configuration must be applied outside the Vault Client to use the JDK HTTP client");
            }
            return new SimpleClientHttpRequestFactory();
        } catch (IOException e) {
            throw new IllegalStateException(e);
        } catch (GeneralSecurityException e2) {
            throw new IllegalStateException(e2);
        }
    }

    static SSLContext getSSLContext(SslConfiguration sslConfiguration) throws GeneralSecurityException, IOException {
        KeyManager[] keyManagers = sslConfiguration.getKeyStore() != null ? createKeyManagerFactory(sslConfiguration.getKeyStore(), sslConfiguration.getKeyStorePassword()).getKeyManagers() : null;
        TrustManager[] trustManagers = sslConfiguration.getTrustStore() != null ? createTrustManagerFactory(sslConfiguration.getTrustStore(), sslConfiguration.getTrustStorePassword()).getTrustManagers() : null;
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(keyManagers, trustManagers, null);
        return sSLContext;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static KeyManagerFactory createKeyManagerFactory(Resource resource, String str) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        loadKeyStore(resource, str, keyStore);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, StringUtils.hasText(str) ? str.toCharArray() : new char[0]);
        return keyManagerFactory;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static TrustManagerFactory createTrustManagerFactory(Resource resource, String str) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        loadKeyStore(resource, str, keyStore);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        return trustManagerFactory;
    }

    private static void loadKeyStore(Resource resource, String str, KeyStore keyStore) throws IOException, NoSuchAlgorithmException, CertificateException {
        InputStream inputStream = null;
        try {
            inputStream = resource.getInputStream();
            keyStore.load(inputStream, StringUtils.hasText(str) ? str.toCharArray() : null);
            if (inputStream != null) {
                inputStream.close();
            }
        } catch (Throwable th) {
            if (inputStream != null) {
                inputStream.close();
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean hasSslConfiguration(SslConfiguration sslConfiguration) {
        return (sslConfiguration.getTrustStore() == null && sslConfiguration.getKeyStore() == null) ? false : true;
    }
}
