package org.springframework.cloud.openfeign.clientconfig;

import jakarta.annotation.PreDestroy;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hc.client5.http.config.RequestConfig;
import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
import org.apache.hc.client5.http.impl.classic.HttpClients;
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
import org.apache.hc.client5.http.io.HttpClientConnectionManager;
import org.apache.hc.client5.http.socket.LayeredConnectionSocketFactory;
import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder;
import org.apache.hc.core5.http.io.SocketConfig;
import org.apache.hc.core5.http.ssl.TLS;
import org.apache.hc.core5.io.CloseMode;
import org.apache.hc.core5.pool.PoolConcurrencyPolicy;
import org.apache.hc.core5.pool.PoolReusePolicy;
import org.apache.hc.core5.ssl.SSLContexts;
import org.apache.hc.core5.util.TimeValue;
import org.apache.hc.core5.util.Timeout;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.cloud.openfeign.support.FeignHttpClientProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@ConditionalOnMissingBean({CloseableHttpClient.class})
@Configuration(proxyBeanMethods = false)
/* loaded from: input_file:BOOT-INF/lib/spring-cloud-openfeign-core-4.2.0.jar:org/springframework/cloud/openfeign/clientconfig/HttpClient5FeignConfiguration.class */
public class HttpClient5FeignConfiguration {
    private static final Log LOG = LogFactory.getLog(HttpClient5FeignConfiguration.class);
    private CloseableHttpClient httpClient5;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/lib/spring-cloud-openfeign-core-4.2.0.jar:org/springframework/cloud/openfeign/clientconfig/HttpClient5FeignConfiguration$DisabledValidationTrustManager.class */
    public static class DisabledValidationTrustManager implements X509TrustManager {
        DisabledValidationTrustManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-cloud-openfeign-core-4.2.0.jar:org/springframework/cloud/openfeign/clientconfig/HttpClient5FeignConfiguration$HttpClientBuilderCustomizer.class */
    public interface HttpClientBuilderCustomizer {
        void customize(HttpClientBuilder httpClientBuilder);
    }

    @ConditionalOnMissingBean({HttpClientConnectionManager.class})
    @Bean
    public HttpClientConnectionManager hc5ConnectionManager(FeignHttpClientProperties feignHttpClientProperties) {
        return PoolingHttpClientConnectionManagerBuilder.create().setSSLSocketFactory(httpsSSLConnectionSocketFactory(feignHttpClientProperties.isDisableSslValidation())).setMaxConnTotal(feignHttpClientProperties.getMaxConnections()).setMaxConnPerRoute(feignHttpClientProperties.getMaxConnectionsPerRoute()).setConnPoolPolicy(PoolReusePolicy.valueOf(feignHttpClientProperties.getHc5().getPoolReusePolicy().name())).setPoolConcurrencyPolicy(PoolConcurrencyPolicy.valueOf(feignHttpClientProperties.getHc5().getPoolConcurrencyPolicy().name())).setConnectionTimeToLive(TimeValue.of(feignHttpClientProperties.getTimeToLive(), feignHttpClientProperties.getTimeToLiveUnit())).setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(Timeout.of(feignHttpClientProperties.getHc5().getSocketTimeout(), feignHttpClientProperties.getHc5().getSocketTimeoutUnit())).build()).build();
    }

    @Bean
    public CloseableHttpClient httpClient5(HttpClientConnectionManager httpClientConnectionManager, FeignHttpClientProperties feignHttpClientProperties, ObjectProvider<List<HttpClientBuilderCustomizer>> objectProvider) {
        HttpClientBuilder defaultRequestConfig = HttpClients.custom().disableCookieManagement().useSystemProperties().setConnectionManager(httpClientConnectionManager).evictExpiredConnections().setDefaultRequestConfig(RequestConfig.custom().setConnectTimeout(Timeout.of(feignHttpClientProperties.getConnectionTimeout(), TimeUnit.MILLISECONDS)).setRedirectsEnabled(feignHttpClientProperties.isFollowRedirects()).setConnectionRequestTimeout(Timeout.of(feignHttpClientProperties.getHc5().getConnectionRequestTimeout(), feignHttpClientProperties.getHc5().getConnectionRequestTimeoutUnit())).build());
        objectProvider.getIfAvailable(List::of).forEach(httpClientBuilderCustomizer -> {
            httpClientBuilderCustomizer.customize(defaultRequestConfig);
        });
        this.httpClient5 = defaultRequestConfig.build();
        return this.httpClient5;
    }

    @PreDestroy
    public void destroy() {
        if (this.httpClient5 != null) {
            this.httpClient5.close(CloseMode.GRACEFUL);
        }
    }

    private LayeredConnectionSocketFactory httpsSSLConnectionSocketFactory(boolean z) {
        SSLConnectionSocketFactoryBuilder tlsVersions = SSLConnectionSocketFactoryBuilder.create().setTlsVersions(TLS.V_1_3, TLS.V_1_2);
        if (z) {
            try {
                SSLContext sSLContext = SSLContext.getInstance("SSL");
                sSLContext.init(null, new TrustManager[]{new DisabledValidationTrustManager()}, new SecureRandom());
                tlsVersions.setSslContext(sSLContext);
                tlsVersions.setHostnameVerifier(NoopHostnameVerifier.INSTANCE);
            } catch (KeyManagementException | NoSuchAlgorithmException e) {
                LOG.warn("Error creating SSLContext", e);
            }
        } else {
            tlsVersions.setSslContext(SSLContexts.createSystemDefault());
        }
        return tlsVersions.build();
    }
}
