package com.netflix.spinnaker.config.okhttp3;

import com.google.common.base.Preconditions;
import com.netflix.spinnaker.config.ServiceEndpoint;
import com.netflix.spinnaker.kork.exceptions.SystemException;
import com.netflix.spinnaker.okhttp.OkHttpClientConfigurationProperties;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.ConnectionSpec;
import okhttp3.OkHttpClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;

@Order(2147483646)
@Component
/* loaded from: input_file:com/netflix/spinnaker/config/okhttp3/DefaultOkHttpClientBuilderProvider.class */
public class DefaultOkHttpClientBuilderProvider implements OkHttpClientBuilderProvider {
    private static final Logger log = LoggerFactory.getLogger(DefaultOkHttpClientBuilderProvider.class);
    private final OkHttpClient okHttpClient;
    private final OkHttpClientConfigurationProperties okHttpClientConfigurationProperties;

    @Autowired
    public DefaultOkHttpClientBuilderProvider(OkHttpClient okHttpClient, OkHttpClientConfigurationProperties okHttpClientConfigurationProperties) {
        this.okHttpClient = okHttpClient;
        this.okHttpClientConfigurationProperties = okHttpClientConfigurationProperties;
    }

    @Override // com.netflix.spinnaker.config.okhttp3.OkHttpClientBuilderProvider
    public OkHttpClient.Builder get(ServiceEndpoint serviceEndpoint) {
        OkHttpClient.Builder newBuilder = this.okHttpClient.newBuilder();
        setSSLSocketFactory(newBuilder, serviceEndpoint);
        applyConnectionSpecs(newBuilder);
        return newBuilder;
    }

    protected OkHttpClient.Builder setSSLSocketFactory(OkHttpClient.Builder builder, ServiceEndpoint serviceEndpoint) {
        if ((this.okHttpClientConfigurationProperties.getKeyStore() == null && this.okHttpClientConfigurationProperties.getTrustStore() == null) || serviceEndpoint.isUseDefaultSslSocketFactory()) {
            return builder;
        }
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore = KeyStore.getInstance(this.okHttpClientConfigurationProperties.getKeyStoreType());
            keyStore.load(new FileInputStream(this.okHttpClientConfigurationProperties.getKeyStore()), this.okHttpClientConfigurationProperties.getKeyStorePassword().toCharArray());
            keyManagerFactory.init(keyStore, this.okHttpClientConfigurationProperties.getKeyStorePassword().toCharArray());
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore2 = KeyStore.getInstance(this.okHttpClientConfigurationProperties.getTrustStoreType());
            keyStore2.load(new FileInputStream(this.okHttpClientConfigurationProperties.getTrustStore()), this.okHttpClientConfigurationProperties.getTrustStorePassword().toCharArray());
            trustManagerFactory.init(keyStore2);
            SecureRandom secureRandom = SecureRandom.getInstance(this.okHttpClientConfigurationProperties.getSecureRandomInstanceType());
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), secureRandom);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            Preconditions.checkState(trustManagers.length == 1, "Found multiple trust managers; don't know which one to use");
            Preconditions.checkState(trustManagers[0] instanceof X509TrustManager, "Configured TrustManager is a %s, not an X509TrustManager; don't know how to configure it", trustManagers[0].getClass().getSimpleName());
            builder.sslSocketFactory(sSLContext.getSocketFactory(), (X509TrustManager) trustManagers[0]);
            return builder;
        } catch (Exception e) {
            log.error("Unable to set ssl socket factory for {}", serviceEndpoint.getBaseUrl(), e);
            throw new SystemException(String.format("Unable to set ssl socket factory for (%s)", serviceEndpoint.getBaseUrl()), e);
        }
    }

    protected OkHttpClient.Builder applyConnectionSpecs(OkHttpClient.Builder builder) {
        ConnectionSpec.Builder builder2 = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS);
        if (this.okHttpClientConfigurationProperties.getCipherSuites() != null) {
            builder2.cipherSuites((String[]) this.okHttpClientConfigurationProperties.getCipherSuites().toArray(new String[0]));
        } else {
            builder2.cipherSuites((String[]) ((List) Objects.requireNonNull(ConnectionSpec.MODERN_TLS.cipherSuites())).stream().map((v0) -> {
                return v0.javaName();
            }).toArray(i -> {
                return new String[i];
            }));
        }
        if (this.okHttpClientConfigurationProperties.getTlsVersions() != null) {
            builder2.tlsVersions((String[]) this.okHttpClientConfigurationProperties.getTlsVersions().toArray(new String[0]));
        } else {
            builder2.tlsVersions((String[]) ((List) Objects.requireNonNull(ConnectionSpec.MODERN_TLS.tlsVersions())).stream().map((v0) -> {
                return v0.javaName();
            }).toArray(i2 -> {
                return new String[i2];
            }));
        }
        return builder.connectionSpecs(Arrays.asList(builder2.build(), ConnectionSpec.CLEARTEXT));
    }
}
