package org.keycloak.connections.httpclient;

import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.conn.ssl.BrowserCompatHostnameVerifier;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.StrictHostnameVerifier;
import org.apache.http.conn.util.PublicSuffixMatcherLoader;
import org.apache.http.impl.NoConnectionReuseStrategy;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.ssl.TrustStrategy;
import org.keycloak.common.enums.HostnameVerificationPolicy;
import org.keycloak.userprofile.DeclarativeUserProfileProviderFactory;

/* loaded from: input_file:org/keycloak/connections/httpclient/HttpClientBuilder.class */
public class HttpClientBuilder {
    protected KeyStore truststore;
    protected KeyStore clientKeyStore;
    protected String clientPrivateKeyPassword;
    protected boolean disableTrustManager;
    protected SSLContext sslContext;
    protected ProxyMappings proxyMappings;
    protected HostnameVerificationPolicy policy = HostnameVerificationPolicy.DEFAULT;
    protected int connectionPoolSize = 128;
    protected int maxPooledPerRoute = 64;
    protected long connectionTTL = -1;
    protected boolean reuseConnections = true;
    protected TimeUnit connectionTTLUnit = TimeUnit.MILLISECONDS;
    protected long maxConnectionIdleTime = 900000;
    protected TimeUnit maxConnectionIdleTimeUnit = TimeUnit.MILLISECONDS;
    protected long socketTimeout = -1;
    protected TimeUnit socketTimeoutUnits = TimeUnit.MILLISECONDS;
    protected long establishConnectionTimeout = -1;
    protected TimeUnit establishConnectionTimeoutUnits = TimeUnit.MILLISECONDS;
    protected boolean disableCookies = false;
    protected boolean expectContinueEnabled = false;

    /* renamed from: org.keycloak.connections.httpclient.HttpClientBuilder$1, reason: invalid class name */
    /* loaded from: input_file:org/keycloak/connections/httpclient/HttpClientBuilder$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$keycloak$common$enums$HostnameVerificationPolicy = new int[HostnameVerificationPolicy.values().length];

        static {
            try {
                $SwitchMap$org$keycloak$common$enums$HostnameVerificationPolicy[HostnameVerificationPolicy.ANY.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$keycloak$common$enums$HostnameVerificationPolicy[HostnameVerificationPolicy.WILDCARD.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$keycloak$common$enums$HostnameVerificationPolicy[HostnameVerificationPolicy.STRICT.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$keycloak$common$enums$HostnameVerificationPolicy[HostnameVerificationPolicy.DEFAULT.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    /* loaded from: input_file:org/keycloak/connections/httpclient/HttpClientBuilder$PassthroughTrustManager.class */
    private static class PassthroughTrustManager implements X509TrustManager {
        private PassthroughTrustManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }

    public HttpClientBuilder socketTimeout(long j, TimeUnit timeUnit) {
        this.socketTimeout = j;
        this.socketTimeoutUnits = timeUnit;
        return this;
    }

    public HttpClientBuilder establishConnectionTimeout(long j, TimeUnit timeUnit) {
        this.establishConnectionTimeout = j;
        this.establishConnectionTimeoutUnits = timeUnit;
        return this;
    }

    public HttpClientBuilder connectionTTL(long j, TimeUnit timeUnit) {
        this.connectionTTL = j;
        this.connectionTTLUnit = timeUnit;
        return this;
    }

    public HttpClientBuilder reuseConnections(boolean z) {
        this.reuseConnections = z;
        return this;
    }

    public HttpClientBuilder maxConnectionIdleTime(long j, TimeUnit timeUnit) {
        this.maxConnectionIdleTime = j;
        this.maxConnectionIdleTimeUnit = timeUnit;
        return this;
    }

    public HttpClientBuilder maxPooledPerRoute(int i) {
        this.maxPooledPerRoute = i;
        return this;
    }

    public HttpClientBuilder connectionPoolSize(int i) {
        this.connectionPoolSize = i;
        return this;
    }

    public HttpClientBuilder disableTrustManager() {
        this.disableTrustManager = true;
        return this;
    }

    public HttpClientBuilder disableCookies(boolean z) {
        this.disableCookies = z;
        return this;
    }

    public HttpClientBuilder hostnameVerification(HostnameVerificationPolicy hostnameVerificationPolicy) {
        this.policy = hostnameVerificationPolicy;
        return this;
    }

    public HttpClientBuilder sslContext(SSLContext sSLContext) {
        this.sslContext = sSLContext;
        return this;
    }

    public HttpClientBuilder trustStore(KeyStore keyStore) {
        this.truststore = keyStore;
        return this;
    }

    public HttpClientBuilder keyStore(KeyStore keyStore, String str) {
        this.clientKeyStore = keyStore;
        this.clientPrivateKeyPassword = str;
        return this;
    }

    public HttpClientBuilder keyStore(KeyStore keyStore, char[] cArr) {
        this.clientKeyStore = keyStore;
        this.clientPrivateKeyPassword = new String(cArr);
        return this;
    }

    public HttpClientBuilder proxyMappings(ProxyMappings proxyMappings) {
        this.proxyMappings = proxyMappings;
        return this;
    }

    public HttpClientBuilder expectContinueEnabled(boolean z) {
        this.expectContinueEnabled = z;
        return this;
    }

    public CloseableHttpClient build() {
        SSLConnectionSocketFactory sSLConnectionSocketFactory;
        NoopHostnameVerifier noopHostnameVerifier = null;
        switch (AnonymousClass1.$SwitchMap$org$keycloak$common$enums$HostnameVerificationPolicy[this.policy.ordinal()]) {
            case DeclarativeUserProfileProviderFactory.PROVIDER_PRIORITY /* 1 */:
                noopHostnameVerifier = new NoopHostnameVerifier();
                break;
            case 2:
                noopHostnameVerifier = new BrowserCompatHostnameVerifier();
                break;
            case 3:
                noopHostnameVerifier = new StrictHostnameVerifier();
                break;
            case 4:
                noopHostnameVerifier = new DefaultHostnameVerifier(PublicSuffixMatcherLoader.getDefault());
                break;
        }
        try {
            SSLContext sSLContext = this.sslContext;
            if (this.disableTrustManager) {
                SSLContext sSLContext2 = SSLContext.getInstance("TLS");
                sSLContext2.init(null, new TrustManager[]{new PassthroughTrustManager()}, new SecureRandom());
                sSLConnectionSocketFactory = new SSLConnectionSocketFactory(sSLContext2, new NoopHostnameVerifier());
            } else if (sSLContext != null) {
                sSLConnectionSocketFactory = new SSLConnectionSocketFactory(sSLContext, noopHostnameVerifier);
            } else if (this.clientKeyStore == null && this.truststore == null) {
                SSLContext sSLContext3 = SSLContext.getInstance("TLS");
                sSLContext3.init(null, null, null);
                sSLConnectionSocketFactory = new SSLConnectionSocketFactory(sSLContext3, noopHostnameVerifier);
            } else {
                sSLConnectionSocketFactory = new SSLConnectionSocketFactory(createSslContext("TLS", this.clientKeyStore, this.clientPrivateKeyPassword, this.truststore, null), noopHostnameVerifier);
            }
            org.apache.http.impl.client.HttpClientBuilder connectionTimeToLive = getApacheHttpClientBuilder().setDefaultRequestConfig(RequestConfig.custom().setConnectTimeout((int) TimeUnit.MILLISECONDS.convert(this.establishConnectionTimeout, this.establishConnectionTimeoutUnits)).setSocketTimeout((int) TimeUnit.MILLISECONDS.convert(this.socketTimeout, this.socketTimeoutUnits)).setExpectContinueEnabled(this.expectContinueEnabled).build()).setSSLSocketFactory(sSLConnectionSocketFactory).setMaxConnTotal(this.connectionPoolSize).setMaxConnPerRoute(this.maxPooledPerRoute).setConnectionTimeToLive(this.connectionTTL, this.connectionTTLUnit);
            if (!this.reuseConnections) {
                connectionTimeToLive.setConnectionReuseStrategy(new NoConnectionReuseStrategy());
            }
            if (this.proxyMappings != null && !this.proxyMappings.isEmpty()) {
                connectionTimeToLive.setRoutePlanner(new ProxyMappingsAwareRoutePlanner(this.proxyMappings));
            }
            if (this.maxConnectionIdleTime > 0) {
                connectionTimeToLive.evictIdleConnections(this.maxConnectionIdleTime, this.maxConnectionIdleTimeUnit);
            }
            if (this.disableCookies) {
                connectionTimeToLive.disableCookieManagement();
            }
            if (!this.reuseConnections) {
                connectionTimeToLive.setConnectionReuseStrategy(new NoConnectionReuseStrategy());
            }
            return connectionTimeToLive.build();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    protected org.apache.http.impl.client.HttpClientBuilder getApacheHttpClientBuilder() {
        return HttpClients.custom();
    }

    private SSLContext createSslContext(String str, KeyStore keyStore, String str2, KeyStore keyStore2, SecureRandom secureRandom) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
        return SSLContexts.custom().setProtocol(str).setSecureRandom(secureRandom).loadKeyMaterial(keyStore, str2 != null ? str2.toCharArray() : null).loadTrustMaterial(keyStore2, (TrustStrategy) null).build();
    }
}
