package com.github.nhenneaux.resilienthttpclient.singlehostclient;

import java.lang.Runtime;
import java.net.InetAddress;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.time.Duration;
import java.util.Collections;
import java.util.Objects;
import java.util.Optional;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:com/github/nhenneaux/resilienthttpclient/singlehostclient/SingleHostHttpClientBuilder.class */
public class SingleHostHttpClientBuilder {
    private final String hostname;
    private final InetAddress hostAddress;
    private final HttpClient.Builder builder;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/github/nhenneaux/resilienthttpclient/singlehostclient/SingleHostHttpClientBuilder$RethrowGeneralSecurityException.class */
    public interface RethrowGeneralSecurityException<T> {
        static <T> T handleGeneralSecurityException(RethrowGeneralSecurityException<T> rethrowGeneralSecurityException) {
            try {
                return rethrowGeneralSecurityException.run();
            } catch (GeneralSecurityException e) {
                throw new IllegalStateException(e);
            }
        }

        static void handleGeneralSecurityException(RethrowVoidGeneralSecurityException rethrowVoidGeneralSecurityException) {
            handleGeneralSecurityException(() -> {
                rethrowVoidGeneralSecurityException.run();
                return null;
            });
        }

        T run() throws GeneralSecurityException;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/github/nhenneaux/resilienthttpclient/singlehostclient/SingleHostHttpClientBuilder$RethrowVoidGeneralSecurityException.class */
    public interface RethrowVoidGeneralSecurityException {
        void run() throws GeneralSecurityException;
    }

    private SingleHostHttpClientBuilder(String str, InetAddress inetAddress, HttpClient.Builder builder) {
        this.hostname = str;
        this.hostAddress = inetAddress;
        this.builder = builder;
    }

    public static HttpClient newHttpClient(String str, InetAddress inetAddress) {
        return builder(str, inetAddress, HttpClient.newBuilder().connectTimeout(Duration.ofSeconds(2L))).withTlsNameMatching().withSni().buildWithHostHeader();
    }

    public static SingleHostHttpClientBuilder builder(String str, InetAddress inetAddress, HttpClient.Builder builder) {
        return new SingleHostHttpClientBuilder(str, inetAddress, builder);
    }

    public SingleHostHttpClientBuilder withSni() {
        SSLParameters sSLParameters = new SSLParameters();
        sSLParameters.setServerNames(Collections.singletonList(new SNIHostName(this.hostname)));
        this.builder.sslParameters(sSLParameters);
        return this;
    }

    public SingleHostHttpClientBuilder withTlsNameMatching() {
        return withTlsNameMatching((KeyStore) null);
    }

    private static SSLContext buildSslContextForSingleHostname(String str, KeyStore keyStore, KeyStore keyStore2, char[] cArr, SSLContext sSLContext) {
        TrustManager[] singleHostTrustManager = singleHostTrustManager(str, keyStore);
        KeyManager[] keyManagerArr = (KeyManager[]) Optional.ofNullable(keyStore2).map(keyStore3 -> {
            return buildKeyManagerFactory(keyStore3, cArr);
        }).map((v0) -> {
            return v0.getKeyManagers();
        }).orElse(null);
        RethrowGeneralSecurityException.handleGeneralSecurityException(() -> {
            sSLContext.init(keyManagerArr, singleHostTrustManager, new SecureRandom());
        });
        return sSLContext;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static KeyManagerFactory buildKeyManagerFactory(KeyStore keyStore, char[] cArr) {
        KeyManagerFactory keyManagerFactory = (KeyManagerFactory) RethrowGeneralSecurityException.handleGeneralSecurityException(() -> {
            return KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        });
        RethrowGeneralSecurityException.handleGeneralSecurityException(() -> {
            keyManagerFactory.init(keyStore, cArr);
        });
        return keyManagerFactory;
    }

    public SingleHostHttpClientBuilder withTlsNameMatching(KeyStore keyStore) {
        return withTlsNameMatching(keyStore, null, null);
    }

    public SingleHostHttpClientBuilder withTlsNameMatching(KeyStore keyStore, KeyStore keyStore2, char[] cArr) {
        return withTlsNameMatching(keyStore, keyStore2, cArr, (SSLContext) RethrowGeneralSecurityException.handleGeneralSecurityException(() -> {
            return SSLContext.getInstance("TLSv1.3");
        }));
    }

    public HttpClient buildWithHostHeader() {
        HttpClient build = build();
        Optional<U> map = isJava13OrHigher().map(version -> {
            return new HttpClientWrapper(build, this::requestWithHostHeader);
        });
        Class<HttpClient> cls = HttpClient.class;
        Objects.requireNonNull(HttpClient.class);
        return (HttpClient) map.map((v1) -> {
            return r1.cast(v1);
        }).orElse(build);
    }

    private SingleIpHttpRequest requestWithHostHeader(HttpRequest httpRequest) {
        int port = httpRequest.uri().getPort();
        return port == -1 ? new SingleIpHttpRequest(httpRequest, this.hostAddress, this.hostname) : new SingleIpHttpRequest(httpRequest, this.hostAddress, this.hostname + ":" + port);
    }

    public HttpClient build() {
        return new HttpClientWrapper(this.builder.build(), httpRequest -> {
            return new SingleIpHttpRequest(httpRequest, this.hostAddress);
        });
    }

    public SingleHostHttpClientBuilder withTlsNameMatching(SSLContext sSLContext) {
        return withTlsNameMatching(null, null, null, sSLContext);
    }

    public SingleHostHttpClientBuilder withTlsNameMatching(KeyStore keyStore, KeyStore keyStore2, char[] cArr, SSLContext sSLContext) {
        this.builder.sslContext(buildSslContextForSingleHostname(this.hostname, keyStore, keyStore2, cArr, sSLContext));
        return this;
    }

    private static Optional<Runtime.Version> isJava13OrHigher() {
        return Optional.of(Runtime.version()).filter(version -> {
            return version.feature() >= 13;
        });
    }

    private static TrustManager[] singleHostTrustManager(String str, KeyStore keyStore) {
        TrustManagerFactory trustManagerFactory = (TrustManagerFactory) RethrowGeneralSecurityException.handleGeneralSecurityException(() -> {
            return TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        });
        RethrowGeneralSecurityException.handleGeneralSecurityException(() -> {
            trustManagerFactory.init(keyStore);
        });
        return new TrustManager[]{new SingleHostnameX509TrustManager((X509TrustManager) trustManagerFactory.getTrustManagers()[0], str)};
    }
}
