package cern.nxcals.api.extraction.metadata;

import cern.nxcals.api.extraction.metadata.feign.FeignBuilderProvider;
import cern.nxcals.api.extraction.metadata.security.KerberosAwareFeignClient;
import cern.nxcals.api.extraction.metadata.security.PropertiesKeys;
import cern.nxcals.common.utils.ConfigHolder;
import com.typesafe.config.Config;
import com.typesafe.config.ConfigValue;
import feign.Logger;
import feign.ribbon.RibbonClient;
import feign.slf4j.Slf4jLogger;
import java.util.Map;
import java.util.stream.Collectors;
import javax.net.ssl.SSLSocketFactory;
import org.apache.http.ssl.SSLContexts;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:BOOT-INF/lib/nxcals-metadata-api-0.4.3.jar:cern/nxcals/api/extraction/metadata/AbstractClientFactory.class */
public class AbstractClientFactory {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) AbstractClientFactory.class);
    private static final String SERVICE_URL_CONFIG = "service.url";
    private static final String TRUST_STORE_RESOURCE_NAME = "nxcals_cacerts.trs";
    private static final String TRUST_STORE_PASS = "nxcals";
    private final String serviceUrl = createServiceURL(SERVICE_URL_CONFIG);
    private final RibbonClient client = RibbonClient.builder().delegate(createKerberosClientDelegate()).build();

    private KerberosAwareFeignClient createKerberosClientDelegate() {
        KerberosAwareFeignClient.Builder serviceType = KerberosAwareFeignClient.builder().setKeytabLocation((String) ConfigHolder.getProperty(PropertiesKeys.USER_KEYTAB_PATH_CONFIG.getPathInProperties(), null)).setUserPrincipal((String) ConfigHolder.getProperty(PropertiesKeys.USER_PRINCIPAL_PATH.getPathInProperties(), null)).setLoginOptions(getKerberosLoginOptions()).setServiceType("HTTPS");
        if (noExternalTrustStoreAvailable()) {
            serviceType.setSslContextFactory(getContextFactoryWithInternalTrustStore());
        }
        return serviceType.build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public <T> T createServiceFor(Class<T> cls) {
        return (T) FeignBuilderProvider.INSTANCE.get().client(this.client).logger(new Slf4jLogger((Class<?>) cls)).logLevel(Logger.Level.BASIC).target(cls, this.serviceUrl);
    }

    private String createServiceURL(String str) {
        Config config = ConfigHolder.getConfig();
        if (!config.hasPath(str)) {
            throw new IllegalStateException("Cannot find schema service url for " + str);
        }
        System.setProperty("nxcals-service.ribbon.listOfServers", config.getString(str));
        return "https://nxcals-service";
    }

    private Map<String, Object> getKerberosLoginOptions() {
        return (Map) ConfigHolder.getConfigIfPresent("kerberos.login").entrySet().stream().collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, entry -> {
            return ((ConfigValue) entry.getValue()).unwrapped();
        }));
    }

    private SSLSocketFactory getContextFactoryWithInternalTrustStore() {
        log.debug("No system properties found for trustStore! Will try to load default file from resources.");
        try {
            return SSLContexts.custom().loadTrustMaterial(Thread.currentThread().getContextClassLoader().getResource(TRUST_STORE_RESOURCE_NAME), TRUST_STORE_PASS.toCharArray()).build().getSocketFactory();
        } catch (Exception e) {
            log.error("Could not load default SSL trustStore file from resources!", (Throwable) e);
            throw new IllegalStateException(e);
        }
    }

    private boolean noExternalTrustStoreAvailable() {
        return System.getProperty("javax.net.ssl.trustStore") == null;
    }
}
