package se.fortnox.reactivewizard.client;

import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import io.netty.handler.timeout.ReadTimeoutHandler;
import java.net.InetSocketAddress;
import java.time.Duration;
import java.time.temporal.ChronoUnit;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import javax.inject.Inject;
import reactor.netty.resources.ConnectionProvider;
import reactor.netty.tcp.SslProvider;
import se.fortnox.reactivewizard.metrics.HealthRecorder;

/* loaded from: input_file:se/fortnox/reactivewizard/client/ReactorRxClientProvider.class */
public class ReactorRxClientProvider {
    private final ConcurrentHashMap<InetSocketAddress, reactor.netty.http.client.HttpClient> clients = new ConcurrentHashMap<>();
    private final HttpClientConfig config;
    private final HealthRecorder healthRecorder;

    @Inject
    public ReactorRxClientProvider(HttpClientConfig httpClientConfig, HealthRecorder healthRecorder) {
        this.config = httpClientConfig;
        this.healthRecorder = healthRecorder;
    }

    public reactor.netty.http.client.HttpClient clientFor(InetSocketAddress inetSocketAddress) {
        return this.clients.computeIfAbsent(inetSocketAddress, this::buildClient);
    }

    private reactor.netty.http.client.HttpClient setupSsl(reactor.netty.http.client.HttpClient httpClient, boolean z) {
        if (!z) {
            return httpClient.secure(this::configureUnsafeSsl);
        }
        try {
            return httpClient.secure(this::configureSsl);
        } catch (Exception e) {
            throw new IllegalStateException("Unable to create secure https client.", e);
        }
    }

    private reactor.netty.http.client.HttpClient buildClient(InetSocketAddress inetSocketAddress) {
        ConnectionProvider build = ConnectionProvider.builder("http-connections").maxConnections(this.config.getMaxConnections()).pendingAcquireMaxCount(-1).maxIdleTime(Duration.of(this.config.getConnectionMaxIdleTimeInMs(), ChronoUnit.MILLIS)).pendingAcquireTimeout(Duration.ofMillis(this.config.getPoolAcquireTimeoutMs())).build();
        AtomicInteger atomicInteger = new AtomicInteger(0);
        reactor.netty.http.client.HttpClient followRedirect = reactor.netty.http.client.HttpClient.create(build).tcpConfiguration(tcpClient -> {
            return tcpClient.doOnConnected(connection -> {
                connection.addHandler(new ReadTimeoutHandler(this.config.getReadTimeoutMs(), TimeUnit.MILLISECONDS));
            });
        }).port(this.config.getPort()).doOnRequest((httpClientRequest, connection) -> {
            atomicInteger.set(0);
            this.healthRecorder.logStatus(build, true);
        }).doOnError((httpClientRequest2, th) -> {
            this.healthRecorder.logStatus(build, atomicInteger.incrementAndGet() <= this.config.getNumberOfConnectionFailuresAllowed());
        }, (httpClientResponse, th2) -> {
        }).followRedirect(false);
        return this.config.isHttps() ? setupSsl(followRedirect, this.config.isValidateCertificates()) : followRedirect;
    }

    void configureSsl(SslProvider.SslContextSpec sslContextSpec) {
        sslContextSpec.sslContext(SslContextBuilder.forClient()).defaultConfiguration(SslProvider.DefaultConfigurationType.TCP).handshakeTimeoutMillis(30000L);
    }

    void configureUnsafeSsl(SslProvider.SslContextSpec sslContextSpec) {
        sslContextSpec.sslContext(SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE)).defaultConfiguration(SslProvider.DefaultConfigurationType.TCP).handshakeTimeoutMillis(30000L);
    }
}
