package com.sap.cloud.security.client;

import com.sap.cloud.security.config.ClientIdentity;
import com.sap.cloud.security.mtls.SSLContextFactory;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/sap/cloud/security/client/DefaultHttpClientFactory.class */
public class DefaultHttpClientFactory implements HttpClientFactory {
    static final int MAX_CONNECTIONS_PER_ROUTE = 4;
    static final int MAX_CONNECTIONS = 20;
    private static final Logger LOGGER = LoggerFactory.getLogger(DefaultHttpClientFactory.class);
    private static final int DEFAULT_TIMEOUT = (int) TimeUnit.SECONDS.toMillis(5);
    final ConcurrentHashMap<String, SslConnection> sslConnectionPool = new ConcurrentHashMap<>();
    final Set<String> httpClientsCreated = Collections.synchronizedSet(new HashSet());
    private final RequestConfig timeoutConfig = RequestConfig.custom().setConnectTimeout(DEFAULT_TIMEOUT).setConnectionRequestTimeout(DEFAULT_TIMEOUT).setSocketTimeout(DEFAULT_TIMEOUT).build();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sap/cloud/security/client/DefaultHttpClientFactory$SslConnection.class */
    public static class SslConnection {
        SSLContext context;
        SSLConnectionSocketFactory sslSocketFactory;
        PoolingHttpClientConnectionManager poolingConnectionManager;

        public SslConnection(ClientIdentity clientIdentity) {
            try {
                this.context = SSLContextFactory.getInstance().create(clientIdentity);
                this.sslSocketFactory = new SSLConnectionSocketFactory(this.context);
                this.poolingConnectionManager = new PoolingHttpClientConnectionManager(RegistryBuilder.create().register("http", PlainConnectionSocketFactory.getSocketFactory()).register("https", this.sslSocketFactory).build());
                this.poolingConnectionManager.setDefaultMaxPerRoute(DefaultHttpClientFactory.MAX_CONNECTIONS_PER_ROUTE);
                this.poolingConnectionManager.setMaxTotal(DefaultHttpClientFactory.MAX_CONNECTIONS);
            } catch (IOException | GeneralSecurityException e) {
                throw new HttpClientException(String.format("Couldn't set up https client for service provider %s. %s.", clientIdentity.getId(), e.getLocalizedMessage()));
            }
        }
    }

    @Override // com.sap.cloud.security.client.HttpClientFactory
    public CloseableHttpClient createClient(ClientIdentity clientIdentity) throws HttpClientException {
        String id = clientIdentity != null ? clientIdentity.getId() : null;
        if (this.httpClientsCreated.contains(id)) {
            LOGGER.warn("Application has already created HttpClient for clientId = {}, please check.", id);
        }
        this.httpClientsCreated.add(id);
        if (id == null || !clientIdentity.isCertificateBased()) {
            LOGGER.warn("In productive environment provide well configured HttpClientFactory service, don't use default http client");
            return HttpClients.createDefault();
        }
        LOGGER.info("In productive environment provide well configured HttpClientFactory service");
        SslConnection computeIfAbsent = this.sslConnectionPool.computeIfAbsent(id, str -> {
            return new SslConnection(clientIdentity);
        });
        return HttpClients.custom().setDefaultRequestConfig(this.timeoutConfig).setConnectionManager(computeIfAbsent.poolingConnectionManager).setSSLContext(computeIfAbsent.context).setSSLSocketFactory(computeIfAbsent.sslSocketFactory).build();
    }
}
