package ru.yandex.clickhouse.util;

import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.http.Header;
import org.apache.http.HttpResponse;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.config.ConnectionConfig;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.ConnectionKeepAliveStrategy;
import org.apache.http.conn.HttpConnectionFactory;
import org.apache.http.conn.SchemePortResolver;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.message.BasicHeader;
import org.apache.http.message.BasicHeaderElementIterator;
import org.apache.http.protocol.HttpContext;
import ru.yandex.clickhouse.settings.ClickHouseProperties;
import ru.yandex.clickhouse.util.guava.StreamUtils;
import ru.yandex.clickhouse.util.ssl.NonValidatingTrustManager;

/* loaded from: input_file:ru/yandex/clickhouse/util/ClickHouseHttpClientBuilder.class */
public class ClickHouseHttpClientBuilder {
    private final ClickHouseProperties properties;

    public ClickHouseHttpClientBuilder(ClickHouseProperties clickHouseProperties) {
        this.properties = clickHouseProperties;
    }

    public CloseableHttpClient buildClient() throws Exception {
        return HttpClientBuilder.create().setConnectionManager(getConnectionManager()).setKeepAliveStrategy(createKeepAliveStrategy()).setDefaultConnectionConfig(getConnectionConfig()).setDefaultRequestConfig(getRequestConfig()).setDefaultHeaders(getDefaultHeaders()).disableContentCompression().disableRedirectHandling().build();
    }

    private PoolingHttpClientConnectionManager getConnectionManager() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException {
        RegistryBuilder register = RegistryBuilder.create().register("http", PlainConnectionSocketFactory.getSocketFactory());
        if (this.properties.getSsl()) {
            register.register("https", new SSLConnectionSocketFactory(getSSLContext(), "strict".equals(this.properties.getSslMode()) ? SSLConnectionSocketFactory.getDefaultHostnameVerifier() : NoopHostnameVerifier.INSTANCE));
        }
        PoolingHttpClientConnectionManager poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager(register.build(), (HttpConnectionFactory) null, (SchemePortResolver) null, new IpVersionPriorityResolver(), this.properties.getTimeToLiveMillis(), TimeUnit.MILLISECONDS);
        poolingHttpClientConnectionManager.setDefaultMaxPerRoute(this.properties.getDefaultMaxPerRoute());
        poolingHttpClientConnectionManager.setMaxTotal(this.properties.getMaxTotal());
        poolingHttpClientConnectionManager.setDefaultConnectionConfig(getConnectionConfig());
        return poolingHttpClientConnectionManager;
    }

    private ConnectionConfig getConnectionConfig() {
        return ConnectionConfig.custom().setBufferSize(this.properties.getApacheBufferSize()).build();
    }

    private RequestConfig getRequestConfig() {
        return RequestConfig.custom().setSocketTimeout(this.properties.getSocketTimeout()).setConnectTimeout(this.properties.getConnectionTimeout()).build();
    }

    private Collection<Header> getDefaultHeaders() {
        ArrayList arrayList = new ArrayList();
        if (this.properties.getHttpAuthorization() != null) {
            arrayList.add(new BasicHeader("Authorization", this.properties.getHttpAuthorization()));
        }
        return arrayList;
    }

    private ConnectionKeepAliveStrategy createKeepAliveStrategy() {
        return new ConnectionKeepAliveStrategy() { // from class: ru.yandex.clickhouse.util.ClickHouseHttpClientBuilder.1
            @Override // org.apache.http.conn.ConnectionKeepAliveStrategy
            public long getKeepAliveDuration(HttpResponse httpResponse, HttpContext httpContext) {
                if (httpResponse.getStatusLine().getStatusCode() != 200) {
                    return -1L;
                }
                BasicHeaderElementIterator basicHeaderElementIterator = new BasicHeaderElementIterator(httpResponse.headerIterator("Connection"));
                while (basicHeaderElementIterator.hasNext()) {
                    String name = basicHeaderElementIterator.nextElement().getName();
                    if (name != null && name.equalsIgnoreCase("Keep-Alive")) {
                        return ClickHouseHttpClientBuilder.this.properties.getKeepAliveTimeout();
                    }
                }
                return -1L;
            }
        };
    }

    private SSLContext getSSLContext() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, KeyManagementException {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        TrustManager[] trustManagerArr = null;
        KeyManager[] keyManagerArr = null;
        SecureRandom secureRandom = null;
        if (this.properties.getSslMode().equals("none")) {
            trustManagerArr = new TrustManager[]{new NonValidatingTrustManager()};
            keyManagerArr = new KeyManager[0];
            secureRandom = new SecureRandom();
        } else {
            if (!this.properties.getSslMode().equals("strict")) {
                throw new IllegalArgumentException("unknown ssl mode '" + this.properties.getSslMode() + "'");
            }
            if (!this.properties.getSslRootCertificate().isEmpty()) {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(getKeyStore());
                trustManagerArr = trustManagerFactory.getTrustManagers();
                keyManagerArr = new KeyManager[0];
                secureRandom = new SecureRandom();
            }
        }
        sSLContext.init(keyManagerArr, trustManagerArr, secureRandom);
        return sSLContext;
    }

    private KeyStore getKeyStore() throws NoSuchAlgorithmException, IOException, CertificateException, KeyStoreException {
        InputStream resourceAsStream;
        try {
            KeyStore keyStore = KeyStore.getInstance("jks");
            keyStore.load(null, null);
            try {
                resourceAsStream = new FileInputStream(this.properties.getSslRootCertificate());
            } catch (FileNotFoundException e) {
                resourceAsStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(this.properties.getSslRootCertificate());
                if (resourceAsStream == null) {
                    throw new IOException("Could not open SSL/TLS root certificate file '" + this.properties.getSslRootCertificate() + "'", e);
                }
            }
            Iterator<? extends Certificate> it = CertificateFactory.getInstance("X.509").generateCertificates(resourceAsStream).iterator();
            StreamUtils.close(resourceAsStream);
            int i = 0;
            while (it.hasNext()) {
                keyStore.setCertificateEntry("cert" + i, it.next());
                i++;
            }
            return keyStore;
        } catch (KeyStoreException e2) {
            throw new NoSuchAlgorithmException("jks KeyStore not available");
        }
    }
}
