package com.networknt.http.client;

import ch.qos.logback.core.net.ssl.SSL;
import com.networknt.client.ClientConfig;
import com.networknt.client.oauth.Jwt;
import com.networknt.client.oauth.TokenManager;
import com.networknt.config.TlsUtil;
import com.networknt.http.client.ssl.ClientX509ExtendedTrustManager;
import com.networknt.http.client.ssl.CompositeX509TrustManager;
import com.networknt.monad.Failure;
import com.networknt.monad.Result;
import com.networknt.url.HttpURL;
import io.netty.handler.ssl.SslProtocols;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.Authenticator;
import java.net.InetSocketAddress;
import java.net.ProxySelector;
import java.net.URI;
import java.net.URLEncoder;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutorService;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.lang3.StringUtils;
import org.owasp.encoder.Encode;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/networknt/http/client/HttpClientRequest.class */
public class HttpClientRequest {
    private static Logger logger = LoggerFactory.getLogger((Class<?>) HttpClientRequest.class);
    private static ClientConfig clientConfig = ClientConfig.get();
    HttpClient httpClient;
    public static final String TLS = "tls";
    static final String LOAD_TRUST_STORE = "loadTrustStore";
    static final String LOAD_KEY_STORE = "loadKeyStore";
    static final String LOAD_DEFAULT_TRUST = "loadDefaultTrustStore";
    static final String TRUST_STORE = "trustStore";
    static final String TRUST_STORE_PASS = "trustStorePass";
    static final String DEFAULT_CERT_PASS = "defaultCertPassword";
    static final String KEY_STORE = "keyStore";
    static final String KEY_STORE_PASS = "keyStorePass";
    static final String KEY_PASS = "keyPass";
    static final String TLS_VERSION = "tlsVersion";
    static final String KEY_STORE_PROPERTY = "javax.net.ssl.keyStore";
    static final String KEY_STORE_PASSWORD_PROPERTY = "javax.net.ssl.keyStorePassword";
    static final String TRUST_STORE_PROPERTY = "javax.net.ssl.trustStore";
    static final String TRUST_STORE_PASSWORD_PROPERTY = "javax.net.ssl.trustStorePassword";
    static final String TRUST_STORE_TYPE_PROPERTY = "javax.net.ssl.trustStoreType";
    private int proxyPort;
    private TokenManager tokenManager = TokenManager.getInstance();
    private String proxyHost = null;
    private Authenticator authenticator = null;
    private ExecutorService executorService = null;

    public void setProxy(String str, int i) {
        this.proxyHost = str;
        this.proxyPort = i;
    }

    public void setExecutorService(ExecutorService executorService) {
        this.executorService = executorService;
    }

    public void setAuthenticator(Authenticator authenticator) {
        this.authenticator = authenticator;
    }

    protected HttpClient buildHttpClient(ClientConfig clientConfig2, boolean z) {
        HttpClient.Builder connectTimeout = HttpClient.newBuilder().connectTimeout(Duration.ofMillis(clientConfig2.getTimeout()));
        if (z) {
            try {
                connectTimeout.sslContext(createSSLContext());
            } catch (IOException e) {
                logger.error("cannot initial http client:" + e);
            }
        }
        if (clientConfig2.getRequestEnableHttp2()) {
            connectTimeout.version(HttpClient.Version.HTTP_2);
        } else {
            connectTimeout.version(HttpClient.Version.HTTP_1_1);
        }
        if (this.proxyHost != null) {
            connectTimeout.proxy(ProxySelector.of(new InetSocketAddress(this.proxyHost, this.proxyPort == 0 ? HttpURL.DEFAULT_HTTPS_PORT : this.proxyPort)));
        }
        if (this.authenticator != null) {
            connectTimeout.authenticator(this.authenticator);
        }
        if (this.executorService != null) {
            connectTimeout.executor(this.executorService);
        }
        return connectTimeout.build();
    }

    public HttpResponse<?> send(HttpRequest.Builder builder, HttpResponse.BodyHandler<?> bodyHandler) throws InterruptedException, IOException {
        return this.httpClient.send(builder.build(), bodyHandler);
    }

    public CompletableFuture<? extends HttpResponse<?>> sendAsync(HttpRequest.Builder builder, HttpResponse.BodyHandler<?> bodyHandler) throws InterruptedException, IOException {
        return this.httpClient.sendAsync(builder.build(), bodyHandler);
    }

    public HttpRequest.Builder initBuilder(String str, HttpMethod httpMethod) throws Exception {
        return initBuilder(new URI(str), httpMethod, Optional.empty());
    }

    public HttpRequest.Builder initBuilder(String str, HttpMethod httpMethod, Optional<?> optional) throws Exception {
        return initBuilder(new URI(str), httpMethod, optional);
    }

    public HttpRequest.Builder initBuilder(URI uri, HttpMethod httpMethod) {
        return initBuilder(uri, httpMethod, Optional.empty());
    }

    public HttpRequest.Builder initBuilder(URI uri, HttpMethod httpMethod, Optional<?> optional) {
        this.httpClient = buildHttpClient(clientConfig, "https".equals(uri.getScheme()));
        HttpRequest.Builder uri2 = HttpRequest.newBuilder().uri(uri);
        if (HttpMethod.DELETE.equals(httpMethod)) {
            uri2.DELETE();
        } else if (HttpMethod.POST.equals(httpMethod)) {
            uri2.POST(getBodyPublisher(optional));
        } else if (HttpMethod.PUT.name().equals(httpMethod)) {
            uri2.PUT(getBodyPublisher(optional));
        }
        return uri2;
    }

    public void addAuthToken(HttpRequest.Builder builder, String str) {
        if (str != null && !str.startsWith("Bearer ")) {
            str = str.toUpperCase().startsWith("BEARER ") ? "Bearer " + str.substring(7) : "Bearer " + str;
        }
        builder.setHeader("Authorization", str);
    }

    public void addRequestHeader(HttpRequest.Builder builder, String str, String str2) {
        builder.setHeader(str, str2);
    }

    public void addRequestHeaders(HttpRequest.Builder builder, Map<String, String> map) {
        if (map != null) {
            map.forEach((str, str2) -> {
                builder.setHeader(str, str2);
            });
        }
    }

    public void addTraceabilityId(HttpRequest.Builder builder, String str) {
        builder.setHeader("X-Traceability-Id", str);
    }

    public void addCorrelationId(HttpRequest.Builder builder, String str) {
        builder.setHeader("X-Correlation-Id", str);
    }

    public Result addCcToken(HttpRequest.Builder builder, String str, String str2, String str3) {
        Result<Jwt> jwt = this.tokenManager.getJwt(str, str2, str3);
        if (jwt.isFailure()) {
            return Failure.of(jwt.getError());
        }
        builder.setHeader("Authorization", "Bearer " + jwt.getResult().getJwt());
        return jwt;
    }

    public Result populateHeader(HttpRequest.Builder builder, String str, String str2, String str3, String str4) {
        Result<Jwt> jwt = this.tokenManager.getJwt(str2, str3, str4);
        if (jwt.isFailure()) {
            return Failure.of(jwt.getError());
        }
        if (str == null) {
            str = "Bearer " + jwt.getResult().getJwt();
        } else {
            builder.setHeader("X-Scope-Token", "Bearer " + jwt.getResult().getJwt());
        }
        addAuthToken(builder, str);
        return jwt;
    }

    protected HttpRequest.BodyPublisher getBodyPublisher(Optional<?> optional) {
        if (optional.isPresent()) {
            return optional.get() instanceof String ? HttpRequest.BodyPublishers.ofString((String) optional.get()) : optional.get() instanceof Map ? ofFormData((Map) optional.get()) : HttpRequest.BodyPublishers.ofString(JsonMapper.toJson(optional.get()));
        }
        return null;
    }

    private HttpRequest.BodyPublisher ofFormData(Map<Object, Object> map) {
        StringBuilder sb = new StringBuilder();
        for (Map.Entry<Object, Object> entry : map.entrySet()) {
            if (sb.length() > 0) {
                sb.append("&");
            }
            sb.append(URLEncoder.encode(entry.getKey().toString(), StandardCharsets.UTF_8));
            sb.append("=");
            sb.append(URLEncoder.encode(entry.getValue().toString(), StandardCharsets.UTF_8));
        }
        return HttpRequest.BodyPublishers.ofString(sb.toString());
    }

    public static SSLContext createSSLContext() throws IOException {
        TrustManager[] loadDefaultTrustStore;
        SSLContext sSLContext = null;
        KeyManager[] keyManagerArr = null;
        Map<String, Object> tlsConfig = clientConfig.getTlsConfig();
        if (tlsConfig != null) {
            try {
                Boolean bool = (Boolean) tlsConfig.get(LOAD_KEY_STORE);
                if (bool != null && bool.booleanValue()) {
                    String property = System.getProperty(KEY_STORE_PROPERTY);
                    String property2 = System.getProperty(KEY_STORE_PASSWORD_PROPERTY);
                    if (property == null || property2 == null) {
                        property = (String) tlsConfig.get(KEY_STORE);
                        property2 = (String) tlsConfig.get("keyStorePass");
                        if (property2 == null) {
                            logger.error("Cannot load the config: keyStorePass from client.yml");
                        }
                        if (logger.isInfoEnabled()) {
                            logger.info("Loading key store from config at " + Encode.forJava(property));
                        }
                    } else if (logger.isInfoEnabled()) {
                        logger.info("Loading key store from system property at " + Encode.forJava(property));
                    }
                    if (property != null && property2 != null) {
                        String str = (String) tlsConfig.get("keyPass");
                        if (str == null) {
                            logger.error("Cannot load the config: keyPass from client.yml");
                        }
                        KeyStore loadKeyStore = TlsUtil.loadKeyStore(property, property2.toCharArray());
                        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                        keyManagerFactory.init(loadKeyStore, str.toCharArray());
                        keyManagerArr = keyManagerFactory.getKeyManagers();
                    }
                }
                TrustManager[] trustManagerArr = null;
                Boolean bool2 = (Boolean) tlsConfig.get(LOAD_DEFAULT_TRUST);
                ArrayList arrayList = new ArrayList();
                try {
                    Boolean bool3 = (Boolean) tlsConfig.get(LOAD_TRUST_STORE);
                    if (bool3 != null && bool3.booleanValue()) {
                        String str2 = (String) tlsConfig.get(TRUST_STORE);
                        String str3 = (String) tlsConfig.get("trustStorePass");
                        if (str3 == null) {
                            logger.error("Cannot load the config: trustStorePass from client.yml");
                        }
                        if (logger.isInfoEnabled()) {
                            logger.info("Loading trust store from config at " + Encode.forJava(str2));
                        }
                        if (str2 != null && str3 != null) {
                            KeyStore loadKeyStore2 = TlsUtil.loadKeyStore(str2, str3.toCharArray());
                            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                            trustManagerFactory.init(loadKeyStore2);
                            trustManagerArr = trustManagerFactory.getTrustManagers();
                        }
                        if (bool2 != null && bool2.booleanValue() && (loadDefaultTrustStore = loadDefaultTrustStore()) != null && loadDefaultTrustStore.length > 0) {
                            arrayList.addAll(Arrays.asList(loadDefaultTrustStore));
                        }
                        if (trustManagerArr != null && trustManagerArr.length > 0) {
                            arrayList.addAll(Arrays.asList(trustManagerArr));
                        }
                    }
                    try {
                        String str4 = (String) tlsConfig.get(TLS_VERSION);
                        if (str4 == null) {
                            str4 = SslProtocols.TLS_v1_2;
                        }
                        sSLContext = SSLContext.getInstance(str4);
                        if (bool2 != null && bool2.booleanValue() && !arrayList.isEmpty()) {
                            sSLContext.init(keyManagerArr, new TrustManager[]{new CompositeX509TrustManager(convertTrustManagers(arrayList))}, null);
                        } else if (trustManagerArr == null || trustManagerArr.length == 0) {
                            logger.error("No trust store is loaded. Please check client.yml");
                        } else {
                            sSLContext.init(keyManagerArr, new TrustManager[]{new ClientX509ExtendedTrustManager(arrayList)}, null);
                        }
                    } catch (KeyManagementException | NoSuchAlgorithmException e) {
                        throw new IOException("Unable to create and initialise the SSLContext", e);
                    }
                } catch (Exception e2) {
                    throw new IOException("Unable to initialise TrustManager[]", e2);
                }
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e3) {
                throw new IOException("Unable to initialise KeyManager[]", e3);
            }
        } else {
            logger.error("TLS configuration section is missing in client.yml");
        }
        return sSLContext;
    }

    public static List<X509TrustManager> convertTrustManagers(List<TrustManager> list) {
        ArrayList arrayList = new ArrayList();
        for (TrustManager trustManager : list) {
            if (trustManager instanceof X509TrustManager) {
                arrayList.add((X509TrustManager) trustManager);
            }
        }
        return arrayList;
    }

    public static TrustManager[] loadDefaultTrustStore() throws Exception {
        Path path = null;
        String str = SSL.DEFAULT_KEYSTORE_PASSWORD;
        Map<String, Object> tlsConfig = clientConfig.getTlsConfig();
        if (tlsConfig != null && tlsConfig.get(DEFAULT_CERT_PASS) != null) {
            str = (String) tlsConfig.get(DEFAULT_CERT_PASS);
        }
        String property = System.getProperty(TRUST_STORE_PROPERTY);
        if (StringUtils.isEmpty(property)) {
            String property2 = System.getProperty("java.home");
            path = Paths.get(property2, "lib", "security", "jssecacerts");
            if (!path.toFile().exists()) {
                path = Paths.get(property2, "lib", "security", "cacerts");
            }
        } else {
            Path path2 = Paths.get(property, new String[0]);
            File file = path2.toFile();
            if (file.exists() && file.isFile() && file.canRead()) {
                path = path2;
            }
        }
        if (!path.toFile().exists()) {
            logger.warn("Cannot find system default trust store");
            return null;
        }
        String property3 = System.getProperty(TRUST_STORE_PASSWORD_PROPERTY);
        if (!StringUtils.isEmpty(property3)) {
            str = property3;
        }
        String property4 = System.getProperty(TRUST_STORE_TYPE_PROPERTY);
        KeyStore keyStore = KeyStore.getInstance(!StringUtils.isEmpty(property4) ? property4 : KeyStore.getDefaultType(), Security.getProvider("SUN"));
        InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
        try {
            keyStore.load(newInputStream, str.toCharArray());
            logger.info("JDK default trust store loaded from : {} .", path);
            if (newInputStream != null) {
                newInputStream.close();
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
            trustManagerFactory.init(keyStore);
            return trustManagerFactory.getTrustManagers();
        } catch (Throwable th) {
            if (newInputStream != null) {
                try {
                    newInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
