package io.quarkiverse.minio.client;

import io.micrometer.core.instrument.MeterRegistry;
import io.micrometer.core.instrument.binder.okhttp3.OkHttpMetricsEventListener;
import jakarta.inject.Singleton;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.Collection;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.OkHttpClient;
import okhttp3.Protocol;

@Singleton
/* loaded from: input_file:io/quarkiverse/minio/client/WithMetricsHttpClientProducer.class */
public class WithMetricsHttpClientProducer implements OptionalHttpClientProducer {
    protected static final long DEFAULT_CONNECTION_TIMEOUT = 5;
    private MeterRegistry meterRegistry;
    private MiniosRuntimeConfiguration configuration;

    public WithMetricsHttpClientProducer(MeterRegistry meterRegistry, MiniosRuntimeConfiguration miniosRuntimeConfiguration) {
        this.meterRegistry = meterRegistry;
        this.configuration = miniosRuntimeConfiguration;
    }

    @Override // java.util.function.Function
    public Optional<OkHttpClient> apply(String str) {
        return !this.configuration.produceMetrics() ? Optional.empty() : Optional.of(getHttpClientWithInterceptor(this.meterRegistry, str));
    }

    private OkHttpClient getHttpClientWithInterceptor(MeterRegistry meterRegistry, String str) {
        OkHttpClient build = new OkHttpClient().newBuilder().connectTimeout(DEFAULT_CONNECTION_TIMEOUT, TimeUnit.MINUTES).writeTimeout(DEFAULT_CONNECTION_TIMEOUT, TimeUnit.MINUTES).readTimeout(DEFAULT_CONNECTION_TIMEOUT, TimeUnit.MINUTES).protocols(List.of(Protocol.HTTP_1_1)).eventListener(OkHttpMetricsEventListener.builder(meterRegistry, MiniosBuildTimeConfiguration.isDefault(str) ? "minio.client" : "minio." + str + ".client").uriMapper(request -> {
            return String.join("/", request.url().pathSegments());
        }).build()).build();
        String str2 = System.getenv("SSL_CERT_FILE");
        if (str2 != null && !str2.isEmpty()) {
            try {
                build = enableExternalCertificates(build, str2);
            } catch (IOException | GeneralSecurityException e) {
                throw new RuntimeException(e);
            }
        }
        return build;
    }

    private OkHttpClient enableExternalCertificates(OkHttpClient okHttpClient, String str) throws GeneralSecurityException, IOException {
        FileInputStream fileInputStream = new FileInputStream(str);
        try {
            Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(fileInputStream);
            fileInputStream.close();
            if (generateCertificates == null || generateCertificates.isEmpty()) {
                throw new IllegalArgumentException("expected non-empty set of trusted certificates");
            }
            char[] charArray = "password".toCharArray();
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, charArray);
            int i = 0;
            for (Certificate certificate : generateCertificates) {
                int i2 = i;
                i++;
                keyStore.setCertificateEntry(Integer.toString(i2), certificate);
            }
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, charArray);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagers, trustManagers, null);
            return okHttpClient.newBuilder().sslSocketFactory(sSLContext.getSocketFactory(), (X509TrustManager) trustManagers[0]).build();
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }
}
