package com.exasol.bucketfs.http;

import com.exasol.errorreporting.ExaError;
import java.io.IOException;
import java.net.http.HttpClient;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Optional;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:com/exasol/bucketfs/http/HttpClientBuilder.class */
public class HttpClientBuilder {
    private boolean raiseTlsErrors = true;
    private X509Certificate certificate;

    public HttpClientBuilder raiseTlsErrors(boolean z) {
        this.raiseTlsErrors = z;
        return this;
    }

    public HttpClientBuilder certificate(X509Certificate x509Certificate) {
        this.certificate = x509Certificate;
        return this;
    }

    public HttpClient build() {
        SSLContext createSslContext = createSslContext();
        initializeSslContext(createSslContext);
        return HttpClient.newBuilder().sslContext(createSslContext).build();
    }

    private void initializeSslContext(SSLContext sSLContext) {
        try {
            sSLContext.init(null, createTrustManagers().orElse(null), null);
        } catch (KeyManagementException e) {
            throw new IllegalStateException(ExaError.messageBuilder("E-BFSJ-20").message("Unable to initialize TLS context while trying to create HTTP client for RPC communication.", new Object[0]).toString(), e);
        }
    }

    private Optional<TrustManager[]> createTrustManagers() {
        if (this.raiseTlsErrors || this.certificate == null) {
            return !this.raiseTlsErrors ? Optional.of(createDummyTrustManagers()) : this.certificate != null ? Optional.of(createTrustManagerForCertificate()) : Optional.empty();
        }
        throw new IllegalStateException(ExaError.messageBuilder("E-BFSJ-27").message("Setting raiseTlsErrors to false and using a certificate is mutually exclusive.", new Object[0]).mitigation("Either set raiseTlsErrors to true or remove the certificate.", new Object[0]).toString());
    }

    private TrustManager[] createDummyTrustManagers() {
        return new TrustManager[]{new DummyTrustManager()};
    }

    private TrustManager[] createTrustManagerForCertificate() {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null);
            keyStore.setCertificateEntry("caCert", this.certificate);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            return trustManagerFactory.getTrustManagers();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new IllegalStateException(ExaError.messageBuilder("E-BFSJ-25").message("Unable to create trust manager for given certificate", new Object[0]).toString());
        }
    }

    private SSLContext createSslContext() {
        try {
            return SSLContext.getInstance("TLS");
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException(ExaError.messageBuilder("E-BFSJ-26").message("Unable to initialize TLS context while trying to create HTTP client for RPC communication.", new Object[0]).toString(), e);
        }
    }
}
