package ai.vespa.util.http.hc5;

import com.yahoo.security.tls.MixedMode;
import com.yahoo.security.tls.TransportSecurityUtils;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HostnameVerifier;
import org.apache.hc.client5.http.config.ConnectionConfig;
import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager;
import org.apache.hc.client5.http.socket.ConnectionSocketFactory;
import org.apache.hc.client5.http.socket.PlainConnectionSocketFactory;
import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory;
import org.apache.hc.core5.http.config.Registry;
import org.apache.hc.core5.http.config.RegistryBuilder;
import org.apache.hc.core5.util.TimeValue;
import org.apache.hc.core5.util.Timeout;

/* loaded from: input_file:ai/vespa/util/http/hc5/VespaHttpClientBuilder.class */
public class VespaHttpClientBuilder {
    private HttpClientConnectionManagerFactory connectionManagerFactory = PoolingHttpClientConnectionManager::new;
    private HostnameVerifier hostnameVerifier = new NoopHostnameVerifier();
    private boolean rewriteHttpToHttps = true;
    private final ConnectionConfig.Builder connectionConfigBuilder = ConnectionConfig.custom();

    /* loaded from: input_file:ai/vespa/util/http/hc5/VespaHttpClientBuilder$HttpClientConnectionManagerFactory.class */
    public interface HttpClientConnectionManagerFactory {
        PoolingHttpClientConnectionManager create(Registry<ConnectionSocketFactory> registry);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:ai/vespa/util/http/hc5/VespaHttpClientBuilder$HttpClientConnectionManagerFactoryProxy.class */
    public class HttpClientConnectionManagerFactoryProxy implements HttpClientConnectionManagerFactory {
        private HttpClientConnectionManagerFactoryProxy() {
        }

        @Override // ai.vespa.util.http.hc5.VespaHttpClientBuilder.HttpClientConnectionManagerFactory
        public PoolingHttpClientConnectionManager create(Registry<ConnectionSocketFactory> registry) {
            PoolingHttpClientConnectionManager create = VespaHttpClientBuilder.this.connectionManagerFactory.create(registry);
            create.setDefaultConnectionConfig(VespaHttpClientBuilder.this.connectionConfigBuilder.build());
            return create;
        }
    }

    private VespaHttpClientBuilder() {
    }

    public static VespaHttpClientBuilder custom() {
        return new VespaHttpClientBuilder();
    }

    public VespaHttpClientBuilder connectionManagerFactory(HttpClientConnectionManagerFactory httpClientConnectionManagerFactory) {
        this.connectionManagerFactory = httpClientConnectionManagerFactory;
        return this;
    }

    public VespaHttpClientBuilder hostnameVerifier(HostnameVerifier hostnameVerifier) {
        this.hostnameVerifier = hostnameVerifier;
        return this;
    }

    public VespaHttpClientBuilder rewriteHttpToHttps(boolean z) {
        this.rewriteHttpToHttps = z;
        return this;
    }

    public VespaHttpClientBuilder connectTimeout(long j, TimeUnit timeUnit) {
        this.connectionConfigBuilder.setConnectTimeout(j, timeUnit);
        return this;
    }

    public VespaHttpClientBuilder connectTimeout(Timeout timeout) {
        this.connectionConfigBuilder.setConnectTimeout(timeout);
        return this;
    }

    public VespaHttpClientBuilder socketTimeout(int i, TimeUnit timeUnit) {
        this.connectionConfigBuilder.setSocketTimeout(i, timeUnit);
        return this;
    }

    public VespaHttpClientBuilder socketTimeout(Timeout timeout) {
        this.connectionConfigBuilder.setSocketTimeout(timeout);
        return this;
    }

    public VespaHttpClientBuilder validateAfterInactivity(TimeValue timeValue) {
        this.connectionConfigBuilder.setValidateAfterInactivity(timeValue);
        return this;
    }

    public HttpClientBuilder apacheBuilder() {
        HttpClientBuilder create = HttpClientBuilder.create();
        addSslSocketFactory(create, new HttpClientConnectionManagerFactoryProxy(), this.hostnameVerifier);
        if (this.rewriteHttpToHttps) {
            addHttpsRewritingRoutePlanner(create);
        }
        create.disableConnectionState();
        create.disableCookieManagement();
        create.disableAuthCaching();
        create.disableRedirectHandling();
        return create;
    }

    public CloseableHttpClient buildClient() {
        return apacheBuilder().build();
    }

    private static void addSslSocketFactory(HttpClientBuilder httpClientBuilder, HttpClientConnectionManagerFactory httpClientConnectionManagerFactory, HostnameVerifier hostnameVerifier) {
        TransportSecurityUtils.getSystemTlsContext().ifPresent(tlsContext -> {
            httpClientBuilder.setConnectionManager(httpClientConnectionManagerFactory.create(createRegistry(SslConnectionSocketFactory.of(tlsContext, hostnameVerifier))));
            httpClientBuilder.setUserTokenHandler((httpRoute, httpContext) -> {
                return null;
            });
        });
    }

    private static Registry<ConnectionSocketFactory> createRegistry(SSLConnectionSocketFactory sSLConnectionSocketFactory) {
        return RegistryBuilder.create().register("https", sSLConnectionSocketFactory).register("http", PlainConnectionSocketFactory.getSocketFactory()).build();
    }

    private static void addHttpsRewritingRoutePlanner(HttpClientBuilder httpClientBuilder) {
        if (!TransportSecurityUtils.isTransportSecurityEnabled() || TransportSecurityUtils.getInsecureMixedMode() == MixedMode.PLAINTEXT_CLIENT_MIXED_SERVER) {
            return;
        }
        httpClientBuilder.setRoutePlanner(new HttpToHttpsRoutePlanner());
    }
}
