package de.stklcode.jvault.connector.internal;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature;
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
import de.stklcode.jvault.connector.exception.ConnectionException;
import de.stklcode.jvault.connector.exception.InvalidRequestException;
import de.stklcode.jvault.connector.exception.InvalidResponseException;
import de.stklcode.jvault.connector.exception.PermissionDeniedException;
import de.stklcode.jvault.connector.exception.TlsException;
import de.stklcode.jvault.connector.exception.VaultConnectorException;
import de.stklcode.jvault.connector.model.response.ErrorResponse;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.Serializable;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLEncoder;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.charset.StandardCharsets;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.util.Map;
import java.util.concurrent.CompletionException;
import java.util.stream.Collectors;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:de/stklcode/jvault/connector/internal/RequestHelper.class */
public final class RequestHelper implements Serializable {
    private static final String HEADER_VAULT_TOKEN = "X-Vault-Token";
    private final String baseURL;
    private final Integer timeout;
    private final int retries;
    private final String tlsVersion;
    private final X509Certificate trustedCaCert;
    private final ObjectMapper jsonMapper;

    public RequestHelper(String str, int i, Integer num, String str2, X509Certificate x509Certificate) {
        this.baseURL = str + (str.endsWith("/") ? "" : "/");
        this.retries = i;
        this.timeout = num;
        this.tlsVersion = str2;
        this.trustedCaCert = x509Certificate;
        this.jsonMapper = new ObjectMapper().registerModule(new JavaTimeModule()).enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS).disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE);
    }

    public String post(String str, Object obj, String str2) throws VaultConnectorException {
        HttpRequest.Builder newBuilder = HttpRequest.newBuilder(URI.create(this.baseURL + str));
        try {
            newBuilder.POST(HttpRequest.BodyPublishers.ofString(this.jsonMapper.writeValueAsString(obj), StandardCharsets.UTF_8));
            newBuilder.setHeader("Content-Type", "application/json; charset=utf-8");
            if (str2 != null) {
                newBuilder.setHeader(HEADER_VAULT_TOKEN, str2);
            }
            return request(newBuilder, this.retries);
        } catch (JsonProcessingException e) {
            throw new InvalidRequestException("Unable to parse response", e);
        }
    }

    public <T> T post(String str, Object obj, String str2, Class<T> cls) throws VaultConnectorException {
        try {
            return (T) this.jsonMapper.readValue(post(str, obj, str2), cls);
        } catch (IOException e) {
            throw new InvalidResponseException("Unable to parse response", e);
        }
    }

    public void postWithoutResponse(String str, Object obj, String str2) throws VaultConnectorException {
        if (!post(str, obj, str2).isEmpty()) {
            throw new InvalidResponseException("Received response where none was expected");
        }
    }

    public String put(String str, Map<String, String> map, String str2) throws VaultConnectorException {
        HttpRequest.Builder newBuilder = HttpRequest.newBuilder(URI.create(this.baseURL + str));
        try {
            newBuilder.PUT(HttpRequest.BodyPublishers.ofString(this.jsonMapper.writeValueAsString(map), StandardCharsets.UTF_8));
            newBuilder.setHeader("Content-Type", "application/json; charset=utf-8");
            if (str2 != null) {
                newBuilder.setHeader(HEADER_VAULT_TOKEN, str2);
            }
            return request(newBuilder, this.retries);
        } catch (JsonProcessingException e) {
            throw new InvalidRequestException("Payload serialization failed", e);
        }
    }

    public <T> T put(String str, Map<String, String> map, String str2, Class<T> cls) throws VaultConnectorException {
        try {
            return (T) this.jsonMapper.readValue(put(str, map, str2), cls);
        } catch (IOException e) {
            throw new InvalidResponseException("Unable to parse response", e);
        }
    }

    public void putWithoutResponse(String str, Map<String, String> map, String str2) throws VaultConnectorException {
        if (!put(str, map, str2).isEmpty()) {
            throw new InvalidResponseException("Received response where none was expected");
        }
    }

    public String delete(String str, String str2) throws VaultConnectorException {
        HttpRequest.Builder DELETE = HttpRequest.newBuilder(URI.create(this.baseURL + str)).DELETE();
        if (str2 != null) {
            DELETE.setHeader(HEADER_VAULT_TOKEN, str2);
        }
        return request(DELETE, this.retries);
    }

    public void deleteWithoutResponse(String str, String str2) throws VaultConnectorException {
        if (!delete(str, str2).isEmpty()) {
            throw new InvalidResponseException("Received response where none was expected");
        }
    }

    public String get(String str, Map<String, String> map, String str2) throws VaultConnectorException {
        StringBuilder sb = new StringBuilder(this.baseURL + str);
        if (!map.isEmpty()) {
            sb.append("?").append((String) map.entrySet().stream().map(entry -> {
                return URLEncoder.encode((String) entry.getKey(), StandardCharsets.UTF_8) + "=" + URLEncoder.encode((String) entry.getValue(), StandardCharsets.UTF_8);
            }).collect(Collectors.joining("&")));
        }
        try {
            HttpRequest.Builder newBuilder = HttpRequest.newBuilder(new URI(sb.toString()));
            if (str2 != null) {
                newBuilder.setHeader(HEADER_VAULT_TOKEN, str2);
            }
            return request(newBuilder, this.retries);
        } catch (URISyntaxException e) {
            throw new InvalidRequestException("Invalid URI format");
        }
    }

    public <T> T get(String str, Map<String, String> map, String str2, Class<T> cls) throws VaultConnectorException {
        try {
            return (T) this.jsonMapper.readValue(get(str, map, str2), cls);
        } catch (IOException e) {
            throw new InvalidResponseException("Unable to parse response", e);
        }
    }

    private String request(HttpRequest.Builder builder, int i) throws VaultConnectorException {
        builder.setHeader("accept", "application/json");
        HttpClient.Builder newBuilder = HttpClient.newBuilder();
        if (this.timeout != null) {
            newBuilder.connectTimeout(Duration.ofMillis(this.timeout.intValue()));
        }
        newBuilder.sslContext(createSSLContext());
        HttpClient build = newBuilder.build();
        try {
            try {
                HttpResponse<InputStream> httpResponse = (HttpResponse) build.sendAsync(builder.build(), HttpResponse.BodyHandlers.ofInputStream()).join();
                if (httpResponse == null) {
                    throw new InvalidResponseException("Response unavailable");
                }
                switch (httpResponse.statusCode()) {
                    case 200:
                        String handleResult = handleResult(httpResponse);
                        if (build instanceof AutoCloseable) {
                            try {
                                build.close();
                            } catch (Exception e) {
                            }
                        }
                        return handleResult;
                    case 204:
                        return "";
                    case 403:
                        throw new PermissionDeniedException();
                    default:
                        if (httpResponse.statusCode() < 500 || httpResponse.statusCode() >= 600 || i <= 0) {
                            handleError(httpResponse);
                            throw new InvalidResponseException("Invalid response code", Integer.valueOf(httpResponse.statusCode()));
                        }
                        String request = request(builder, i - 1);
                        if (build instanceof AutoCloseable) {
                            try {
                                build.close();
                            } catch (Exception e2) {
                            }
                        }
                        return request;
                }
            } catch (CompletionException e3) {
                throw new ConnectionException("Unable to connect to Vault server", e3.getCause());
            }
        } finally {
            if (build instanceof AutoCloseable) {
                try {
                    build.close();
                } catch (Exception e4) {
                }
            }
        }
    }

    private SSLContext createSSLContext() throws TlsException {
        try {
            SSLContext sSLContext = SSLContext.getInstance(this.tlsVersion);
            if (this.trustedCaCert != null) {
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, null);
                keyStore.setCertificateEntry("trustedCert", this.trustedCaCert);
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
            } else {
                sSLContext.init(null, null, null);
            }
            return sSLContext;
        } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new TlsException("Unable to initialize SSLContext", e);
        }
    }

    private String handleResult(HttpResponse<InputStream> httpResponse) throws InvalidResponseException {
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader((InputStream) httpResponse.body(), StandardCharsets.UTF_8));
            try {
                String str = (String) bufferedReader.lines().collect(Collectors.joining("\n"));
                bufferedReader.close();
                return str;
            } finally {
            }
        } catch (IOException e) {
            throw new InvalidResponseException("Unable to read response", (Integer) 200);
        }
    }

    private void handleError(HttpResponse<InputStream> httpResponse) throws VaultConnectorException {
        if (httpResponse.body() != null) {
            try {
                try {
                    ErrorResponse errorResponse = (ErrorResponse) this.jsonMapper.readValue((String) new BufferedReader(new InputStreamReader((InputStream) httpResponse.body(), StandardCharsets.UTF_8)).lines().collect(Collectors.joining("\n")), ErrorResponse.class);
                    if (!errorResponse.getErrors().isEmpty() && errorResponse.getErrors().get(0).equals("permission denied")) {
                        throw new PermissionDeniedException();
                    }
                    throw new InvalidResponseException("Invalid response code", Integer.valueOf(httpResponse.statusCode()), errorResponse.toString());
                } finally {
                }
            } catch (IOException e) {
            }
        }
    }
}
