package io.quarkiverse.cxf;

import io.quarkiverse.cxf.CxfClientConfig;
import io.quarkiverse.cxf.vertx.http.client.HttpClientPool;
import io.quarkus.tls.TlsConfiguration;
import io.quarkus.tls.runtime.VertxCertificateHolder;
import io.quarkus.tls.runtime.config.TlsBucketConfig;
import io.vertx.core.Vertx;
import io.vertx.core.net.KeyStoreOptionsBase;
import java.io.IOException;
import java.util.Objects;
import java.util.Optional;
import javax.net.ssl.HostnameVerifier;
import org.apache.cxf.Bus;
import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.transport.http.HTTPConduit;
import org.apache.cxf.ws.addressing.EndpointReferenceType;

/* loaded from: input_file:io/quarkiverse/cxf/HTTPConduitSpec.class */
public interface HTTPConduitSpec {
    default HTTPConduitSpec resolveDefault() {
        return this;
    }

    HTTPConduit createConduit(CXFClientInfo cXFClientInfo, HttpClientPool httpClientPool, Bus bus, EndpointInfo endpointInfo, EndpointReferenceType endpointReferenceType) throws IOException;

    default Optional<TLSClientParameters> tlsClientParameters(CXFClientInfo cXFClientInfo, Vertx vertx) {
        String hostnameVerifier = cXFClientInfo.getHostnameVerifier();
        TlsConfiguration tlsConfiguration = cXFClientInfo.getTlsConfiguration();
        if (hostnameVerifier == null && tlsConfiguration == null) {
            return Optional.empty();
        }
        TLSClientParameters createTLSClientParameters = createTLSClientParameters(cXFClientInfo);
        if (hostnameVerifier != null) {
            Optional<CxfClientConfig.WellKnownHostnameVerifier> of = CxfClientConfig.WellKnownHostnameVerifier.of(hostnameVerifier);
            if (of.isPresent()) {
                of.get().configure(createTLSClientParameters);
            } else {
                HostnameVerifier hostnameVerifier2 = (HostnameVerifier) CXFRuntimeUtils.getInstance(hostnameVerifier, true);
                if (hostnameVerifier2 == null) {
                    throw new RuntimeException("Could not find or instantiate " + hostnameVerifier);
                }
                createTLSClientParameters.setHostnameVerifier(hostnameVerifier2);
            }
        }
        if (tlsConfiguration != null) {
            KeyStoreOptionsBase keyStoreOptions = tlsConfiguration.getKeyStoreOptions();
            if (keyStoreOptions != null) {
                try {
                    createTLSClientParameters.setKeyManagers(keyStoreOptions.getKeyManagerFactory(vertx).getKeyManagers());
                    if (keyStoreOptions instanceof KeyStoreOptionsBase) {
                        KeyStoreOptionsBase keyStoreOptionsBase = keyStoreOptions;
                        if (keyStoreOptionsBase.getAlias() != null) {
                            createTLSClientParameters.setCertAlias(keyStoreOptionsBase.getAlias());
                        }
                    }
                } catch (Exception e) {
                    throw new RuntimeException("Could not set up key manager factory", e);
                }
            }
            if (tlsConfiguration.getTrustStoreOptions() != null) {
                try {
                    createTLSClientParameters.setTrustManagers(tlsConfiguration.getTrustStoreOptions().getTrustManagerFactory(vertx).getTrustManagers());
                } catch (Exception e2) {
                    throw new RuntimeException("Could not set up trust manager factory", e2);
                }
            }
        }
        return Optional.of(createTLSClientParameters);
    }

    default TLSClientParameters createTLSClientParameters(CXFClientInfo cXFClientInfo) {
        VertxCertificateHolder tlsConfiguration = cXFClientInfo.getTlsConfiguration();
        TLSClientParameters tLSClientParameters = new TLSClientParameters();
        if (tlsConfiguration instanceof VertxCertificateHolder) {
            TlsBucketConfig config = tlsConfiguration.config();
            Optional cipherSuites = config.cipherSuites();
            Objects.requireNonNull(tLSClientParameters);
            cipherSuites.ifPresent(tLSClientParameters::setCipherSuites);
            if (tlsConfiguration.isTrustAll()) {
                throw new IllegalStateException(getClass().getName().replace("Factory", "") + " does not support quarkus.tls." + cXFClientInfo.getConfigKey() + ".trust-all. ");
            }
            if (tlsConfiguration.getHostnameVerificationAlgorithm().isPresent()) {
                throw new IllegalStateException(getConduitDescription() + " does not support quarkus.tls." + cXFClientInfo.getConfigKey() + ".hostname-verification-algorithm. Use quarkus.cxf.client." + cXFClientInfo.getConfigKey() + ".hostname-verifier instead.");
            }
            if (config.reloadPeriod().isPresent()) {
                throw new IllegalStateException(getConduitDescription() + " does not support quarkus.tls." + cXFClientInfo.getConfigKey() + ".reload-period. Remove the setting and restart the application with the new trust or key stores.");
            }
        }
        return tLSClientParameters;
    }

    String getConduitDescription();
}
