package com.github.tomakehurst.wiremock.http;

import com.github.tomakehurst.wiremock.common.Exceptions;
import com.github.tomakehurst.wiremock.common.LocalNotifier;
import com.github.tomakehurst.wiremock.common.NetworkAddressRules;
import com.github.tomakehurst.wiremock.common.ProxySettings;
import com.github.tomakehurst.wiremock.common.Strings;
import com.github.tomakehurst.wiremock.common.ssl.KeyStoreSettings;
import com.github.tomakehurst.wiremock.http.ssl.HostVerifyingSSLSocketFactory;
import com.github.tomakehurst.wiremock.http.ssl.SSLContextBuilder;
import com.github.tomakehurst.wiremock.http.ssl.TrustEverythingStrategy;
import com.github.tomakehurst.wiremock.http.ssl.TrustSelfSignedStrategy;
import com.github.tomakehurst.wiremock.http.ssl.TrustSpecificHostsStrategy;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;
import javax.net.ssl.SSLContext;
import org.apache.hc.client5.http.auth.AuthScope;
import org.apache.hc.client5.http.auth.UsernamePasswordCredentials;
import org.apache.hc.client5.http.classic.methods.HttpDelete;
import org.apache.hc.client5.http.classic.methods.HttpGet;
import org.apache.hc.client5.http.classic.methods.HttpHead;
import org.apache.hc.client5.http.classic.methods.HttpOptions;
import org.apache.hc.client5.http.classic.methods.HttpPatch;
import org.apache.hc.client5.http.classic.methods.HttpPost;
import org.apache.hc.client5.http.classic.methods.HttpPut;
import org.apache.hc.client5.http.classic.methods.HttpTrace;
import org.apache.hc.client5.http.classic.methods.HttpUriRequest;
import org.apache.hc.client5.http.classic.methods.HttpUriRequestBase;
import org.apache.hc.client5.http.config.RequestConfig;
import org.apache.hc.client5.http.impl.DefaultAuthenticationStrategy;
import org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider;
import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
import org.apache.hc.client5.http.impl.io.ManagedHttpClientConnectionFactory;
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
import org.apache.hc.client5.http.socket.LayeredConnectionSocketFactory;
import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.http.config.CharCodingConfig;
import org.apache.hc.core5.http.config.Http1Config;
import org.apache.hc.core5.http.io.HttpMessageParserFactory;
import org.apache.hc.core5.util.TextUtils;
import org.apache.hc.core5.util.TimeValue;
import org.apache.hc.core5.util.Timeout;

/* loaded from: input_file:com/github/tomakehurst/wiremock/http/HttpClientFactory.class */
public class HttpClientFactory {
    public static final int DEFAULT_MAX_CONNECTIONS = 50;
    public static final int DEFAULT_TIMEOUT = 30000;

    public static CloseableHttpClient createClient(int i, int i2, ProxySettings proxySettings, KeyStoreSettings keyStoreSettings, boolean z, List<String> list, boolean z2, NetworkAddressRules networkAddressRules, boolean z3) {
        NetworkAddressRulesAdheringDnsResolver networkAddressRulesAdheringDnsResolver = new NetworkAddressRulesAdheringDnsResolver(networkAddressRules);
        HttpClientBuilder defaultRequestConfig = HttpClientBuilder.create().disableAuthCaching().disableAutomaticRetries().disableCookieManagement().disableRedirectHandling().disableContentCompression().setDefaultRequestConfig(RequestConfig.custom().setResponseTimeout(Timeout.ofMilliseconds(i2)).setProtocolUpgradeEnabled(false).build());
        if (z3) {
            defaultRequestConfig.setConnectionReuseStrategy((httpRequest, httpResponse, httpContext) -> {
                return false;
            }).setKeepAliveStrategy((httpResponse2, httpContext2) -> {
                return TimeValue.ZERO_MILLISECONDS;
            });
        }
        if (z2) {
            defaultRequestConfig.useSystemProperties();
        }
        if (proxySettings != ProxySettings.NO_PROXY) {
            defaultRequestConfig.setProxy(new HttpHost(proxySettings.host(), proxySettings.port()));
            if (Strings.isNotEmpty(proxySettings.getUsername()) && Strings.isNotEmpty(proxySettings.getPassword())) {
                defaultRequestConfig.setProxyAuthenticationStrategy(new DefaultAuthenticationStrategy());
                BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
                basicCredentialsProvider.setCredentials(new AuthScope(proxySettings.host(), proxySettings.port()), new UsernamePasswordCredentials(proxySettings.getUsername(), proxySettings.getPassword().toCharArray()));
                defaultRequestConfig.setDefaultCredentialsProvider(basicCredentialsProvider);
            }
        }
        defaultRequestConfig.setConnectionManager(PoolingHttpClientConnectionManagerBuilder.create().setSSLSocketFactory(buildSslConnectionSocketFactory(buildSslContext(keyStoreSettings, z, list))).setDnsResolver(networkAddressRulesAdheringDnsResolver).setMaxConnPerRoute(i).setMaxConnTotal(i).setValidateAfterInactivity(TimeValue.ofSeconds(5L)).setConnectionFactory(new ManagedHttpClientConnectionFactory((Http1Config) null, CharCodingConfig.custom().setCharset(StandardCharsets.UTF_8).build(), (HttpMessageParserFactory) null)).build());
        return defaultRequestConfig.build();
    }

    private static LayeredConnectionSocketFactory buildSslConnectionSocketFactory(SSLContext sSLContext) {
        return new SSLConnectionSocketFactory(new HostVerifyingSSLSocketFactory(sSLContext.getSocketFactory()), split(System.getProperty("https.protocols")), split(System.getProperty("https.cipherSuites")), new NoopHostnameVerifier());
    }

    private static String[] split(String str) {
        if (TextUtils.isBlank(str)) {
            return null;
        }
        return str.split(" *, *");
    }

    private static SSLContext buildSslContext(KeyStoreSettings keyStoreSettings, boolean z, List<String> list) {
        if (keyStoreSettings != KeyStoreSettings.NO_STORE) {
            return buildSSLContextWithTrustStore(keyStoreSettings, z, list);
        }
        if (z) {
            return buildAllowAnythingSSLContext();
        }
        try {
            return SSLContextBuilder.create().loadTrustMaterial(new TrustSpecificHostsStrategy(list)).build();
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            return (SSLContext) Exceptions.throwUnchecked(e, null);
        }
    }

    public static CloseableHttpClient createClient(int i, int i2, ProxySettings proxySettings, KeyStoreSettings keyStoreSettings, boolean z, NetworkAddressRules networkAddressRules, boolean z2) {
        return createClient(i, i2, proxySettings, keyStoreSettings, true, Collections.emptyList(), z, networkAddressRules, z2);
    }

    private static SSLContext buildSSLContextWithTrustStore(KeyStoreSettings keyStoreSettings, boolean z, List<String> list) {
        try {
            KeyStore loadStore = keyStoreSettings.loadStore();
            SSLContextBuilder loadKeyMaterial = SSLContextBuilder.create().loadKeyMaterial(loadStore, keyStoreSettings.password().toCharArray());
            if (z) {
                loadKeyMaterial.loadTrustMaterial(new TrustSelfSignedStrategy());
            } else if (containsCertificate(loadStore)) {
                loadKeyMaterial.loadTrustMaterial(loadStore, new TrustSpecificHostsStrategy(list));
            } else {
                loadKeyMaterial.loadTrustMaterial(new TrustSpecificHostsStrategy(list));
            }
            return loadKeyMaterial.build();
        } catch (Exception e) {
            return (SSLContext) Exceptions.throwUnchecked(e, SSLContext.class);
        }
    }

    private static boolean containsCertificate(KeyStore keyStore) throws KeyStoreException {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            if (keyStore.getEntry(aliases.nextElement(), null) instanceof KeyStore.TrustedCertificateEntry) {
                return true;
            }
        }
        return false;
    }

    private static SSLContext buildAllowAnythingSSLContext() {
        try {
            return SSLContextBuilder.create().loadTrustMaterial(new TrustEverythingStrategy()).build();
        } catch (Exception e) {
            return (SSLContext) Exceptions.throwUnchecked(e, null);
        }
    }

    public static CloseableHttpClient createClient(int i, int i2) {
        return createClient(i, i2, ProxySettings.NO_PROXY, KeyStoreSettings.NO_STORE, true, NetworkAddressRules.ALLOW_ALL, false);
    }

    public static CloseableHttpClient createClient(int i) {
        return createClient(50, i);
    }

    public static CloseableHttpClient createClient(ProxySettings proxySettings) {
        return createClient(50, DEFAULT_TIMEOUT, proxySettings, KeyStoreSettings.NO_STORE, true, NetworkAddressRules.ALLOW_ALL, false);
    }

    public static CloseableHttpClient createClient() {
        return createClient(DEFAULT_TIMEOUT);
    }

    public static HttpUriRequest getHttpRequestFor(RequestMethod requestMethod, String str) {
        LocalNotifier.notifier().info("Proxying: " + requestMethod + " " + str);
        return requestMethod.equals(RequestMethod.GET) ? new HttpGet(str) : requestMethod.equals(RequestMethod.POST) ? new HttpPost(str) : requestMethod.equals(RequestMethod.PUT) ? new HttpPut(str) : requestMethod.equals(RequestMethod.DELETE) ? new HttpDelete(str) : requestMethod.equals(RequestMethod.HEAD) ? new HttpHead(str) : requestMethod.equals(RequestMethod.OPTIONS) ? new HttpOptions(str) : requestMethod.equals(RequestMethod.TRACE) ? new HttpTrace(str) : requestMethod.equals(RequestMethod.PATCH) ? new HttpPatch(str) : new HttpUriRequestBase(requestMethod.toString(), URI.create(str));
    }
}
