package org.commonjava.maven.galley.transport.htcli;

import java.io.Closeable;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.conn.HttpClientConnectionManager;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.DefaultProxyRoutePlanner;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.ssl.TrustStrategy;
import org.commonjava.maven.galley.auth.PasswordEntry;
import org.commonjava.maven.galley.spi.auth.PasswordManager;
import org.commonjava.maven.galley.transport.htcli.Http;
import org.commonjava.maven.galley.transport.htcli.internal.CloseBlockingConnectionManager;
import org.commonjava.maven.galley.transport.htcli.internal.SSLUtils;
import org.commonjava.maven.galley.transport.htcli.model.HttpLocation;
import org.commonjava.maven.galley.transport.htcli.util.HttpUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/commonjava/maven/galley/transport/htcli/HttpImpl.class */
public class HttpImpl implements Http, Closeable {
    private final Logger logger;
    private final PasswordManager passwords;
    private final CloseBlockingConnectionManager connectionManager;

    public HttpImpl(PasswordManager passwordManager) {
        this(passwordManager, 200);
    }

    public HttpImpl(PasswordManager passwordManager, int i) {
        this.logger = LoggerFactory.getLogger(getClass());
        this.passwords = passwordManager;
        PoolingHttpClientConnectionManager poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager();
        poolingHttpClientConnectionManager.setMaxTotal(200);
        this.connectionManager = new CloseBlockingConnectionManager(poolingHttpClientConnectionManager);
    }

    public HttpImpl(PasswordManager passwordManager, HttpClientConnectionManager httpClientConnectionManager) {
        this.logger = LoggerFactory.getLogger(getClass());
        this.passwords = passwordManager;
        this.connectionManager = new CloseBlockingConnectionManager(httpClientConnectionManager);
    }

    @Override // org.commonjava.maven.galley.transport.htcli.Http
    public CloseableHttpClient createClient() throws IOException {
        return createClient(null);
    }

    @Override // org.commonjava.maven.galley.transport.htcli.Http
    public CloseableHttpClient createClient(HttpLocation httpLocation) throws IOException {
        HttpClientBuilder connectionManager = HttpClients.custom().setConnectionManager(this.connectionManager);
        if (httpLocation != null) {
            SSLConnectionSocketFactory createSSLSocketFactory = createSSLSocketFactory(httpLocation);
            if (createSSLSocketFactory != null) {
                connectionManager.setSSLSocketFactory(createSSLSocketFactory);
            }
            if (httpLocation.getProxyHost() != null) {
                connectionManager.setRoutePlanner(new DefaultProxyRoutePlanner(new HttpHost(httpLocation.getProxyHost(), getProxyPort(httpLocation))));
            }
        }
        return connectionManager.build();
    }

    private int getProxyPort(HttpLocation httpLocation) {
        int proxyPort = httpLocation.getProxyPort();
        if (proxyPort < 1) {
            proxyPort = -1;
        }
        return proxyPort;
    }

    @Override // org.commonjava.maven.galley.transport.htcli.Http
    public HttpClientContext createContext() {
        return createContext(null);
    }

    @Override // org.commonjava.maven.galley.transport.htcli.Http
    public HttpClientContext createContext(HttpLocation httpLocation) {
        HttpClientContext create = HttpClientContext.create();
        if (httpLocation != null) {
            BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
            AuthScope authScope = new AuthScope(httpLocation.getHost(), httpLocation.getPort());
            if (httpLocation.getUser() != null) {
                basicCredentialsProvider.setCredentials(authScope, new UsernamePasswordCredentials(httpLocation.getUser(), this.passwords.getPassword(new PasswordEntry(httpLocation, "userPassword"))));
            }
            if (httpLocation.getProxyHost() != null && httpLocation.getProxyUser() != null) {
                basicCredentialsProvider.setCredentials(new AuthScope(httpLocation.getProxyHost(), getProxyPort(httpLocation)), new UsernamePasswordCredentials(httpLocation.getProxyUser(), this.passwords.getPassword(new PasswordEntry(httpLocation, "proxyPassword"))));
            }
            create.setCredentialsProvider(basicCredentialsProvider);
        }
        return create;
    }

    private SSLConnectionSocketFactory createSSLSocketFactory(HttpLocation httpLocation) throws IOException {
        KeyStore keyStore = null;
        KeyStore keyStore2 = null;
        String keyCertPem = httpLocation.getKeyCertPem();
        String password = this.passwords.getPassword(new PasswordEntry(httpLocation, "keyPassword"));
        if (keyCertPem != null) {
            if (password == null || password.length() < 1) {
                this.logger.error("Invalid configuration. Location: {} cannot have an empty key password!", httpLocation.getUri());
                throw new IOException("Location: " + httpLocation.getUri() + " is misconfigured!");
            }
            try {
                keyStore = SSLUtils.readKeyAndCert(keyCertPem, password);
                this.logger.debug("Keystore contains the following certificates: {}", new Http.CertEnumerator(keyStore));
            } catch (KeyStoreException e) {
                this.logger.error(String.format("Invalid configuration. Cannot initialize keystore for repository: %s. Error: %s", httpLocation.getUri(), e.getMessage()), e);
                throw new IOException("Failed to initialize SSL connection for repository: " + httpLocation.getUri());
            } catch (NoSuchAlgorithmException e2) {
                this.logger.error(String.format("Invalid configuration. Cannot initialize keystore for repository: %s. Error: %s", httpLocation.getUri(), e2.getMessage()), e2);
                throw new IOException("Failed to initialize SSL connection for repository: " + httpLocation.getUri());
            } catch (CertificateException e3) {
                this.logger.error(String.format("Invalid configuration. Location: %s has an invalid client certificate! Error: %s", httpLocation.getUri(), e3.getMessage()), e3);
                throw new IOException("Failed to initialize SSL connection for repository: " + httpLocation.getUri());
            } catch (InvalidKeySpecException e4) {
                this.logger.error(String.format("Invalid configuration. Invalid client key for repository: %s. Error: %s", httpLocation.getUri(), e4.getMessage()), e4);
                throw new IOException("Failed to initialize SSL connection for repository: " + httpLocation.getUri());
            }
        }
        String serverCertPem = httpLocation.getServerCertPem();
        this.logger.debug("Server certificate PEM:\n{}", serverCertPem);
        if (serverCertPem != null) {
            try {
                keyStore2 = SSLUtils.readCerts(serverCertPem, httpLocation.getHost());
                this.logger.debug("Trust store contains the following certificates:\n{}", new Http.CertEnumerator(keyStore2));
            } catch (KeyStoreException e5) {
                this.logger.error(String.format("Invalid configuration. Cannot initialize keystore for repository: %s. Error: %s", httpLocation.getUri(), e5.getMessage()), e5);
                throw new IOException("Failed to initialize SSL connection for repository: " + httpLocation.getUri());
            } catch (NoSuchAlgorithmException e6) {
                this.logger.error(String.format("Invalid configuration. Cannot initialize keystore for repository: %s. Error: %s", httpLocation.getUri(), e6.getMessage()), e6);
                throw new IOException("Failed to initialize SSL connection for repository: " + httpLocation.getUri());
            } catch (CertificateException e7) {
                this.logger.error(String.format("Invalid configuration. Location: %s has an invalid server certificate! Error: %s", httpLocation.getUri(), e7.getMessage()), e7);
                throw new IOException("Failed to initialize SSL connection for repository: " + httpLocation.getUri());
            }
        }
        if (keyStore == null && keyStore2 == null) {
            return null;
        }
        try {
            return new SSLConnectionSocketFactory(SSLContexts.custom().useProtocol("TLS").loadKeyMaterial(keyStore, password.toCharArray()).loadTrustMaterial(keyStore2, (TrustStrategy) null).build(), new DefaultHostnameVerifier());
        } catch (KeyManagementException e8) {
            this.logger.error("Invalid configuration. Cannot initialize SSL socket factory for repository: {}. Error: {}", new Object[]{e8, httpLocation.getUri(), e8.getMessage()});
            throw new IOException("Failed to initialize SSL connection for repository: " + httpLocation.getUri());
        } catch (KeyStoreException e9) {
            this.logger.error("Invalid configuration. Cannot initialize SSL socket factory for repository: {}. Error: {}", new Object[]{e9, httpLocation.getUri(), e9.getMessage()});
            throw new IOException("Failed to initialize SSL connection for repository: " + httpLocation.getUri());
        } catch (NoSuchAlgorithmException e10) {
            this.logger.error("Invalid configuration. Cannot initialize SSL socket factory for repository: {}. Error: {}", new Object[]{e10, httpLocation.getUri(), e10.getMessage()});
            throw new IOException("Failed to initialize SSL connection for repository: " + httpLocation.getUri());
        } catch (UnrecoverableKeyException e11) {
            this.logger.error("Invalid configuration. Cannot initialize SSL socket factory for repository: {}. Error: {}", new Object[]{e11, httpLocation.getUri(), e11.getMessage()});
            throw new IOException("Failed to initialize SSL connection for repository: " + httpLocation.getUri());
        }
    }

    @Override // org.commonjava.maven.galley.transport.htcli.Http
    public void cleanup(CloseableHttpClient closeableHttpClient, HttpUriRequest httpUriRequest, CloseableHttpResponse closeableHttpResponse) {
        HttpUtil.cleanupResources(closeableHttpClient, httpUriRequest, closeableHttpResponse);
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        this.connectionManager.reallyShutdown();
    }
}
