package com.networknt.client;

import com.networknt.client.oauth.ClientCredentialsRequest;
import com.networknt.client.oauth.TokenHelper;
import com.networknt.client.oauth.TokenResponse;
import com.networknt.config.Config;
import com.networknt.exception.ApiException;
import com.networknt.exception.ClientException;
import com.networknt.status.Status;
import com.networknt.utility.ModuleRegistry;
import io.undertow.server.HttpServerExchange;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Map;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import org.apache.http.HeaderElement;
import org.apache.http.HttpHost;
import org.apache.http.HttpRequest;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.routing.HttpRoute;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.impl.nio.client.CloseableHttpAsyncClient;
import org.apache.http.impl.nio.client.HttpAsyncClientBuilder;
import org.apache.http.impl.nio.conn.PoolingNHttpClientConnectionManager;
import org.apache.http.impl.nio.reactor.DefaultConnectingIOReactor;
import org.apache.http.impl.nio.reactor.IOReactorConfig;
import org.apache.http.message.BasicHeaderElementIterator;
import org.apache.http.nio.conn.NoopIOSessionStrategy;
import org.apache.http.nio.conn.SchemeIOSessionStrategy;
import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy;
import org.apache.http.nio.reactor.ConnectingIOReactor;
import org.apache.http.nio.reactor.IOReactorException;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;
import org.owasp.encoder.Encode;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/networknt/client/Client.class */
public class Client {
    public static final String CONFIG_NAME = "client";
    static final Logger logger = LoggerFactory.getLogger(Client.class);
    static final Integer DEFAULT_REACTOR_CONNECT_TIMEOUT = 10000;
    static final Integer DEFAULT_REACTOR_SO_TIMEOUT = 10000;
    static final String SYNC = "sync";
    static final String ASYNC = "async";
    static final String ROUTES = "routes";
    static final String MAX_CONNECTION_TOTAL = "maxConnectionTotal";
    static final String MAX_CONNECTION_PER_ROUTE = "maxConnectionPerRoute";
    static final String TIMEOUT = "timeout";
    static final String KEEP_ALIVE = "keepAlive";
    static final String TLS = "tls";
    static final String LOAD_TRUST_STORE = "loadTrustStore";
    static final String LOAD_KEY_STORE = "loadKeyStore";
    static final String VERIFY_HOSTNAME = "verifyHostname";
    static final String TRUST_STORE = "trustStore";
    static final String TRUST_PASS = "trustPass";
    static final String KEY_STORE = "keyStore";
    static final String KEY_PASS = "keyPass";
    static final String TRUST_STORE_PROPERTY = "javax.net.ssl.trustStore";
    static final String TRUST_STORE_PASSWORD_PROPERTY = "javax.net.ssl.trustStorePassword";
    static final String REACTOR = "reactor";
    static final String REACTOR_IO_THREAD_COUNT = "ioThreadCount";
    static final String REACTOR_CONNECT_TIMEOUT = "connectTimeout";
    static final String REACTOR_SO_TIMEOUT = "soTimeout";
    static final String OAUTH = "oauth";
    static final String TOKEN_RENEW_BEFORE_EXPIRED = "tokenRenewBeforeExpired";
    static final String EXPIRED_REFRESH_RETRY_DELAY = "expiredRefreshRetryDelay";
    static final String EARLY_REFRESH_RETRY_DELAY = "earlyRefreshRetryDelay";
    static final String STATUS_CLIENT_CREDENTIALS_TOKEN_NOT_AVAILABLE = "ERR10009";
    static Map<String, Object> config;
    static Map<String, Object> oauthConfig;
    private String jwt;
    private long expire;
    private volatile long expiredRetryTimeout;
    private volatile long earlyRetryTimeout;
    private static final Client instance;
    private volatile CloseableHttpClient httpClient = null;
    private volatile CloseableHttpAsyncClient httpAsyncClient = null;
    private volatile boolean renewing = false;
    private final Object lock = new Object();

    public static Client getInstance() {
        return instance;
    }

    private Client() {
    }

    public CloseableHttpClient getSyncClient() throws ClientException {
        if (this.httpClient == null) {
            synchronized (Client.class) {
                if (this.httpClient == null) {
                    this.httpClient = httpClient();
                }
            }
        }
        return this.httpClient;
    }

    public CloseableHttpAsyncClient getAsyncClient() throws ClientException {
        if (this.httpAsyncClient == null) {
            synchronized (Client.class) {
                if (this.httpAsyncClient == null) {
                    this.httpAsyncClient = httpAsyncClient();
                }
            }
        }
        this.httpAsyncClient.start();
        return this.httpAsyncClient;
    }

    public void addAuthToken(HttpRequest httpRequest, String str) {
        if (!str.startsWith("Bearer ")) {
            str = str.toUpperCase().startsWith("BEARER ") ? "Bearer " + str.substring(7) : "Bearer " + str;
        }
        httpRequest.addHeader("Authorization", str);
    }

    public void addAuthTokenTrace(HttpRequest httpRequest, String str, String str2) {
        if (!str.startsWith("Bearer ")) {
            str = str.toUpperCase().startsWith("BEARER ") ? "Bearer " + str.substring(7) : "Bearer " + str;
        }
        httpRequest.addHeader("Authorization", str);
        httpRequest.addHeader("X-Traceability-Id", str2);
    }

    public void addCcToken(HttpRequest httpRequest) throws ClientException, ApiException {
        checkCCTokenExpired();
        httpRequest.addHeader("Authorization", "Bearer " + this.jwt);
    }

    public void addCcTokenTrace(HttpRequest httpRequest, String str) throws ClientException, ApiException {
        checkCCTokenExpired();
        httpRequest.addHeader("Authorization", "Bearer " + this.jwt);
        httpRequest.addHeader("X-Traceability-Id", str);
    }

    public void propagateHeaders(HttpRequest httpRequest, HttpServerExchange httpServerExchange) throws ClientException, ApiException {
        populateHeader(httpRequest, httpServerExchange.getRequestHeaders().getFirst("Authorization"), httpServerExchange.getRequestHeaders().getFirst("X-Correlation-Id"), httpServerExchange.getRequestHeaders().getFirst("X-Traceability-Id"));
    }

    public void populateHeader(HttpRequest httpRequest, String str, String str2, String str3) throws ClientException, ApiException {
        if (str3 != null) {
            addAuthTokenTrace(httpRequest, str, str3);
        } else {
            addAuthToken(httpRequest, str);
        }
        httpRequest.addHeader("X-Correlation-Id", str2);
        checkCCTokenExpired();
        httpRequest.addHeader("X-Scope-Token", "Bearer " + this.jwt);
    }

    private void getCCToken() throws ClientException {
        TokenResponse token = TokenHelper.getToken(new ClientCredentialsRequest());
        synchronized (this.lock) {
            this.jwt = token.getAccessToken();
            this.expire = System.currentTimeMillis() + (token.getExpiresIn() * 1000);
            logger.info("Get client credentials token {} with expire_in {} seconds", this.jwt, Long.valueOf(token.getExpiresIn()));
        }
    }

    private void checkCCTokenExpired() throws ClientException, ApiException {
        long intValue = ((Integer) oauthConfig.get(TOKEN_RENEW_BEFORE_EXPIRED)).intValue();
        long intValue2 = ((Integer) oauthConfig.get(EXPIRED_REFRESH_RETRY_DELAY)).intValue();
        long intValue3 = ((Integer) oauthConfig.get(EARLY_REFRESH_RETRY_DELAY)).intValue();
        boolean z = this.expire - System.currentTimeMillis() < intValue;
        logger.trace("isInRenewWindow = " + z);
        if (z) {
            if (this.expire <= System.currentTimeMillis()) {
                logger.trace("In renew window and token is expired.");
                synchronized (Client.class) {
                    if (this.expire <= System.currentTimeMillis()) {
                        logger.trace("Within the synch block, check if the current request need to renew token");
                        if (this.renewing && System.currentTimeMillis() <= this.expiredRetryTimeout) {
                            logger.trace("Circuit breaker is tripped and not timeout yet!");
                            throw new ApiException(new Status(STATUS_CLIENT_CREDENTIALS_TOKEN_NOT_AVAILABLE, new Object[0]));
                        }
                        this.renewing = true;
                        this.expiredRetryTimeout = System.currentTimeMillis() + intValue2;
                        logger.trace("Current request is renewing token synchronously as token is expired already");
                        getCCToken();
                        this.renewing = false;
                    }
                }
            } else {
                logger.trace("In renew window but token is not expired yet.");
                synchronized (Client.class) {
                    if (this.expire > System.currentTimeMillis() && (!this.renewing || System.currentTimeMillis() > this.earlyRetryTimeout)) {
                        this.renewing = true;
                        this.earlyRetryTimeout = System.currentTimeMillis() + intValue3;
                        logger.trace("Retrieve token async is called while token is not expired yet");
                        ScheduledExecutorService newSingleThreadScheduledExecutor = Executors.newSingleThreadScheduledExecutor();
                        newSingleThreadScheduledExecutor.schedule(() -> {
                            try {
                                getCCToken();
                                this.renewing = false;
                                logger.trace("Async get token is completed.");
                            } catch (Exception e) {
                                logger.error("Async retrieve token error", e);
                            }
                        }, 50L, TimeUnit.MILLISECONDS);
                        newSingleThreadScheduledExecutor.shutdown();
                    }
                }
            }
        }
        logger.trace("Check secondary token is done!");
    }

    private CloseableHttpClient httpClient() throws ClientException {
        PoolingHttpClientConnectionManager poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager(registry());
        Map map = (Map) config.get(SYNC);
        poolingHttpClientConnectionManager.setMaxTotal(((Integer) map.get(MAX_CONNECTION_TOTAL)).intValue());
        poolingHttpClientConnectionManager.setDefaultMaxPerRoute(((Integer) map.get(MAX_CONNECTION_PER_ROUTE)).intValue());
        Map map2 = (Map) map.get(ROUTES);
        for (String str : map2.keySet()) {
            poolingHttpClientConnectionManager.setMaxPerRoute(new HttpRoute(new HttpHost(str)), ((Integer) map2.get(str)).intValue());
        }
        int intValue = ((Integer) map.get(TIMEOUT)).intValue();
        RequestConfig build = RequestConfig.custom().setConnectTimeout(intValue).setSocketTimeout(intValue).build();
        long intValue2 = ((Integer) map.get(KEEP_ALIVE)).intValue();
        return HttpClientBuilder.create().setConnectionManager(poolingHttpClientConnectionManager).setKeepAliveStrategy((httpResponse, httpContext) -> {
            BasicHeaderElementIterator basicHeaderElementIterator = new BasicHeaderElementIterator(httpResponse.headerIterator("Keep-Alive"));
            while (basicHeaderElementIterator.hasNext()) {
                HeaderElement nextElement = basicHeaderElementIterator.nextElement();
                String name = nextElement.getName();
                String value = nextElement.getValue();
                if (value != null && name.equalsIgnoreCase(TIMEOUT)) {
                    try {
                        logger.trace("Use server timeout for keepAliveMilliseconds");
                        return Long.parseLong(value) * 1000;
                    } catch (NumberFormatException e) {
                    }
                }
            }
            return intValue2;
        }).setDefaultRequestConfig(build).build();
    }

    private CloseableHttpAsyncClient httpAsyncClient() throws ClientException {
        PoolingNHttpClientConnectionManager poolingNHttpClientConnectionManager = new PoolingNHttpClientConnectionManager(ioReactor(), asyncRegistry());
        Map map = (Map) config.get(ASYNC);
        poolingNHttpClientConnectionManager.setMaxTotal(((Integer) map.get(MAX_CONNECTION_TOTAL)).intValue());
        poolingNHttpClientConnectionManager.setDefaultMaxPerRoute(((Integer) map.get(MAX_CONNECTION_PER_ROUTE)).intValue());
        Map map2 = (Map) map.get(ROUTES);
        for (String str : map2.keySet()) {
            poolingNHttpClientConnectionManager.setMaxPerRoute(new HttpRoute(new HttpHost(str)), ((Integer) map2.get(str)).intValue());
        }
        int intValue = ((Integer) map.get(TIMEOUT)).intValue();
        RequestConfig build = RequestConfig.custom().setConnectTimeout(intValue).setSocketTimeout(intValue).build();
        long intValue2 = ((Integer) map.get(KEEP_ALIVE)).intValue();
        return HttpAsyncClientBuilder.create().setConnectionManager(poolingNHttpClientConnectionManager).setKeepAliveStrategy((httpResponse, httpContext) -> {
            BasicHeaderElementIterator basicHeaderElementIterator = new BasicHeaderElementIterator(httpResponse.headerIterator("Keep-Alive"));
            while (basicHeaderElementIterator.hasNext()) {
                HeaderElement nextElement = basicHeaderElementIterator.nextElement();
                String name = nextElement.getName();
                String value = nextElement.getValue();
                if (value != null && name.equalsIgnoreCase(TIMEOUT)) {
                    try {
                        logger.trace("Use server timeout for keepAliveMilliseconds");
                        return Long.parseLong(value) * 1000;
                    } catch (NumberFormatException e) {
                    }
                }
            }
            return intValue2;
        }).setDefaultRequestConfig(build).build();
    }

    private Registry<SchemeIOSessionStrategy> asyncRegistry() throws ClientException {
        try {
            return RegistryBuilder.create().register("http", NoopIOSessionStrategy.INSTANCE).register("https", new SSLIOSessionStrategy(sslContext(), new String[]{"TLSv1"}, (String[]) null, hostnameVerifier())).build();
        } catch (IOException e) {
            logger.error("IOException: ", e);
            throw new ClientException("IOException: ", e);
        } catch (KeyManagementException e2) {
            logger.error("KeyManagementException: ", e2);
            throw new ClientException("KeyManagementException: ", e2);
        } catch (NoSuchAlgorithmException e3) {
            logger.error("NoSuchAlgorithmException: ", e3);
            throw new ClientException("NoSuchAlgorithmException: ", e3);
        }
    }

    private ConnectingIOReactor ioReactor() throws ClientException {
        Map map = (Map) ((Map) config.get(ASYNC)).get(REACTOR);
        Integer num = (Integer) map.get(REACTOR_IO_THREAD_COUNT);
        IOReactorConfig.Builder custom = IOReactorConfig.custom();
        custom.setIoThreadCount(num == null ? Runtime.getRuntime().availableProcessors() : num.intValue());
        Integer num2 = (Integer) map.get(REACTOR_CONNECT_TIMEOUT);
        custom.setConnectTimeout((num2 == null ? DEFAULT_REACTOR_CONNECT_TIMEOUT : num2).intValue());
        Integer num3 = (Integer) map.get(REACTOR_SO_TIMEOUT);
        custom.setSoTimeout((num3 == null ? DEFAULT_REACTOR_SO_TIMEOUT : num3).intValue());
        try {
            return new DefaultConnectingIOReactor(custom.build());
        } catch (IOReactorException e) {
            logger.error("IOReactorException: ", e);
            throw new ClientException("IOReactorException: ", e);
        }
    }

    private SSLContext sslContext() throws ClientException, IOException, NoSuchAlgorithmException, KeyManagementException {
        InputStream inputStreamFromFile;
        SSLContext sSLContext = null;
        Map map = (Map) config.get(TLS);
        if (map != null) {
            SSLContextBuilder custom = SSLContexts.custom();
            Boolean bool = (Boolean) map.get(LOAD_TRUST_STORE);
            if (bool != null && bool.booleanValue()) {
                String property = System.getProperty(TRUST_STORE_PROPERTY);
                String property2 = System.getProperty(TRUST_STORE_PASSWORD_PROPERTY);
                if (property == null || property2 == null) {
                    property = (String) map.get(TRUST_STORE);
                    property2 = (String) map.get(TRUST_PASS);
                    logger.info("Loading trust store from config at " + Encode.forJava(property));
                } else {
                    logger.info("Loading trust store from system property at " + Encode.forJava(property));
                }
                if (property != null && property2 != null) {
                    inputStreamFromFile = Config.getInstance().getInputStreamFromFile(property);
                    try {
                        if (inputStreamFromFile != null) {
                            try {
                                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                                keyStore.load(inputStreamFromFile, property2.toCharArray());
                                custom.loadTrustMaterial(keyStore, new TrustSelfSignedStrategy());
                                inputStreamFromFile.close();
                            } catch (KeyStoreException e) {
                                logger.error("KeyStoreException: Unable to load trust store.", e);
                                throw new ClientException("KeyStoreException: Unable to load trust store.", e);
                            } catch (CertificateException e2) {
                                logger.error("CertificateException: Unable to load trust store.", e2);
                                throw new ClientException("CertificateException: Unable to load trust store.", e2);
                            }
                        }
                    } finally {
                    }
                }
            }
            Boolean bool2 = (Boolean) map.get(LOAD_KEY_STORE);
            if (bool2 != null && bool2.booleanValue()) {
                String str = (String) map.get(KEY_STORE);
                String str2 = (String) map.get(KEY_PASS);
                if (str != null && str2 != null) {
                    inputStreamFromFile = Config.getInstance().getInputStreamFromFile(str);
                    try {
                        if (inputStreamFromFile != null) {
                            try {
                                KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
                                keyStore2.load(inputStreamFromFile, str2.toCharArray());
                                custom.loadKeyMaterial(keyStore2, str2.toCharArray());
                                inputStreamFromFile.close();
                            } catch (KeyStoreException e3) {
                                logger.error("KeyStoreException: Unable to load key store.", e3);
                                throw new ClientException("KeyStoreException: Unable to load key store.", e3);
                            } catch (UnrecoverableKeyException e4) {
                                logger.error("UnrecoverableKeyException: Unable to load key store.", e4);
                                throw new ClientException("UnrecoverableKeyException: Unable to load key store.", e4);
                            } catch (CertificateException e5) {
                                logger.error("CertificateException: Unable to load key store.", e5);
                                throw new ClientException("CertificateException: Unable to load key store.", e5);
                            }
                        }
                    } finally {
                    }
                }
            }
            sSLContext = custom.build();
        }
        return sSLContext;
    }

    private HostnameVerifier hostnameVerifier() {
        Map map = (Map) config.get(TLS);
        NoopHostnameVerifier noopHostnameVerifier = null;
        if (map != null) {
            Boolean bool = (Boolean) map.get(VERIFY_HOSTNAME);
            noopHostnameVerifier = (bool == null || bool.booleanValue()) ? new DefaultHostnameVerifier() : new NoopHostnameVerifier();
        }
        return noopHostnameVerifier;
    }

    private Registry<ConnectionSocketFactory> registry() throws ClientException {
        try {
            return RegistryBuilder.create().register("http", PlainConnectionSocketFactory.INSTANCE).register("https", new SSLConnectionSocketFactory(sslContext(), new String[]{"TLSv1"}, (String[]) null, hostnameVerifier())).build();
        } catch (IOException e) {
            logger.error("IOException: in registry", e);
            throw new ClientException("IOException: in registry", e);
        } catch (KeyManagementException e2) {
            logger.error("KeyManagementException: in registry", e2);
            throw new ClientException("KeyManagementException: in registry", e2);
        } catch (NoSuchAlgorithmException e3) {
            logger.error("NoSuchAlgorithmException: in registry", e3);
            throw new ClientException("NoSuchAlgorithmException: in registry", e3);
        }
    }

    static {
        ArrayList arrayList = new ArrayList();
        arrayList.add(TRUST_PASS);
        arrayList.add(KEY_PASS);
        arrayList.add("client_secret");
        ModuleRegistry.registerModule(Client.class.getName(), Config.getInstance().getJsonMapConfigNoCache(CONFIG_NAME), arrayList);
        config = Config.getInstance().getJsonMapConfig(CONFIG_NAME);
        if (config != null) {
            oauthConfig = (Map) config.get(OAUTH);
        }
        instance = new Client();
    }
}
