package com.github.nhenneaux.resilienthttpclient.singlehostclient;

import java.lang.Runtime;
import java.net.http.HttpClient;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.Objects;
import java.util.Optional;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:com/github/nhenneaux/resilienthttpclient/singlehostclient/SingleHostHttpClientProvider.class */
public class SingleHostHttpClientProvider {
    private static final String JDK_INTERNAL_HTTPCLIENT_DISABLE_HOSTNAME_VERIFICATION = "jdk.internal.httpclient.disableHostnameVerification";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/github/nhenneaux/resilienthttpclient/singlehostclient/SingleHostHttpClientProvider$RethrowGeneralSecurityException.class */
    public interface RethrowGeneralSecurityException<T> {
        static <T> T handleGeneralSecurityException(RethrowGeneralSecurityException<T> rethrowGeneralSecurityException) {
            try {
                return rethrowGeneralSecurityException.run();
            } catch (GeneralSecurityException e) {
                throw new IllegalStateException(e);
            }
        }

        static void handleGeneralSecurityException(RethrowVoidGeneralSecurityException rethrowVoidGeneralSecurityException) {
            handleGeneralSecurityException(() -> {
                rethrowVoidGeneralSecurityException.run();
                return null;
            });
        }

        T run() throws GeneralSecurityException;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/github/nhenneaux/resilienthttpclient/singlehostclient/SingleHostHttpClientProvider$RethrowVoidGeneralSecurityException.class */
    public interface RethrowVoidGeneralSecurityException {
        void run() throws GeneralSecurityException;
    }

    static Optional<Runtime.Version> isJava13() {
        return Optional.of(Runtime.version()).filter(version -> {
            return version.feature() >= 13;
        });
    }

    public HttpClient buildSingleHostnameHttpClient(String str) {
        return buildSingleHostnameHttpClient(str, null);
    }

    public HttpClient buildSingleHostnameHttpClient(String str, KeyStore keyStore) {
        return buildSingleHostnameHttpClient(str, keyStore, HttpClient.newBuilder());
    }

    public HttpClient buildSingleHostnameHttpClient(String str, KeyStore keyStore, HttpClient.Builder builder) {
        SSLContext buildSslContextForSingleHostname = buildSslContextForSingleHostname(str, keyStore);
        String property = System.setProperty(JDK_INTERNAL_HTTPCLIENT_DISABLE_HOSTNAME_VERIFICATION, Boolean.TRUE.toString());
        try {
            HttpClient build = builder.sslContext(buildSslContextForSingleHostname).build();
            if (property == null) {
                System.clearProperty(JDK_INTERNAL_HTTPCLIENT_DISABLE_HOSTNAME_VERIFICATION);
            } else {
                System.setProperty(JDK_INTERNAL_HTTPCLIENT_DISABLE_HOSTNAME_VERIFICATION, property);
            }
            Optional<U> map = isJava13().map(version -> {
                return new HttpClientWrapper(build, str);
            });
            Class<HttpClient> cls = HttpClient.class;
            Objects.requireNonNull(HttpClient.class);
            return (HttpClient) map.map((v1) -> {
                return r1.cast(v1);
            }).orElse(build);
        } catch (Throwable th) {
            if (property == null) {
                System.clearProperty(JDK_INTERNAL_HTTPCLIENT_DISABLE_HOSTNAME_VERIFICATION);
            } else {
                System.setProperty(JDK_INTERNAL_HTTPCLIENT_DISABLE_HOSTNAME_VERIFICATION, property);
            }
            throw th;
        }
    }

    private SSLContext buildSslContextForSingleHostname(String str, KeyStore keyStore) {
        TrustManager[] singleHostTrustManager = singleHostTrustManager(str, keyStore);
        SSLContext sSLContext = (SSLContext) RethrowGeneralSecurityException.handleGeneralSecurityException(() -> {
            return SSLContext.getInstance("TLS");
        });
        RethrowGeneralSecurityException.handleGeneralSecurityException(() -> {
            sSLContext.init(null, singleHostTrustManager, new SecureRandom());
        });
        return sSLContext;
    }

    private TrustManager[] singleHostTrustManager(String str, KeyStore keyStore) {
        TrustManagerFactory trustManagerFactory = (TrustManagerFactory) RethrowGeneralSecurityException.handleGeneralSecurityException(() -> {
            return TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        });
        RethrowGeneralSecurityException.handleGeneralSecurityException(() -> {
            trustManagerFactory.init(keyStore);
        });
        return new TrustManager[]{new SingleHostnameX509TrustManager((X509TrustManager) trustManagerFactory.getTrustManagers()[0], str)};
    }

    static {
        isJava13().ifPresent(version -> {
            System.setProperty("jdk.httpclient.allowRestrictedHeaders", "host");
        });
    }
}
