package io.trino.plugin.bigquery;

import com.google.api.client.http.apache.v2.ApacheHttpTransport;
import com.google.cloud.http.HttpTransportOptions;
import com.google.inject.Inject;
import io.grpc.HttpConnectProxiedSocketAddress;
import io.grpc.ProxiedSocketAddress;
import io.trino.plugin.base.ssl.SslUtils;
import io.trino.spi.TrinoException;
import java.io.File;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.util.Objects;
import java.util.Optional;
import javax.net.ssl.SSLContext;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.ProxyAuthenticationStrategy;
import org.apache.http.impl.conn.DefaultProxyRoutePlanner;

/* loaded from: input_file:io/trino/plugin/bigquery/ProxyTransportFactory.class */
public interface ProxyTransportFactory {

    /* loaded from: input_file:io/trino/plugin/bigquery/ProxyTransportFactory$DefaultProxyTransportFactory.class */
    public static class DefaultProxyTransportFactory implements ProxyTransportFactory {
        private final HttpTransportOptions transportOptions;
        private final Optional<SSLContext> sslContext;
        private final URI proxyUri;
        private final Optional<String> proxyUsername;
        private final Optional<String> proxyPassword;

        @Inject
        public DefaultProxyTransportFactory(BigQueryProxyConfig bigQueryProxyConfig) {
            Objects.requireNonNull(bigQueryProxyConfig, "proxyConfig is null");
            this.proxyUri = bigQueryProxyConfig.getUri();
            this.proxyUsername = bigQueryProxyConfig.getUsername();
            this.proxyPassword = bigQueryProxyConfig.getPassword();
            this.sslContext = buildSslContext(bigQueryProxyConfig.getKeystorePath(), bigQueryProxyConfig.getKeystorePassword(), bigQueryProxyConfig.getTruststorePath(), bigQueryProxyConfig.getTruststorePassword());
            this.transportOptions = buildTransportOptions(this.sslContext, this.proxyUri, this.proxyUsername, this.proxyPassword);
        }

        @Override // io.trino.plugin.bigquery.ProxyTransportFactory
        public HttpTransportOptions getTransportOptions() {
            return this.transportOptions;
        }

        @Override // io.trino.plugin.bigquery.ProxyTransportFactory
        public Optional<SSLContext> getSslContext() {
            return this.sslContext;
        }

        @Override // io.trino.plugin.bigquery.ProxyTransportFactory
        public ProxiedSocketAddress createProxyDetector(SocketAddress socketAddress) {
            HttpConnectProxiedSocketAddress.Builder targetAddress = HttpConnectProxiedSocketAddress.newBuilder().setProxyAddress(new InetSocketAddress(this.proxyUri.getHost(), this.proxyUri.getPort())).setTargetAddress((InetSocketAddress) socketAddress);
            Optional<String> optional = this.proxyUsername;
            Objects.requireNonNull(targetAddress);
            optional.ifPresent(targetAddress::setUsername);
            Optional<String> optional2 = this.proxyPassword;
            Objects.requireNonNull(targetAddress);
            optional2.ifPresent(targetAddress::setPassword);
            return targetAddress.build();
        }

        private static HttpTransportOptions buildTransportOptions(Optional<SSLContext> optional, URI uri, Optional<String> optional2, Optional<String> optional3) {
            HttpHost httpHost = new HttpHost(uri.getHost(), uri.getPort());
            HttpClientBuilder routePlanner = ApacheHttpTransport.newDefaultHttpClientBuilder().setRoutePlanner(new DefaultProxyRoutePlanner(httpHost));
            if (optional.isPresent()) {
                routePlanner.setSSLSocketFactory(new SSLConnectionSocketFactory(optional.get()));
            }
            if (optional2.isPresent()) {
                BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
                basicCredentialsProvider.setCredentials(new AuthScope(httpHost.getHostName(), httpHost.getPort()), new UsernamePasswordCredentials(optional2.get(), optional3.orElse("")));
                routePlanner.setProxyAuthenticationStrategy(ProxyAuthenticationStrategy.INSTANCE).setDefaultCredentialsProvider(basicCredentialsProvider);
            }
            CloseableHttpClient build = routePlanner.build();
            return HttpTransportOptions.newBuilder().setHttpTransportFactory(() -> {
                return new ApacheHttpTransport(build);
            }).build();
        }

        private static Optional<SSLContext> buildSslContext(Optional<File> optional, Optional<String> optional2, Optional<File> optional3, Optional<String> optional4) {
            if (optional.isEmpty() && optional3.isEmpty()) {
                return Optional.empty();
            }
            try {
                return Optional.of(SslUtils.createSSLContext(optional, optional2, optional3, optional4));
            } catch (IOException | GeneralSecurityException e) {
                throw new TrinoException(BigQueryErrorCode.BIGQUERY_PROXY_SSL_INITIALIZATION_FAILED, e);
            }
        }
    }

    HttpTransportOptions getTransportOptions();

    Optional<SSLContext> getSslContext();

    ProxiedSocketAddress createProxyDetector(SocketAddress socketAddress);
}
