package com.mulesoft.mule.runtime.gw.client.httpclient;

import com.google.common.collect.Lists;
import com.mulesoft.mule.runtime.gw.api.config.PlatformClientConfiguration;
import com.mulesoft.mule.runtime.gw.client.httpclient.connection.RestartableConnectionManager;
import com.mulesoft.mule.runtime.gw.client.httpclient.interceptors.HttpRequestResponseInterceptor;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.NTCredentials;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.config.SocketConfig;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;

/* loaded from: input_file:com/mulesoft/mule/runtime/gw/client/httpclient/GatewayHttpClientBuilder.class */
public class GatewayHttpClientBuilder {
    private HttpClientBuilder clientBuilder = HttpClientBuilder.create();
    private RequestConfig.Builder requestConfigBuilder = RequestConfig.custom();
    private SocketConfig.Builder socketConfigBuilder = SocketConfig.custom();
    private boolean sslValidationEnabled;

    public GatewayHttpClientBuilder withClientConfiguration(PlatformClientConfiguration platformClientConfiguration) {
        timeouts(platformClientConfiguration);
        setupProxy(platformClientConfiguration);
        return this;
    }

    public GatewayHttpClientBuilder withRequestResponseInterceptors(HttpRequestResponseInterceptor... httpRequestResponseInterceptorArr) {
        Arrays.asList(httpRequestResponseInterceptorArr).forEach(httpRequestResponseInterceptor -> {
            this.clientBuilder.addInterceptorLast(httpRequestResponseInterceptor);
            this.clientBuilder.addInterceptorLast(httpRequestResponseInterceptor);
        });
        return this;
    }

    public GatewayHttpClientBuilder withSslValidationEnabled(boolean z) {
        this.sslValidationEnabled = z;
        return this;
    }

    public GatewayHttpClient build() {
        RestartableConnectionManager restartableConnectionManager = setupConnectionManager();
        RequestConfig build = this.requestConfigBuilder.build();
        SocketConfig build2 = this.socketConfigBuilder.build();
        this.clientBuilder.setDefaultRequestConfig(build);
        this.clientBuilder.setDefaultSocketConfig(build2);
        this.clientBuilder.setConnectionManager(restartableConnectionManager);
        return new GatewayHttpClient(this.clientBuilder.build(), restartableConnectionManager, build.getConnectTimeout() / 2);
    }

    private void timeouts(PlatformClientConfiguration platformClientConfiguration) {
        this.socketConfigBuilder.setSoTimeout((int) platformClientConfiguration.getReadTimeout().inMillis());
        this.requestConfigBuilder.setSocketTimeout((int) platformClientConfiguration.getReadTimeout().inMillis());
        this.requestConfigBuilder.setConnectTimeout((int) platformClientConfiguration.getConnectTimeout().inMillis());
        this.requestConfigBuilder.setConnectionRequestTimeout((int) platformClientConfiguration.getConnectTimeout().inMillis());
    }

    protected SSLContext getSslContext() {
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: com.mulesoft.mule.runtime.gw.client.httpclient.GatewayHttpClientBuilder.1
            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }
        }};
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            return sSLContext;
        } catch (GeneralSecurityException e) {
            throw new GatewayHttpClientBuildException("General Security Exception when initializing SSL context");
        }
    }

    protected RestartableConnectionManager setupConnectionManager() {
        try {
            return !this.sslValidationEnabled ? new RestartableConnectionManager(() -> {
                return new PoolingHttpClientConnectionManager(connectionSocketFactory());
            }) : new RestartableConnectionManager(PoolingHttpClientConnectionManager::new);
        } catch (Exception e) {
            throw new GatewayHttpClientBuildException(e.getMessage());
        }
    }

    protected Registry<ConnectionSocketFactory> connectionSocketFactory() {
        return RegistryBuilder.create().register("https", new SSLConnectionSocketFactory(getSslContext(), NoopHostnameVerifier.INSTANCE)).register("http", PlainConnectionSocketFactory.getSocketFactory()).build();
    }

    private void setupProxy(PlatformClientConfiguration platformClientConfiguration) {
        if (platformClientConfiguration.getProxyHost() != null) {
            this.requestConfigBuilder.setProxy(new HttpHost(platformClientConfiguration.getProxyHost(), platformClientConfiguration.getProxyPort()));
            if (platformClientConfiguration.getProxyUserName() != null) {
                this.requestConfigBuilder.setProxyPreferredAuthSchemes(Lists.newArrayList(new String[]{"Basic", "Digest", "NTLM"}));
                AuthScope authScope = new AuthScope(platformClientConfiguration.getProxyHost(), platformClientConfiguration.getProxyPort(), AuthScope.ANY_REALM, "NTLM");
                AuthScope authScope2 = new AuthScope(platformClientConfiguration.getProxyHost(), platformClientConfiguration.getProxyPort(), AuthScope.ANY_REALM, "Basic");
                NTCredentials ntCredentials = ntCredentials(platformClientConfiguration);
                UsernamePasswordCredentials usernamePasswordCredentials = new UsernamePasswordCredentials(platformClientConfiguration.getProxyUserName(), platformClientConfiguration.getProxyPassword());
                BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
                basicCredentialsProvider.setCredentials(authScope2, usernamePasswordCredentials);
                basicCredentialsProvider.setCredentials(authScope, ntCredentials);
                this.clientBuilder.setDefaultCredentialsProvider(basicCredentialsProvider);
            }
        }
    }

    private NTCredentials ntCredentials(PlatformClientConfiguration platformClientConfiguration) {
        NTCredentials nTCredentials;
        if (platformClientConfiguration.getProxyUserName().contains("\\")) {
            nTCredentials = new NTCredentials(StringUtils.substringAfter(platformClientConfiguration.getProxyUserName(), "\\"), platformClientConfiguration.getProxyPassword(), "", StringUtils.substringBefore(platformClientConfiguration.getProxyUserName(), "\\"));
        } else {
            nTCredentials = new NTCredentials(platformClientConfiguration.getProxyUserName(), platformClientConfiguration.getProxyPassword(), "", "");
        }
        return nTCredentials;
    }
}
