package com.github.nhenneaux.resilienthttpclient.singlehostclient;

import java.lang.Runtime;
import java.net.http.HttpClient;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.time.Duration;
import java.util.Collections;
import java.util.Objects;
import java.util.Optional;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:com/github/nhenneaux/resilienthttpclient/singlehostclient/SingleHostHttpClientBuilder.class */
public class SingleHostHttpClientBuilder {
    private final String hostname;
    private final HttpClient.Builder builder;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/github/nhenneaux/resilienthttpclient/singlehostclient/SingleHostHttpClientBuilder$RethrowGeneralSecurityException.class */
    public interface RethrowGeneralSecurityException<T> {
        static <T> T handleGeneralSecurityException(RethrowGeneralSecurityException<T> rethrowGeneralSecurityException) {
            try {
                return rethrowGeneralSecurityException.run();
            } catch (GeneralSecurityException e) {
                throw new IllegalStateException(e);
            }
        }

        static void handleGeneralSecurityException(RethrowVoidGeneralSecurityException rethrowVoidGeneralSecurityException) {
            handleGeneralSecurityException(() -> {
                rethrowVoidGeneralSecurityException.run();
                return null;
            });
        }

        T run() throws GeneralSecurityException;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/github/nhenneaux/resilienthttpclient/singlehostclient/SingleHostHttpClientBuilder$RethrowVoidGeneralSecurityException.class */
    public interface RethrowVoidGeneralSecurityException {
        void run() throws GeneralSecurityException;
    }

    private SingleHostHttpClientBuilder(String str, HttpClient.Builder builder) {
        this.hostname = str;
        this.builder = builder;
    }

    public static SingleHostHttpClientBuilder builder(String str) {
        return new SingleHostHttpClientBuilder(str, HttpClient.newBuilder().connectTimeout(Duration.ofSeconds(2L)));
    }

    public static SingleHostHttpClientBuilder builder(String str, HttpClient.Builder builder) {
        return new SingleHostHttpClientBuilder(str, builder);
    }

    public static HttpClient build(String str) {
        return builder(str).withTlsNameMatching().withSni().buildWithHostHeader();
    }

    public static HttpClient build(String str, HttpClient.Builder builder) {
        return builder(str, builder).withTlsNameMatching().withSni().buildWithHostHeader();
    }

    public static HttpClient build(String str, KeyStore keyStore, HttpClient.Builder builder) {
        return builder(str, builder).withTlsNameMatching(keyStore).withSni().buildWithHostHeader();
    }

    public static SSLContext buildSslContextForSingleHostname(String str, KeyStore keyStore, SSLContext sSLContext) {
        TrustManager[] singleHostTrustManager = singleHostTrustManager(str, keyStore);
        RethrowGeneralSecurityException.handleGeneralSecurityException(() -> {
            sSLContext.init(null, singleHostTrustManager, new SecureRandom());
        });
        return sSLContext;
    }

    private static Optional<Runtime.Version> isJava13OrHigher() {
        return Optional.of(Runtime.version()).filter(version -> {
            return version.feature() >= 13;
        });
    }

    public static TrustManager[] singleHostTrustManager(String str, KeyStore keyStore) {
        TrustManagerFactory trustManagerFactory = (TrustManagerFactory) RethrowGeneralSecurityException.handleGeneralSecurityException(() -> {
            return TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        });
        RethrowGeneralSecurityException.handleGeneralSecurityException(() -> {
            trustManagerFactory.init(keyStore);
        });
        return new TrustManager[]{new SingleHostnameX509TrustManager((X509TrustManager) trustManagerFactory.getTrustManagers()[0], str)};
    }

    SingleHostHttpClientBuilder withSni() {
        SSLParameters sSLParameters = new SSLParameters();
        sSLParameters.setServerNames(Collections.singletonList(new SNIHostName(this.hostname)));
        this.builder.sslParameters(sSLParameters);
        return this;
    }

    SingleHostHttpClientBuilder withTlsNameMatching() {
        return withTlsNameMatching((KeyStore) null);
    }

    public SingleHostHttpClientBuilder withTlsNameMatching(KeyStore keyStore) {
        return withTlsNameMatching(keyStore, (SSLContext) RethrowGeneralSecurityException.handleGeneralSecurityException(() -> {
            return SSLContext.getInstance("TLSv1.3");
        }));
    }

    public SingleHostHttpClientBuilder withTlsNameMatching(SSLContext sSLContext) {
        return withTlsNameMatching(null, sSLContext);
    }

    public HttpClient buildWithHostHeader() {
        HttpClient build = this.builder.build();
        Optional<U> map = isJava13OrHigher().map(version -> {
            return new HttpClientWrapper(build, this.hostname);
        });
        Class<HttpClient> cls = HttpClient.class;
        Objects.requireNonNull(HttpClient.class);
        return (HttpClient) map.map((v1) -> {
            return r1.cast(v1);
        }).orElse(build);
    }

    public HttpClient build() {
        return this.builder.build();
    }

    SingleHostHttpClientBuilder withTlsNameMatching(KeyStore keyStore, SSLContext sSLContext) {
        this.builder.sslContext(buildSslContextForSingleHostname(this.hostname, keyStore, sSLContext));
        return this;
    }
}
