package ai.vespa.util.http;

import com.yahoo.security.tls.MixedMode;
import com.yahoo.security.tls.TlsContext;
import com.yahoo.security.tls.TransportSecurityUtils;
import com.yahoo.vespa.feeder.shaded.internal.apache.http.HttpException;
import com.yahoo.vespa.feeder.shaded.internal.apache.http.HttpHost;
import com.yahoo.vespa.feeder.shaded.internal.apache.http.HttpRequest;
import com.yahoo.vespa.feeder.shaded.internal.apache.http.client.protocol.HttpClientContext;
import com.yahoo.vespa.feeder.shaded.internal.apache.http.config.Registry;
import com.yahoo.vespa.feeder.shaded.internal.apache.http.config.RegistryBuilder;
import com.yahoo.vespa.feeder.shaded.internal.apache.http.conn.HttpClientConnectionManager;
import com.yahoo.vespa.feeder.shaded.internal.apache.http.conn.UnsupportedSchemeException;
import com.yahoo.vespa.feeder.shaded.internal.apache.http.conn.routing.HttpRoute;
import com.yahoo.vespa.feeder.shaded.internal.apache.http.conn.routing.HttpRoutePlanner;
import com.yahoo.vespa.feeder.shaded.internal.apache.http.conn.socket.ConnectionSocketFactory;
import com.yahoo.vespa.feeder.shaded.internal.apache.http.conn.socket.PlainConnectionSocketFactory;
import com.yahoo.vespa.feeder.shaded.internal.apache.http.conn.ssl.NoopHostnameVerifier;
import com.yahoo.vespa.feeder.shaded.internal.apache.http.conn.ssl.SSLConnectionSocketFactory;
import com.yahoo.vespa.feeder.shaded.internal.apache.http.impl.client.HttpClientBuilder;
import com.yahoo.vespa.feeder.shaded.internal.apache.http.impl.conn.BasicHttpClientConnectionManager;
import com.yahoo.vespa.feeder.shaded.internal.apache.http.impl.conn.DefaultSchemePortResolver;
import com.yahoo.vespa.feeder.shaded.internal.apache.http.protocol.HttpContext;
import java.net.InetAddress;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLParameters;

/* loaded from: input_file:ai/vespa/util/http/VespaHttpClientBuilder.class */
public class VespaHttpClientBuilder {
    private static final Logger log = Logger.getLogger(VespaHttpClientBuilder.class.getName());

    /* loaded from: input_file:ai/vespa/util/http/VespaHttpClientBuilder$ConnectionManagerFactory.class */
    public interface ConnectionManagerFactory {
        HttpClientConnectionManager create(Registry<ConnectionSocketFactory> registry);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:ai/vespa/util/http/VespaHttpClientBuilder$HttpToHttpsRoutePlanner.class */
    public static class HttpToHttpsRoutePlanner implements HttpRoutePlanner {
        HttpToHttpsRoutePlanner() {
        }

        @Override // com.yahoo.vespa.feeder.shaded.internal.apache.http.conn.routing.HttpRoutePlanner
        public HttpRoute determineRoute(HttpHost httpHost, HttpRequest httpRequest, HttpContext httpContext) throws HttpException {
            InetAddress localAddress = HttpClientContext.adapt(httpContext).getRequestConfig().getLocalAddress();
            HttpHost resolveTarget = resolveTarget(httpHost);
            return new HttpRoute(resolveTarget, localAddress, resolveTarget.getSchemeName().equalsIgnoreCase("https"));
        }

        private HttpHost resolveTarget(HttpHost httpHost) throws HttpException {
            try {
                String schemeName = httpHost.getSchemeName();
                return new HttpHost(httpHost.getHostName(), DefaultSchemePortResolver.INSTANCE.resolve(httpHost), schemeName.equalsIgnoreCase(HttpHost.DEFAULT_SCHEME_NAME) ? "https" : schemeName);
            } catch (UnsupportedSchemeException e) {
                throw new HttpException(e.getMessage(), e);
            }
        }
    }

    private VespaHttpClientBuilder() {
    }

    public static HttpClientBuilder create() {
        return createBuilder(null);
    }

    public static HttpClientBuilder create(ConnectionManagerFactory connectionManagerFactory) {
        return createBuilder(connectionManagerFactory);
    }

    public static HttpClientBuilder createWithBasicConnectionManager() {
        return createBuilder((v1) -> {
            return new BasicHttpClientConnectionManager(v1);
        });
    }

    private static HttpClientBuilder createBuilder(ConnectionManagerFactory connectionManagerFactory) {
        HttpClientBuilder create = HttpClientBuilder.create();
        addSslSocketFactory(create, connectionManagerFactory);
        addHttpsRewritingRoutePlanner(create);
        return create;
    }

    private static void addSslSocketFactory(HttpClientBuilder httpClientBuilder, ConnectionManagerFactory connectionManagerFactory) {
        TransportSecurityUtils.createTlsContext().ifPresent(tlsContext -> {
            log.log(Level.FINE, "Adding ssl socket factory to client");
            SSLConnectionSocketFactory createSslSocketFactory = createSslSocketFactory(tlsContext);
            if (connectionManagerFactory != null) {
                httpClientBuilder.setConnectionManager(connectionManagerFactory.create(createRegistry(createSslSocketFactory)));
            } else {
                httpClientBuilder.setSSLSocketFactory(createSslSocketFactory);
            }
            httpClientBuilder.setUserTokenHandler(httpContext -> {
                return null;
            });
        });
    }

    private static void addHttpsRewritingRoutePlanner(HttpClientBuilder httpClientBuilder) {
        if (!TransportSecurityUtils.isTransportSecurityEnabled() || TransportSecurityUtils.getInsecureMixedMode() == MixedMode.PLAINTEXT_CLIENT_MIXED_SERVER) {
            return;
        }
        httpClientBuilder.setRoutePlanner(new HttpToHttpsRoutePlanner());
    }

    private static SSLConnectionSocketFactory createSslSocketFactory(TlsContext tlsContext) {
        SSLParameters parameters = tlsContext.parameters();
        return new SSLConnectionSocketFactory(tlsContext.context(), parameters.getProtocols(), parameters.getCipherSuites(), new NoopHostnameVerifier());
    }

    private static Registry<ConnectionSocketFactory> createRegistry(SSLConnectionSocketFactory sSLConnectionSocketFactory) {
        return RegistryBuilder.create().register("https", sSLConnectionSocketFactory).register(HttpHost.DEFAULT_SCHEME_NAME, PlainConnectionSocketFactory.getSocketFactory()).build();
    }
}
