package com.netflix.spinnaker.config;

import brave.http.HttpTracing;
import brave.okhttp3.TracingInterceptor;
import com.netflix.spectator.api.Registry;
import com.netflix.spinnaker.config.okhttp3.OkHttpClientCustomizer;
import com.netflix.spinnaker.kork.crypto.SecureRandomBuilder;
import com.netflix.spinnaker.kork.crypto.StandardCrypto;
import com.netflix.spinnaker.kork.crypto.TrustStores;
import com.netflix.spinnaker.kork.crypto.X509Identity;
import com.netflix.spinnaker.kork.crypto.X509IdentitySource;
import com.netflix.spinnaker.okhttp.OkHttp3MetricsInterceptor;
import com.netflix.spinnaker.okhttp.OkHttpClientConfigurationProperties;
import com.netflix.spinnaker.okhttp.OkHttpMetricsInterceptor;
import com.netflix.spinnaker.okhttp.SpinnakerRequestHeaderInterceptor;
import com.netflix.spinnaker.okhttp.SpinnakerRequestInterceptor;
import com.netflix.spinnaker.retrofit.Retrofit2ConfigurationProperties;
import com.netflix.spinnaker.retrofit.RetrofitConfigurationProperties;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.time.Duration;
import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.annotation.Nullable;
import javax.inject.Provider;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import okhttp3.ConnectionPool;
import okhttp3.ConnectionSpec;
import okhttp3.Dispatcher;
import okhttp3.OkHttpClient;
import okhttp3.logging.HttpLoggingInterceptor;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.task.TaskExecutorBuilder;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Scope;
import org.springframework.core.task.support.ExecutorServiceAdapter;
import org.springframework.util.CollectionUtils;

@EnableConfigurationProperties({OkHttpClientConfigurationProperties.class, OkHttpMetricsInterceptorProperties.class, RetrofitConfigurationProperties.class, Retrofit2ConfigurationProperties.class})
@Configuration(proxyBeanMethods = false)
/* loaded from: input_file:com/netflix/spinnaker/config/OkHttpClientComponents.class */
public class OkHttpClientComponents {
    private final Provider<Registry> registryProvider;
    private final OkHttpClientConfigurationProperties clientProperties;
    private final OkHttpMetricsInterceptorProperties metricsProperties;
    private final Retrofit2ConfigurationProperties retrofit2Properties;

    @Bean
    public SpinnakerRequestInterceptor spinnakerRequestInterceptor() {
        return new SpinnakerRequestInterceptor(this.clientProperties.getPropagateSpinnakerHeaders());
    }

    @Bean
    public SpinnakerRequestHeaderInterceptor spinnakerRequestHeaderInterceptor() {
        return new SpinnakerRequestHeaderInterceptor(this.clientProperties.getPropagateSpinnakerHeaders());
    }

    @Bean
    public OkHttpMetricsInterceptor okHttpMetricsInterceptor() {
        return new OkHttpMetricsInterceptor(this.registryProvider, this.metricsProperties);
    }

    @Bean
    public OkHttp3MetricsInterceptor okHttp3MetricsInterceptor() {
        return new OkHttp3MetricsInterceptor(this.registryProvider, this.metricsProperties);
    }

    @Bean
    public OkHttpClientCustomizer metricsInterceptorCustomizer(OkHttp3MetricsInterceptor okHttp3MetricsInterceptor) {
        return builder -> {
            builder.addInterceptor(okHttp3MetricsInterceptor);
        };
    }

    @Bean
    public OkHttpClientCustomizer requestHeaderInterceptorCustomizer(SpinnakerRequestHeaderInterceptor spinnakerRequestHeaderInterceptor) {
        return builder -> {
            builder.addInterceptor(spinnakerRequestHeaderInterceptor);
        };
    }

    @ConditionalOnBean({HttpTracing.class})
    @Bean
    public OkHttpClientCustomizer tracingInterceptorCustomizer(HttpTracing httpTracing) {
        return builder -> {
            builder.addNetworkInterceptor(TracingInterceptor.create(httpTracing));
        };
    }

    @Bean
    public Dispatcher okhttpDispatcher(TaskExecutorBuilder taskExecutorBuilder) {
        Dispatcher dispatcher = new Dispatcher(new ExecutorServiceAdapter(taskExecutorBuilder.build()));
        dispatcher.setMaxRequests(this.clientProperties.getMaxRequests());
        dispatcher.setMaxRequestsPerHost(this.clientProperties.getMaxRequestsPerHost());
        return dispatcher;
    }

    @Bean
    public OkHttpClientCustomizer dispatcherCustomizer(Dispatcher dispatcher) {
        return builder -> {
            builder.dispatcher(dispatcher);
        };
    }

    @Bean
    public OkHttpClientCustomizer connectionPoolCustomizer() {
        ConnectionPool connectionPool = new ConnectionPool(this.clientProperties.getConnectionPool().getMaxIdleConnections(), r0.getKeepAliveDurationMs(), TimeUnit.MILLISECONDS);
        return builder -> {
            builder.connectionPool(connectionPool);
        };
    }

    @Bean
    public OkHttpClientCustomizer connectionSpecsCustomizer() {
        ConnectionSpec.Builder builder = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS);
        List<String> cipherSuites = this.clientProperties.getCipherSuites();
        if (!CollectionUtils.isEmpty(cipherSuites)) {
            builder.cipherSuites((String[]) cipherSuites.toArray(i -> {
                return new String[i];
            }));
        }
        List<String> tlsVersions = this.clientProperties.getTlsVersions();
        if (!CollectionUtils.isEmpty(tlsVersions)) {
            builder.tlsVersions((String[]) tlsVersions.toArray(i2 -> {
                return new String[i2];
            }));
        }
        List of = List.of(builder.build(), ConnectionSpec.CLEARTEXT);
        return builder2 -> {
            builder2.connectionSpecs(of);
        };
    }

    @Bean
    public OkHttpClientCustomizer sslContextCustomizer() throws IOException, GeneralSecurityException {
        SSLContext tLSContext;
        X509Identity loadKeyStore = loadKeyStore();
        X509TrustManager loadTrustStore = loadTrustStore();
        SecureRandom loadSecureRandom = loadSecureRandom();
        if (loadKeyStore != null) {
            tLSContext = loadKeyStore.createSSLContext(loadTrustStore, loadSecureRandom);
        } else {
            tLSContext = StandardCrypto.getTLSContext();
            tLSContext.init(null, new TrustManager[]{loadTrustStore}, loadSecureRandom);
        }
        SSLContext sSLContext = tLSContext;
        return builder -> {
            builder.sslSocketFactory(sSLContext.getSocketFactory(), loadTrustStore);
        };
    }

    @Nullable
    private X509Identity loadKeyStore() {
        File keyStore = this.clientProperties.getKeyStore();
        if (keyStore == null) {
            return null;
        }
        return X509IdentitySource.fromKeyStore(keyStore.toPath(), this.clientProperties.getKeyStoreType(), () -> {
            return this.clientProperties.getKeyStorePassword().toCharArray();
        }).refreshable(this.clientProperties.getRefreshableKeys().getRefreshPeriod());
    }

    private X509TrustManager loadTrustStore() throws IOException, GeneralSecurityException {
        File trustStore = this.clientProperties.getTrustStore();
        if (trustStore == null) {
            return TrustStores.getSystemTrustManager();
        }
        FileInputStream fileInputStream = new FileInputStream(trustStore);
        try {
            KeyStore keyStore = KeyStore.getInstance(this.clientProperties.getTrustStoreType());
            keyStore.load(fileInputStream, this.clientProperties.getTrustStorePassword().toCharArray());
            X509TrustManager loadTrustManager = TrustStores.loadTrustManager(keyStore);
            fileInputStream.close();
            return loadTrustManager;
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private SecureRandom loadSecureRandom() {
        try {
            return SecureRandom.getInstance(this.clientProperties.getSecureRandomInstanceType());
        } catch (NoSuchAlgorithmException e) {
            try {
                return SecureRandom.getInstanceStrong();
            } catch (NoSuchAlgorithmException e2) {
                return SecureRandomBuilder.create().withPersonalizationString("OkHttp3").build();
            }
        }
    }

    @Bean
    public OkHttpClientCustomizer connectionTimeoutsCustomizer() {
        Duration ofMillis = Duration.ofMillis(this.clientProperties.getConnectTimeoutMs());
        Duration ofMillis2 = Duration.ofMillis(this.clientProperties.getReadTimeoutMs());
        boolean isRetryOnConnectionFailure = this.clientProperties.isRetryOnConnectionFailure();
        return builder -> {
            builder.connectTimeout(ofMillis).readTimeout(ofMillis2).retryOnConnectionFailure(isRetryOnConnectionFailure);
        };
    }

    @Bean
    public OkHttpClientCustomizer httpLoggingCustomizer() {
        return builder -> {
            builder.addInterceptor(new HttpLoggingInterceptor().setLevel(this.retrofit2Properties.getLogLevel()));
        };
    }

    @Scope("prototype")
    @Bean
    public OkHttpClient.Builder okHttpClientBuilder(ObjectProvider<OkHttpClientCustomizer> objectProvider) {
        OkHttpClient.Builder builder = new OkHttpClient.Builder();
        objectProvider.orderedStream().forEachOrdered(okHttpClientCustomizer -> {
            okHttpClientCustomizer.customize(builder);
        });
        return builder;
    }

    public OkHttpClientComponents(Provider<Registry> provider, OkHttpClientConfigurationProperties okHttpClientConfigurationProperties, OkHttpMetricsInterceptorProperties okHttpMetricsInterceptorProperties, Retrofit2ConfigurationProperties retrofit2ConfigurationProperties) {
        this.registryProvider = provider;
        this.clientProperties = okHttpClientConfigurationProperties;
        this.metricsProperties = okHttpMetricsInterceptorProperties;
        this.retrofit2Properties = retrofit2ConfigurationProperties;
    }
}
