package org.springframework.vault.client;

import io.netty.channel.ChannelOption;
import io.netty.handler.ssl.SslContextBuilder;
import java.io.IOException;
import java.net.ProxySelector;
import java.net.http.HttpClient;
import java.security.GeneralSecurityException;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import org.apache.hc.client5.http.config.RequestConfig;
import org.apache.hc.client5.http.impl.DefaultSchemePortResolver;
import org.apache.hc.client5.http.impl.async.HttpAsyncClientBuilder;
import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder;
import org.apache.hc.client5.http.impl.routing.SystemDefaultRoutePlanner;
import org.apache.hc.core5.http.nio.ssl.BasicClientTlsStrategy;
import org.apache.hc.core5.reactor.ssl.SSLSessionVerifier;
import org.apache.hc.core5.util.Timeout;
import org.eclipse.jetty.client.http.HttpClientTransportOverHTTP;
import org.eclipse.jetty.io.ClientConnector;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.springframework.http.client.reactive.ClientHttpConnector;
import org.springframework.http.client.reactive.HttpComponentsClientHttpConnector;
import org.springframework.http.client.reactive.JdkClientHttpConnector;
import org.springframework.http.client.reactive.JettyClientHttpConnector;
import org.springframework.http.client.reactive.ReactorClientHttpConnector;
import org.springframework.util.Assert;
import org.springframework.util.ClassUtils;
import org.springframework.vault.support.ClientOptions;
import org.springframework.vault.support.SslConfiguration;
import reactor.netty.http.Http11SslContextSpec;

/* loaded from: input_file:org/springframework/vault/client/ClientHttpConnectorFactory.class */
public class ClientHttpConnectorFactory {
    private static final boolean reactorNettyPresent = ClassUtils.isPresent("reactor.netty.http.client.HttpClient", ClientHttpConnectorFactory.class.getClassLoader());
    private static final boolean httpComponentsPresent = ClassUtils.isPresent("org.apache.hc.client5.http.impl.async", ClientHttpConnectorFactory.class.getClassLoader());
    private static final boolean jettyPresent = ClassUtils.isPresent("org.eclipse.jetty.client.HttpClient", ClientHttpConnectorFactory.class.getClassLoader());

    /* loaded from: input_file:org/springframework/vault/client/ClientHttpConnectorFactory$HttpComponents.class */
    public static class HttpComponents {
        public static HttpComponentsClientHttpConnector usingHttpComponents(ClientOptions clientOptions, SslConfiguration sslConfiguration) throws GeneralSecurityException, IOException {
            return new HttpComponentsClientHttpConnector(createHttpAsyncClientBuilder(clientOptions, sslConfiguration).build());
        }

        public static HttpAsyncClientBuilder createHttpAsyncClientBuilder(ClientOptions clientOptions, SslConfiguration sslConfiguration) throws GeneralSecurityException, IOException {
            HttpAsyncClientBuilder create = HttpAsyncClientBuilder.create();
            create.setRoutePlanner(new SystemDefaultRoutePlanner(DefaultSchemePortResolver.INSTANCE, ProxySelector.getDefault()));
            if (ClientHttpRequestFactoryFactory.hasSslConfiguration(sslConfiguration)) {
                SSLContext sSLContext = ClientHttpRequestFactoryFactory.getSSLContext(sslConfiguration);
                String[] strArr = !sslConfiguration.getEnabledProtocols().isEmpty() ? (String[]) sslConfiguration.getEnabledProtocols().toArray(new String[0]) : null;
                String[] strArr2 = !sslConfiguration.getEnabledCipherSuites().isEmpty() ? (String[]) sslConfiguration.getEnabledCipherSuites().toArray(new String[0]) : null;
                create.setConnectionManager(PoolingAsyncClientConnectionManagerBuilder.create().setTlsStrategy(new BasicClientTlsStrategy(sSLContext, (namedEndpoint, sSLEngine) -> {
                    if (strArr != null) {
                        sSLEngine.setEnabledProtocols(strArr);
                    }
                    if (strArr2 != null) {
                        sSLEngine.setEnabledCipherSuites(strArr2);
                    }
                }, (SSLSessionVerifier) null)).build());
            }
            create.setDefaultRequestConfig(RequestConfig.custom().setConnectTimeout(Timeout.ofMilliseconds(clientOptions.getConnectionTimeout().toMillis())).setResponseTimeout(Timeout.ofMilliseconds(clientOptions.getReadTimeout().toMillis())).setAuthenticationEnabled(true).setRedirectsEnabled(true).build());
            return create;
        }
    }

    /* loaded from: input_file:org/springframework/vault/client/ClientHttpConnectorFactory$JdkHttpClient.class */
    public static class JdkHttpClient {
        public static JdkClientHttpConnector usingJdkHttpClient(ClientOptions clientOptions, SslConfiguration sslConfiguration) throws GeneralSecurityException, IOException {
            return new JdkClientHttpConnector(getBuilder(clientOptions, sslConfiguration).build());
        }

        public static HttpClient.Builder getBuilder(ClientOptions clientOptions, SslConfiguration sslConfiguration) throws GeneralSecurityException, IOException {
            HttpClient.Builder newBuilder = HttpClient.newBuilder();
            if (ClientHttpRequestFactoryFactory.hasSslConfiguration(sslConfiguration)) {
                SSLContext sSLContext = ClientHttpRequestFactoryFactory.getSSLContext(sslConfiguration);
                String[] strArr = !sslConfiguration.getEnabledProtocols().isEmpty() ? (String[]) sslConfiguration.getEnabledProtocols().toArray(new String[0]) : null;
                String[] strArr2 = !sslConfiguration.getEnabledCipherSuites().isEmpty() ? (String[]) sslConfiguration.getEnabledCipherSuites().toArray(new String[0]) : null;
                SSLParameters sSLParameters = new SSLParameters();
                sSLParameters.setProtocols(strArr);
                sSLParameters.setCipherSuites(strArr2);
                newBuilder.sslContext(sSLContext).sslParameters(sSLParameters);
            }
            newBuilder.proxy(ProxySelector.getDefault()).followRedirects(HttpClient.Redirect.ALWAYS).connectTimeout(clientOptions.getConnectionTimeout());
            return newBuilder;
        }
    }

    /* loaded from: input_file:org/springframework/vault/client/ClientHttpConnectorFactory$JettyClient.class */
    public static class JettyClient {
        public static JettyClientHttpConnector usingJetty(ClientOptions clientOptions, SslConfiguration sslConfiguration) throws GeneralSecurityException, IOException {
            return new JettyClientHttpConnector(configureClient(getHttpClient(sslConfiguration), clientOptions));
        }

        public static org.eclipse.jetty.client.HttpClient configureClient(org.eclipse.jetty.client.HttpClient httpClient, ClientOptions clientOptions) {
            httpClient.setConnectTimeout(clientOptions.getConnectionTimeout().toMillis());
            httpClient.setAddressResolutionTimeout(clientOptions.getConnectionTimeout().toMillis());
            return httpClient;
        }

        public static org.eclipse.jetty.client.HttpClient getHttpClient(SslConfiguration sslConfiguration) throws IOException, GeneralSecurityException {
            if (!ClientHttpRequestFactoryFactory.hasSslConfiguration(sslConfiguration)) {
                return new org.eclipse.jetty.client.HttpClient();
            }
            SslContextFactory.Client client = new SslContextFactory.Client();
            if (sslConfiguration.getKeyStoreConfiguration().isPresent()) {
                client.setKeyStore(ClientHttpRequestFactoryFactory.getKeyStore(sslConfiguration.getKeyStoreConfiguration()));
            }
            if (sslConfiguration.getTrustStoreConfiguration().isPresent()) {
                client.setTrustStore(ClientHttpRequestFactoryFactory.getKeyStore(sslConfiguration.getTrustStoreConfiguration()));
            }
            SslConfiguration.KeyConfiguration keyConfiguration = sslConfiguration.getKeyConfiguration();
            if (keyConfiguration.getKeyAlias() != null) {
                client.setCertAlias(keyConfiguration.getKeyAlias());
            }
            if (keyConfiguration.getKeyPassword() != null) {
                client.setKeyManagerPassword(new String(keyConfiguration.getKeyPassword()));
            }
            if (!sslConfiguration.getEnabledProtocols().isEmpty()) {
                client.setIncludeProtocols((String[]) sslConfiguration.getEnabledProtocols().toArray(new String[0]));
            }
            if (!sslConfiguration.getEnabledCipherSuites().isEmpty()) {
                client.setIncludeCipherSuites((String[]) sslConfiguration.getEnabledCipherSuites().toArray(new String[0]));
            }
            ClientConnector clientConnector = new ClientConnector();
            clientConnector.setSslContextFactory(client);
            return new org.eclipse.jetty.client.HttpClient(new HttpClientTransportOverHTTP(clientConnector));
        }
    }

    /* loaded from: input_file:org/springframework/vault/client/ClientHttpConnectorFactory$ReactorNetty.class */
    public static class ReactorNetty {
        public static ReactorClientHttpConnector usingReactorNetty(ClientOptions clientOptions, SslConfiguration sslConfiguration) {
            return new ReactorClientHttpConnector(createClient(clientOptions, sslConfiguration));
        }

        public static reactor.netty.http.client.HttpClient createClient(ClientOptions clientOptions, SslConfiguration sslConfiguration) {
            reactor.netty.http.client.HttpClient create = reactor.netty.http.client.HttpClient.create();
            if (ClientHttpRequestFactoryFactory.hasSslConfiguration(sslConfiguration)) {
                Http11SslContextSpec http11SslContextSpec = Http11SslContextSpec.forClient().configure(sslContextBuilder -> {
                    configureSsl(sslConfiguration, sslContextBuilder);
                }).get();
                create = create.secure(sslContextSpec -> {
                    sslContextSpec.sslContext(http11SslContextSpec);
                });
            }
            return create.option(ChannelOption.CONNECT_TIMEOUT_MILLIS, Integer.valueOf(Math.toIntExact(clientOptions.getConnectionTimeout().toMillis()))).proxyWithSystemProperties();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static void configureSsl(SslConfiguration sslConfiguration, SslContextBuilder sslContextBuilder) {
            try {
                if (sslConfiguration.getTrustStoreConfiguration().isPresent()) {
                    sslContextBuilder.trustManager(ClientHttpRequestFactoryFactory.createTrustManagerFactory(sslConfiguration.getTrustStoreConfiguration()));
                }
                if (sslConfiguration.getKeyStoreConfiguration().isPresent()) {
                    sslContextBuilder.keyManager(ClientHttpRequestFactoryFactory.createKeyManagerFactory(sslConfiguration.getKeyStoreConfiguration(), sslConfiguration.getKeyConfiguration()));
                }
                if (!sslConfiguration.getEnabledProtocols().isEmpty()) {
                    sslContextBuilder.protocols(sslConfiguration.getEnabledProtocols());
                }
                if (!sslConfiguration.getEnabledCipherSuites().isEmpty()) {
                    sslContextBuilder.ciphers(sslConfiguration.getEnabledCipherSuites());
                }
            } catch (IOException | GeneralSecurityException e) {
                throw new IllegalStateException(e);
            }
        }
    }

    public static ClientHttpConnector create(ClientOptions clientOptions, SslConfiguration sslConfiguration) {
        Assert.notNull(clientOptions, "ClientOptions must not be null");
        Assert.notNull(sslConfiguration, "SslConfiguration must not be null");
        try {
            return reactorNettyPresent ? ReactorNetty.usingReactorNetty(clientOptions, sslConfiguration) : httpComponentsPresent ? HttpComponents.usingHttpComponents(clientOptions, sslConfiguration) : jettyPresent ? JettyClient.usingJetty(clientOptions, sslConfiguration) : JdkHttpClient.usingJdkHttpClient(clientOptions, sslConfiguration);
        } catch (IOException | GeneralSecurityException e) {
            throw new IllegalStateException(e);
        }
    }
}
