package work.ready.cloud.client;

import io.undertow.server.HttpServerExchange;
import io.undertow.util.Headers;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.concurrent.CompletableFuture;
import java.util.function.Consumer;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.xnio.IoUtils;
import work.ready.cloud.ReadyCloud;
import work.ready.cloud.client.ClientConfig;
import work.ready.cloud.client.clevercall.CircuitBreaker;
import work.ready.cloud.client.oauth.Jwt;
import work.ready.cloud.client.oauth.TokenManager;
import work.ready.cloud.client.ssl.ClientTrustManager;
import work.ready.cloud.client.ssl.TLSConfig;
import work.ready.cloud.registry.base.URL;
import work.ready.core.log.Log;
import work.ready.core.log.LogFactory;
import work.ready.core.server.Constant;
import work.ready.core.server.Ready;
import work.ready.core.service.result.Failure;
import work.ready.core.service.result.Result;
import work.ready.core.tools.HttpClient;
import work.ready.core.tools.NetUtil;

/* loaded from: input_file:work/ready/cloud/client/CloudClient.class */
public class CloudClient extends HttpClient {
    public static final String DEFAULT_USER_AGENT = "ReadyCloudClient";
    static SSLContext sslContext;
    static final String KEY_STORE_PROPERTY = "javax.net.ssl.keyStore";
    static final String KEY_STORE_PASSWORD_PROPERTY = "javax.net.ssl.keyStorePassword";
    static final String TRUST_STORE_PROPERTY = "javax.net.ssl.trustStore";
    static final String TRUST_STORE_PASSWORD_PROPERTY = "javax.net.ssl.trustStorePassword";
    private TokenManager tokenManager;
    private static final Log logger = LogFactory.getLog(CloudClient.class);
    static final CloudClient trustAllInstance = getInstance(getTrustAllSsl());
    static final CloudClient instance = getInstance(getDefaultSsl());

    private CloudClient() {
        this.tokenManager = TokenManager.getInstance();
    }

    private CloudClient(Consumer<HttpClient.Builder> consumer) {
        super(consumer);
        this.tokenManager = TokenManager.getInstance();
        this.userAgent = DEFAULT_USER_AGENT;
    }

    public static CloudClient getInstance() {
        instance.timeout = defaultTimeout;
        return instance;
    }

    public static CloudClient getTrustAllInstance() {
        trustAllInstance.timeout = defaultTimeout;
        return trustAllInstance;
    }

    public static CloudClient getTrustAllInstance(boolean z) {
        return z ? getInstance(getTrustAllSsl()) : getTrustAllInstance();
    }

    public static CloudClient getInstance(boolean z) {
        return z ? getInstance(getDefaultSsl()) : getInstance();
    }

    public static CloudClient getInstance(Consumer<HttpClient.Builder> consumer) {
        return new CloudClient(consumer);
    }

    public static CloudClient getInstance(SSLContext sSLContext) {
        return new CloudClient(builder -> {
            if (sSLContext != null) {
                builder.sslContext(sSLContext);
            }
        });
    }

    public static SSLContext getDefaultSsl() {
        if (sslContext == null) {
            try {
                sslContext = createSSLContext();
            } catch (Exception e) {
                logger.error(e, "Exception", new Object[0]);
                throw new RuntimeException(e);
            }
        }
        return sslContext;
    }

    public CircuitBreaker getRequestService(URL url, String str, HttpRequest.Builder builder) {
        return new CircuitBreaker(url, () -> {
            return callService(url, str, builder);
        });
    }

    public CircuitBreaker getRequestService(HttpRequest.Builder builder) {
        HttpRequest build = builder.build();
        return new CircuitBreaker(new URL(build.uri().getScheme(), build.uri().getHost(), build.uri().getPort(), build.uri().getPath()), () -> {
            return sendAsync(builder);
        });
    }

    public CompletableFuture<HttpResponse<String>> callService(URL url, String str, HttpRequest.Builder builder) {
        URI uri = null;
        try {
            uri = new URI(url.getRequestUri() + str);
        } catch (URISyntaxException e) {
        }
        builder.uri(uri);
        return sendAsync(builder);
    }

    public void addAuthToken(HttpRequest.Builder builder, String str) {
        if (str != null && !str.startsWith("Bearer ")) {
            str = str.toUpperCase().startsWith("BEARER ") ? "Bearer " + str.substring(7) : "Bearer " + str;
        }
        builder.header("Authorization", str);
    }

    public void addAuthTokenTrace(HttpRequest.Builder builder, String str, String str2) {
        if (str != null && !str.startsWith("Bearer ")) {
            str = str.toUpperCase().startsWith("BEARER ") ? "Bearer " + str.substring(7) : "Bearer " + str;
        }
        builder.header("Authorization", str);
        builder.header(Constant.TRACEABILITY_ID_STRING, str2);
    }

    public void addAuthTokenTrace(HttpRequest.Builder builder, String str) {
        if (str != null && !str.startsWith("Bearer ")) {
            str = str.toUpperCase().startsWith("BEARER ") ? "Bearer " + str.substring(7) : "Bearer " + str;
        }
        builder.header("Authorization", str);
    }

    public Result addCcToken(HttpRequest.Builder builder) {
        Result<Jwt> jwt = this.tokenManager.getJwt(builder.build());
        if (jwt.isFailure()) {
            return Failure.of(jwt.getError());
        }
        builder.header("Authorization", "Bearer " + ((Jwt) jwt.getResult()).getJwt());
        return jwt;
    }

    public Result addCcTokenTrace(HttpRequest.Builder builder, String str) {
        Result<Jwt> jwt = this.tokenManager.getJwt(builder.build());
        if (jwt.isFailure()) {
            return Failure.of(jwt.getError());
        }
        builder.header("Authorization", "Bearer " + ((Jwt) jwt.getResult()).getJwt());
        builder.header(Constant.TRACEABILITY_ID_STRING, str);
        return jwt;
    }

    public Result propagateHeaders(HttpRequest.Builder builder, HttpServerExchange httpServerExchange) {
        return populateHeader(builder, httpServerExchange.getRequestHeaders().getFirst(Headers.AUTHORIZATION), httpServerExchange.getRequestHeaders().getFirst(Constant.CORRELATION_ID), httpServerExchange.getRequestHeaders().getFirst(Constant.TRACEABILITY_ID));
    }

    public Result populateHeader(HttpRequest.Builder builder, String str, String str2, String str3) {
        Result<Jwt> jwt = this.tokenManager.getJwt(builder.build());
        if (jwt.isFailure()) {
            return Failure.of(jwt.getError());
        }
        if (str == null) {
            str = "Bearer " + ((Jwt) jwt.getResult()).getJwt();
        } else {
            builder.header(Constant.SCOPE_TOKEN_STRING, "Bearer " + ((Jwt) jwt.getResult()).getJwt());
        }
        builder.header(Constant.CORRELATION_ID_STRING, str2);
        if (str3 != null) {
            addAuthTokenTrace(builder, str, str3);
        } else {
            addAuthToken(builder, str);
        }
        return jwt;
    }

    public Result populateHeader(HttpRequest.Builder builder, String str) {
        Result<Jwt> jwt = this.tokenManager.getJwt(builder.build());
        if (jwt.isFailure()) {
            return Failure.of(jwt.getError());
        }
        if (str == null) {
            str = "Bearer " + ((Jwt) jwt.getResult()).getJwt();
        } else {
            builder.header(Constant.SCOPE_TOKEN_STRING, "Bearer " + ((Jwt) jwt.getResult()).getJwt());
        }
        addAuthToken(builder, str);
        return jwt;
    }

    private static KeyStore loadKeyStore(String str, char[] cArr) throws IOException {
        InputStream inputStreamFromFile = Ready.config().getInputStreamFromFile(str);
        try {
            if (inputStreamFromFile == null) {
                throw new RuntimeException("Could not load keystore");
            }
            try {
                KeyStore keyStore = KeyStore.getInstance("PKCS12");
                keyStore.load(inputStreamFromFile, cArr);
                IoUtils.safeClose(inputStreamFromFile);
                return keyStore;
            } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                throw new IOException(String.format("Unable to load KeyStore %s", str), e);
            }
        } catch (Throwable th) {
            IoUtils.safeClose(inputStreamFromFile);
            throw th;
        }
    }

    public static SSLContext createSSLContext() throws IOException {
        String defaultGroupKey = ReadyCloud.getConfig().getHttpClient().getTls().getDefaultGroupKey();
        if (null == defaultGroupKey) {
            return null;
        }
        return createSSLContext(defaultGroupKey);
    }

    public static SSLContext createSSLContext(String str) throws IOException {
        SSLContext sSLContext = null;
        KeyManager[] keyManagerArr = null;
        ClientConfig.TlsConfig tls = ReadyCloud.getConfig().getHttpClient().getTls();
        if (tls != null) {
            try {
                if (tls.isLoadKeyStore()) {
                    String property = System.getProperty(KEY_STORE_PROPERTY);
                    String property2 = System.getProperty(KEY_STORE_PASSWORD_PROPERTY);
                    if (property == null || property2 == null) {
                        property = tls.getKeyStore();
                        property2 = tls.getKeyStorePass();
                        if (property2 == null) {
                            property2 = Ready.getMainApplicationConfig().getSecurity().getClientKeystorePass();
                        }
                        if (logger.isInfoEnabled()) {
                            logger.info("Loading key store from config at " + property, new Object[0]);
                        }
                    } else if (logger.isInfoEnabled()) {
                        logger.info("Loading key store from system property at " + property, new Object[0]);
                    }
                    if (property != null && property2 != null) {
                        String keyPass = tls.getKeyPass();
                        if (keyPass == null) {
                            keyPass = Ready.getMainApplicationConfig().getSecurity().getClientKeyPass();
                        }
                        KeyStore loadKeyStore = NetUtil.loadKeyStore(property, property2.toCharArray());
                        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                        keyManagerFactory.init(loadKeyStore, keyPass.toCharArray());
                        keyManagerArr = keyManagerFactory.getKeyManagers();
                    }
                }
                TrustManager[] trustManagerArr = null;
                try {
                    if (tls.isLoadTrustStore()) {
                        String property3 = System.getProperty(TRUST_STORE_PROPERTY);
                        String property4 = System.getProperty(TRUST_STORE_PASSWORD_PROPERTY);
                        if (property3 == null || property4 == null) {
                            property3 = tls.getTrustStore();
                            property4 = tls.getTrustStorePass();
                            if (property4 == null) {
                                property4 = Ready.getMainApplicationConfig().getSecurity().getClientTruststorePass();
                            }
                            if (logger.isInfoEnabled()) {
                                logger.info("Loading trust store from config at " + property3, new Object[0]);
                            }
                        } else if (logger.isInfoEnabled()) {
                            logger.info("Loading trust store from system property at " + property3, new Object[0]);
                        }
                        if (property3 != null && property4 != null) {
                            KeyStore loadTrustStore = NetUtil.loadTrustStore(property3, property4.toCharArray());
                            TLSConfig create = TLSConfig.create(tls, str);
                            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                            trustManagerFactory.init(loadTrustStore);
                            trustManagerArr = ClientTrustManager.decorate(trustManagerFactory.getTrustManagers(), create);
                        }
                    }
                    try {
                        sSLContext = SSLContext.getInstance("TLSv1.2");
                        sSLContext.init(keyManagerArr, trustManagerArr, null);
                    } catch (KeyManagementException | NoSuchAlgorithmException e) {
                        throw new IOException("Unable to create and initialise the SSLContext", e);
                    }
                } catch (KeyStoreException | NoSuchAlgorithmException e2) {
                    throw new IOException("Unable to initialise TrustManager[]", e2);
                }
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e3) {
                throw new IOException("Unable to initialise KeyManager[]", e3);
            }
        } else {
            logger.error("TLS configuration section is missing in config", new Object[0]);
        }
        return sSLContext;
    }
}
