package org.alfresco.httpclient;

import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import org.alfresco.error.AlfrescoRuntimeException;
import org.apache.http.HttpHost;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.HttpClientConnectionManager;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.client.StandardHttpRequestRetryHandler;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;

/* loaded from: input_file:WEB-INF/lib/alfresco-core-23.2.0.13.jar:org/alfresco/httpclient/HttpClient4Factory.class */
public class HttpClient4Factory {
    protected static final String TLS_PROTOCOL = "TLS";
    protected static final String HTTPS_PROTOCOL = "https";
    protected static final String HTTP_TARGET_HOST = "http.target_host";
    protected static final String TLS_V_1_2 = "TLSv1.2";
    protected static final String TLS_V_1_3 = "TLSv1.3";

    private static SSLContext createSSLContext(HttpClientConfig httpClientConfig) {
        KeyManager[] createKeyManagers = httpClientConfig.getKeyStore().createKeyManagers();
        TrustManager[] createTrustManagers = httpClientConfig.getTrustStore().createTrustManagers();
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(createKeyManagers, createTrustManagers, null);
            return sSLContext;
        } catch (Throwable th) {
            throw new AlfrescoRuntimeException("Unable to create SSL context", th);
        }
    }

    public static CloseableHttpClient createHttpClient(HttpClientConfig httpClientConfig) {
        return createHttpClient(httpClientConfig, null);
    }

    public static CloseableHttpClient createHttpClient(HttpClientConfig httpClientConfig, HttpClientConnectionManager httpClientConnectionManager) {
        HttpClientBuilder custom = HttpClients.custom();
        if (httpClientConfig.isMTLSEnabled()) {
            custom.addInterceptorFirst((httpRequest, httpContext) -> {
                if (!((HttpHost) httpContext.getAttribute("http.target_host")).getSchemeName().equals("https")) {
                    throw new HttpClientException("mTLS is enabled but provided URL does not use a secured protocol");
                }
            });
            custom.setSSLSocketFactory(getSslConnectionSocketFactory(httpClientConfig));
        }
        if (httpClientConnectionManager != null) {
            custom.setConnectionManager(httpClientConnectionManager);
        } else {
            httpClientConfig.getMaxTotalConnections().ifPresent(num -> {
                custom.setMaxConnTotal(num.intValue());
            });
            httpClientConfig.getMaxHostConnections().ifPresent(num2 -> {
                custom.setMaxConnPerRoute(num2.intValue());
            });
        }
        RequestConfig.Builder custom2 = RequestConfig.custom();
        httpClientConfig.getConnectionTimeout().ifPresent(num3 -> {
            custom2.setConnectTimeout(num3.intValue());
        });
        httpClientConfig.getConnectionRequestTimeout().ifPresent(num4 -> {
            custom2.setConnectionRequestTimeout(num4.intValue());
        });
        httpClientConfig.getSocketTimeout().ifPresent(num5 -> {
            custom2.setSocketTimeout(num5.intValue());
        });
        custom.setDefaultRequestConfig(custom2.build());
        custom.setRetryHandler(new StandardHttpRequestRetryHandler(5, false));
        return custom.build();
    }

    private static SSLConnectionSocketFactory getSslConnectionSocketFactory(HttpClientConfig httpClientConfig) {
        return new SSLConnectionSocketFactory(createSSLContext(httpClientConfig), new String[]{TLS_V_1_2, TLS_V_1_3}, (String[]) null, httpClientConfig.isHostnameVerificationDisabled() ? new NoopHostnameVerifier() : SSLConnectionSocketFactory.getDefaultHostnameVerifier());
    }

    public static PoolingHttpClientConnectionManager createPoolingConnectionManager(HttpClientConfig httpClientConfig) {
        PoolingHttpClientConnectionManager poolingHttpClientConnectionManager = httpClientConfig.isMTLSEnabled() ? new PoolingHttpClientConnectionManager((Registry<ConnectionSocketFactory>) RegistryBuilder.create().register("https", getSslConnectionSocketFactory(httpClientConfig)).build()) : new PoolingHttpClientConnectionManager((Registry<ConnectionSocketFactory>) RegistryBuilder.create().register(HttpHost.DEFAULT_SCHEME_NAME, PlainConnectionSocketFactory.getSocketFactory()).build());
        PoolingHttpClientConnectionManager poolingHttpClientConnectionManager2 = poolingHttpClientConnectionManager;
        httpClientConfig.getMaxTotalConnections().ifPresent(num -> {
            poolingHttpClientConnectionManager2.setMaxTotal(num.intValue());
        });
        PoolingHttpClientConnectionManager poolingHttpClientConnectionManager3 = poolingHttpClientConnectionManager;
        httpClientConfig.getMaxHostConnections().ifPresent(num2 -> {
            poolingHttpClientConnectionManager3.setDefaultMaxPerRoute(num2.intValue());
        });
        return poolingHttpClientConnectionManager;
    }
}
