package com.stackrox.jenkins.plugins.services;

import com.google.common.base.Strings;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.stackrox.invoker.ApiClient;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.util.concurrent.ExecutionException;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.OkHttpClient;

/* loaded from: input_file:com/stackrox/jenkins/plugins/services/ApiClientFactory.class */
public class ApiClientFactory {
    private static final int MAXIMUM_CACHE_SIZE = 5;
    private static final Duration TIMEOUT = Duration.ofSeconds(30);
    private static final LoadingCache<CacheKey, OkHttpClient> CLIENT_CACHE = CacheBuilder.newBuilder().maximumSize(5).build(new CacheLoader<CacheKey, OkHttpClient>() { // from class: com.stackrox.jenkins.plugins.services.ApiClientFactory.1
        public OkHttpClient load(@Nonnull CacheKey cacheKey) throws IOException {
            return ApiClientFactory.newHttpClient(cacheKey.caCert, cacheKey.tlsValidationMode);
        }
    });

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/stackrox/jenkins/plugins/services/ApiClientFactory$CacheKey.class */
    public static class CacheKey {
        private final String caCert;
        private final StackRoxTlsValidationMode tlsValidationMode;

        public CacheKey(String str, StackRoxTlsValidationMode stackRoxTlsValidationMode) {
            this.caCert = str;
            this.tlsValidationMode = stackRoxTlsValidationMode;
        }

        public String getCaCert() {
            return this.caCert;
        }

        public StackRoxTlsValidationMode getTlsValidationMode() {
            return this.tlsValidationMode;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof CacheKey)) {
                return false;
            }
            CacheKey cacheKey = (CacheKey) obj;
            if (!cacheKey.canEqual(this)) {
                return false;
            }
            String caCert = getCaCert();
            String caCert2 = cacheKey.getCaCert();
            if (caCert == null) {
                if (caCert2 != null) {
                    return false;
                }
            } else if (!caCert.equals(caCert2)) {
                return false;
            }
            StackRoxTlsValidationMode tlsValidationMode = getTlsValidationMode();
            StackRoxTlsValidationMode tlsValidationMode2 = cacheKey.getTlsValidationMode();
            return tlsValidationMode == null ? tlsValidationMode2 == null : tlsValidationMode.equals(tlsValidationMode2);
        }

        protected boolean canEqual(Object obj) {
            return obj instanceof CacheKey;
        }

        public int hashCode() {
            String caCert = getCaCert();
            int hashCode = (1 * 59) + (caCert == null ? 43 : caCert.hashCode());
            StackRoxTlsValidationMode tlsValidationMode = getTlsValidationMode();
            return (hashCode * 59) + (tlsValidationMode == null ? 43 : tlsValidationMode.hashCode());
        }

        public String toString() {
            return "ApiClientFactory.CacheKey(caCert=" + getCaCert() + ", tlsValidationMode=" + getTlsValidationMode() + ")";
        }
    }

    /* loaded from: input_file:com/stackrox/jenkins/plugins/services/ApiClientFactory$StackRoxTlsValidationMode.class */
    public enum StackRoxTlsValidationMode {
        VALIDATE,
        INSECURE_ACCEPT_ANY
    }

    public static ApiClient newApiClient(String str, String str2, @Nullable String str3, StackRoxTlsValidationMode stackRoxTlsValidationMode) throws IOException {
        ApiClient apiClient = new ApiClient(getClient(stackRoxTlsValidationMode, str3));
        apiClient.setBearerToken(str2);
        apiClient.setBasePath(str);
        return apiClient;
    }

    @Nonnull
    static OkHttpClient getClient(StackRoxTlsValidationMode stackRoxTlsValidationMode, @Nullable String str) throws IOException {
        try {
            return (OkHttpClient) CLIENT_CACHE.get(new CacheKey(str, stackRoxTlsValidationMode));
        } catch (ExecutionException e) {
            throw new IOException("Could not get HTTP client from cache", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    @Nonnull
    public static OkHttpClient newHttpClient(@Nullable String str, StackRoxTlsValidationMode stackRoxTlsValidationMode) throws IOException {
        try {
            OkHttpClient.Builder unsafeBuilder = stackRoxTlsValidationMode == StackRoxTlsValidationMode.INSECURE_ACCEPT_ANY ? getUnsafeBuilder() : Strings.isNullOrEmpty(str) ? new OkHttpClient().newBuilder() : getSecureBuilder(str);
            unsafeBuilder.retryOnConnectionFailure(true);
            unsafeBuilder.connectTimeout(TIMEOUT);
            unsafeBuilder.readTimeout(TIMEOUT);
            unsafeBuilder.writeTimeout(TIMEOUT);
            return unsafeBuilder.build();
        } catch (Exception e) {
            throw new IOException("Could not load certificate", e);
        }
    }

    private static OkHttpClient.Builder getUnsafeBuilder() throws KeyManagementException, NoSuchAlgorithmException {
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: com.stackrox.jenkins.plugins.services.ApiClientFactory.2
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        }};
        SSLSocketFactory socketFactory = getSslContext(trustManagerArr).getSocketFactory();
        OkHttpClient.Builder builder = new OkHttpClient.Builder();
        builder.sslSocketFactory(socketFactory, (X509TrustManager) trustManagerArr[0]);
        builder.hostnameVerifier((str, sSLSession) -> {
            return true;
        });
        return builder;
    }

    private static OkHttpClient.Builder getSecureBuilder(@Nonnull String str) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("pkcs12");
        keyStore.load(null, "".toCharArray());
        keyStore.setCertificateEntry("ca.crt", (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8))));
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        return new OkHttpClient.Builder().sslSocketFactory(getSslContext(trustManagers).getSocketFactory(), (X509TrustManager) trustManagers[0]);
    }

    @Nonnull
    private static SSLContext getSslContext(TrustManager[] trustManagerArr) throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, trustManagerArr, null);
        return sSLContext;
    }
}
