package org.sonarsource.scanner.lib.internal.http;

import java.io.IOException;
import java.io.InputStream;
import java.net.CookieManager;
import java.net.CookiePolicy;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.StandardOpenOption;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import javax.annotation.Nullable;
import nl.altindag.ssl.SSLFactory;
import nl.altindag.ssl.exception.GenericKeyStoreException;
import nl.altindag.ssl.util.KeyStoreUtils;
import okhttp3.ConnectionSpec;
import okhttp3.Credentials;
import okhttp3.JavaNetCookieJar;
import okhttp3.OkHttpClient;
import okhttp3.logging.HttpLoggingInterceptor;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.Properties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.sonarsource.scanner.lib.internal.http.ssl.CertificateStore;
import org.sonarsource.scanner.lib.internal.http.ssl.SslConfig;

/* loaded from: input_file:org/sonarsource/scanner/lib/internal/http/OkHttpClientFactory.class */
public class OkHttpClientFactory {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) OkHttpClientFactory.class);
    static final CookieManager COOKIE_MANAGER = new CookieManager();
    private static final String PROXY_AUTHORIZATION = "Proxy-Authorization";
    private static final JavaNetCookieJar COOKIE_JAR;
    public static final String BC_IGNORE_USELESS_PASSWD = "org.bouncycastle.pkcs12.ignore_useless_passwd";

    private OkHttpClientFactory() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static OkHttpClient create(HttpConfig httpConfig) {
        SSLFactory configureSsl = configureSsl(httpConfig.getSslConfig(), httpConfig.skipSystemTruststore());
        OkHttpClient.Builder sslSocketFactory = new OkHttpClient.Builder().connectTimeout(httpConfig.getConnectTimeout().toMillis(), TimeUnit.MILLISECONDS).readTimeout(httpConfig.getSocketTimeout().toMillis(), TimeUnit.MILLISECONDS).callTimeout(httpConfig.getResponseTimeout().toMillis(), TimeUnit.MILLISECONDS).cookieJar(COOKIE_JAR).sslSocketFactory(configureSsl.getSslSocketFactory(), configureSsl.getTrustManager().orElseThrow());
        sslSocketFactory.connectionSpecs(Arrays.asList(new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS).allEnabledTlsVersions().allEnabledCipherSuites().build(), ConnectionSpec.CLEARTEXT));
        if (httpConfig.getProxy() != null) {
            sslSocketFactory.proxy(httpConfig.getProxy());
        }
        if (StringUtils.isNotBlank(httpConfig.getProxyUser())) {
            sslSocketFactory.proxyAuthenticator((route, response) -> {
                if (response.request().header(PROXY_AUTHORIZATION) != null || 407 != response.code()) {
                    return null;
                }
                return response.request().newBuilder().header(PROXY_AUTHORIZATION, Credentials.basic(httpConfig.getProxyUser(), (String) Optional.ofNullable(httpConfig.getProxyPassword()).orElse(""), StandardCharsets.UTF_8)).build();
            });
        }
        Logger logger = LOG;
        Objects.requireNonNull(logger);
        HttpLoggingInterceptor httpLoggingInterceptor = new HttpLoggingInterceptor(logger::debug);
        httpLoggingInterceptor.setLevel(HttpLoggingInterceptor.Level.BASIC);
        sslSocketFactory.addInterceptor(httpLoggingInterceptor);
        return sslSocketFactory.build();
    }

    private static SSLFactory configureSsl(SslConfig sslConfig, boolean z) {
        SSLFactory.Builder withDefaultTrustMaterial = SSLFactory.builder().withDefaultTrustMaterial();
        if (!z) {
            LOG.debug("Loading OS trusted SSL certificates...");
            LOG.debug("This operation might be slow or even get stuck. You can skip it by passing the scanner property '{}=true'", "sonar.scanner.skipSystemTruststore");
            withDefaultTrustMaterial.withSystemTrustMaterial();
        }
        CertificateStore keyStore = sslConfig.getKeyStore();
        if (keyStore != null) {
            keyStore.getKeyStorePassword().ifPresentOrElse(str -> {
                withDefaultTrustMaterial.withIdentityMaterial(keyStore.getPath(), str.toCharArray(), keyStore.getKeyStoreType());
            }, () -> {
                loadIdentityMaterialWithDefaultPassword(withDefaultTrustMaterial, keyStore.getPath());
            });
        }
        CertificateStore trustStore = sslConfig.getTrustStore();
        if (trustStore != null) {
            try {
                KeyStore loadTrustStoreWithBouncyCastle = loadTrustStoreWithBouncyCastle(trustStore.getPath(), trustStore.getKeyStorePassword().orElse(null), trustStore.getKeyStoreType(), trustStore.isFromJvm());
                LOG.debug("Loaded truststore from '{}' containing {} certificates", trustStore.getPath(), Integer.valueOf(loadTrustStoreWithBouncyCastle.size()));
                withDefaultTrustMaterial.withTrustMaterial(loadTrustStoreWithBouncyCastle);
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                throw new GenericKeyStoreException("Unable to read truststore from '" + String.valueOf(trustStore.getPath()) + "'", e);
            }
        }
        return withDefaultTrustMaterial.build();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void loadIdentityMaterialWithDefaultPassword(SSLFactory.Builder builder, Path path) {
        try {
            builder.withIdentityMaterial(KeyStoreUtils.loadKeyStore(path, CertificateStore.DEFAULT_PASSWORD.toCharArray(), CertificateStore.DEFAULT_STORE_TYPE), CertificateStore.DEFAULT_PASSWORD.toCharArray());
        } catch (GenericKeyStoreException e) {
            KeyStore loadKeyStore = KeyStoreUtils.loadKeyStore(path, CertificateStore.OLD_DEFAULT_PASSWORD.toCharArray(), CertificateStore.DEFAULT_STORE_TYPE);
            LOG.warn("Using deprecated default password for keystore '{}'.", path);
            builder.withIdentityMaterial(loadKeyStore, CertificateStore.OLD_DEFAULT_PASSWORD.toCharArray());
        }
    }

    static KeyStore loadTrustStoreWithBouncyCastle(Path path, @Nullable String str, String str2, boolean z) throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException {
        Properties.setThreadOverride(BC_IGNORE_USELESS_PASSWD, true);
        KeyStore keyStore = KeyStore.getInstance(str2, new BouncyCastleProvider());
        if (str != null) {
            loadKeyStoreWithPassword(path, keyStore, str);
        } else {
            try {
                loadKeyStoreWithPassword(path, keyStore, CertificateStore.DEFAULT_PASSWORD);
            } catch (Exception e) {
                if (!z) {
                    loadKeyStoreWithPassword(path, keyStore, CertificateStore.OLD_DEFAULT_PASSWORD);
                    LOG.warn("Using deprecated default password for truststore '{}'.", path);
                }
            }
        }
        return keyStore;
    }

    private static void loadKeyStoreWithPassword(Path path, KeyStore keyStore, String str) throws IOException, NoSuchAlgorithmException, CertificateException {
        InputStream newInputStream = Files.newInputStream(path, StandardOpenOption.READ);
        try {
            keyStore.load(newInputStream, str.toCharArray());
            if (newInputStream != null) {
                newInputStream.close();
            }
        } catch (Throwable th) {
            if (newInputStream != null) {
                try {
                    newInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    static {
        COOKIE_MANAGER.setCookiePolicy(CookiePolicy.ACCEPT_ALL);
        COOKIE_JAR = new JavaNetCookieJar(COOKIE_MANAGER);
    }
}
