package cn.herodotus.engine.web.rest.configuration;

import cn.herodotus.engine.web.rest.annotation.ConditionalOnFeignUseOkHttp;
import feign.Client;
import jakarta.annotation.PostConstruct;
import jakarta.annotation.PreDestroy;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import okhttp3.ConnectionPool;
import okhttp3.OkHttpClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.cloud.openfeign.loadbalancer.FeignLoadBalancerAutoConfiguration;
import org.springframework.cloud.openfeign.support.FeignHttpClientProperties;
import org.springframework.context.annotation.Bean;

@AutoConfiguration(before = {FeignLoadBalancerAutoConfiguration.class})
@ConditionalOnFeignUseOkHttp
/* loaded from: input_file:cn/herodotus/engine/web/rest/configuration/OkHttpFeignConfiguration.class */
public class OkHttpFeignConfiguration {
    private static final Logger log = LoggerFactory.getLogger(OkHttpFeignConfiguration.class);
    private OkHttpClient okHttpClient;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:cn/herodotus/engine/web/rest/configuration/OkHttpFeignConfiguration$DisableValidationTrustManager.class */
    public class DisableValidationTrustManager implements X509TrustManager {
        DisableValidationTrustManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:cn/herodotus/engine/web/rest/configuration/OkHttpFeignConfiguration$TrustAllHostnames.class */
    public class TrustAllHostnames implements HostnameVerifier {
        TrustAllHostnames() {
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            return true;
        }
    }

    @PostConstruct
    public void postConstruct() {
        log.debug("[Herodotus] |- SDK [Web OkHttp] Auto Configure.");
    }

    @ConditionalOnMissingBean
    @Bean
    public OkHttpClient.Builder okHttpClientBuilder() {
        return new OkHttpClient.Builder();
    }

    @ConditionalOnMissingBean({ConnectionPool.class})
    @Bean
    public ConnectionPool httpClientConnectionPool(FeignHttpClientProperties feignHttpClientProperties) {
        return new ConnectionPool(feignHttpClientProperties.getMaxConnections(), feignHttpClientProperties.getTimeToLive(), feignHttpClientProperties.getTimeToLiveUnit());
    }

    @Bean
    public OkHttpClient okHttpClient(OkHttpClient.Builder builder, ConnectionPool connectionPool, FeignHttpClientProperties feignHttpClientProperties) {
        boolean isFollowRedirects = feignHttpClientProperties.isFollowRedirects();
        int connectionTimeout = feignHttpClientProperties.getConnectionTimeout();
        boolean isDisableSslValidation = feignHttpClientProperties.isDisableSslValidation();
        Duration readTimeout = feignHttpClientProperties.getOkHttp().getReadTimeout();
        if (isDisableSslValidation) {
            disableSsl(builder);
        }
        this.okHttpClient = builder.connectTimeout(connectionTimeout, TimeUnit.MILLISECONDS).followRedirects(isFollowRedirects).readTimeout(readTimeout).connectionPool(connectionPool).build();
        return this.okHttpClient;
    }

    private void disableSsl(OkHttpClient.Builder builder) {
        try {
            DisableValidationTrustManager disableValidationTrustManager = new DisableValidationTrustManager();
            TrustManager[] trustManagerArr = {disableValidationTrustManager};
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            builder.sslSocketFactory(sSLContext.getSocketFactory(), disableValidationTrustManager);
            builder.hostnameVerifier(new TrustAllHostnames());
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            log.warn("Error setting SSLSocketFactory in OKHttpClient", e);
        }
    }

    @PreDestroy
    public void destroy() {
        if (this.okHttpClient != null) {
            this.okHttpClient.dispatcher().executorService().shutdown();
            this.okHttpClient.connectionPool().evictAll();
        }
    }

    @ConditionalOnMissingBean({Client.class})
    @Bean
    public Client feignClient(OkHttpClient okHttpClient) {
        return new feign.okhttp.OkHttpClient(okHttpClient);
    }
}
