package land.oras.utils;

import java.io.InputStream;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.net.CookieManager;
import java.net.CookiePolicy;
import java.net.Socket;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.charset.StandardCharsets;
import java.nio.file.Path;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedTrustManager;
import land.oras.ContainerRef;
import land.oras.auth.AuthProvider;
import land.oras.auth.NoAuthProvider;
import land.oras.exception.OrasException;
import org.jspecify.annotations.NullMarked;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@NullMarked
/* loaded from: input_file:WEB-INF/lib/oras-java-sdk-0.2.3.jar:land/oras/utils/OrasHttpClient.class */
public final class OrasHttpClient {
    private static final Logger LOG = LoggerFactory.getLogger(OrasHttpClient.class);
    private final HttpClient.Builder builder = HttpClient.newBuilder();
    private HttpClient client;
    private AuthProvider authProvider;
    private boolean skipTlsVerify;
    private Integer timeout;

    /* loaded from: input_file:WEB-INF/lib/oras-java-sdk-0.2.3.jar:land/oras/utils/OrasHttpClient$Builder.class */
    public static class Builder {
        private final OrasHttpClient client = new OrasHttpClient();

        private Builder() {
        }

        public Builder withTimeout(Integer num) {
            this.client.setTimeout(num);
            return this;
        }

        public Builder withAuthentication(AuthProvider authProvider) {
            this.client.setAuthentication(authProvider);
            return this;
        }

        public Builder withSkipTlsVerify(boolean z) {
            this.client.setTlsVerify(z);
            return this;
        }

        public static Builder builder() {
            return new Builder();
        }

        public OrasHttpClient build() {
            return this.client.build();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/oras-java-sdk-0.2.3.jar:land/oras/utils/OrasHttpClient$InsecureTrustManager.class */
    public static class InsecureTrustManager extends X509ExtendedTrustManager {
        private InsecureTrustManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) {
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) {
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) {
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) {
        }
    }

    /* loaded from: input_file:WEB-INF/lib/oras-java-sdk-0.2.3.jar:land/oras/utils/OrasHttpClient$ResponseWrapper.class */
    public static final class ResponseWrapper<T> extends Record {
        private final T response;
        private final int statusCode;
        private final Map<String, String> headers;

        public ResponseWrapper(T t, int i, Map<String, String> map) {
            this.response = t;
            this.statusCode = i;
            this.headers = map;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, ResponseWrapper.class), ResponseWrapper.class, "response;statusCode;headers", "FIELD:Lland/oras/utils/OrasHttpClient$ResponseWrapper;->response:Ljava/lang/Object;", "FIELD:Lland/oras/utils/OrasHttpClient$ResponseWrapper;->statusCode:I", "FIELD:Lland/oras/utils/OrasHttpClient$ResponseWrapper;->headers:Ljava/util/Map;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, ResponseWrapper.class), ResponseWrapper.class, "response;statusCode;headers", "FIELD:Lland/oras/utils/OrasHttpClient$ResponseWrapper;->response:Ljava/lang/Object;", "FIELD:Lland/oras/utils/OrasHttpClient$ResponseWrapper;->statusCode:I", "FIELD:Lland/oras/utils/OrasHttpClient$ResponseWrapper;->headers:Ljava/util/Map;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, ResponseWrapper.class, Object.class), ResponseWrapper.class, "response;statusCode;headers", "FIELD:Lland/oras/utils/OrasHttpClient$ResponseWrapper;->response:Ljava/lang/Object;", "FIELD:Lland/oras/utils/OrasHttpClient$ResponseWrapper;->statusCode:I", "FIELD:Lland/oras/utils/OrasHttpClient$ResponseWrapper;->headers:Ljava/util/Map;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public T response() {
            return this.response;
        }

        public int statusCode() {
            return this.statusCode;
        }

        public Map<String, String> headers() {
            return this.headers;
        }
    }

    private OrasHttpClient() {
        this.builder.followRedirects(HttpClient.Redirect.NEVER);
        this.skipTlsVerify = false;
        this.builder.cookieHandler(new CookieManager(null, CookiePolicy.ACCEPT_NONE));
        this.authProvider = new NoAuthProvider();
        setTimeout(60);
    }

    private void setTimeout(Integer num) {
        if (num != null) {
            this.timeout = num;
            this.builder.connectTimeout(Duration.ofSeconds(num.intValue()));
        }
    }

    private void setAuthentication(AuthProvider authProvider) {
        if (authProvider == null) {
            this.authProvider = new NoAuthProvider();
        }
        this.authProvider = authProvider;
    }

    public void updateAuthentication(AuthProvider authProvider) {
        setAuthentication(authProvider);
    }

    private void setTlsVerify(boolean z) {
        this.skipTlsVerify = z;
        if (z) {
            try {
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(null, new TrustManager[]{new InsecureTrustManager()}, new SecureRandom());
                this.builder.sslContext(sSLContext);
            } catch (Exception e) {
                throw new OrasException("Unable to skip TLS verification", e);
            }
        }
    }

    public OrasHttpClient build() {
        this.client = this.builder.build();
        return this;
    }

    public ResponseWrapper<String> get(URI uri, Map<String, String> map) {
        return executeRequest("GET", uri, map, new byte[0], HttpResponse.BodyHandlers.ofString(), HttpRequest.BodyPublishers.noBody());
    }

    public ResponseWrapper<Path> download(URI uri, Map<String, String> map, Path path) {
        return executeRequest("GET", uri, map, new byte[0], HttpResponse.BodyHandlers.ofFile(path), HttpRequest.BodyPublishers.noBody());
    }

    public ResponseWrapper<InputStream> download(URI uri, Map<String, String> map) {
        return executeRequest("GET", uri, map, new byte[0], HttpResponse.BodyHandlers.ofInputStream(), HttpRequest.BodyPublishers.noBody());
    }

    public ResponseWrapper<String> upload(String str, URI uri, Map<String, String> map, Path path) {
        try {
            return executeRequest(str, uri, map, new byte[0], HttpResponse.BodyHandlers.ofString(), HttpRequest.BodyPublishers.ofFile(path));
        } catch (Exception e) {
            throw new OrasException("Unable to upload file", e);
        }
    }

    public ResponseWrapper<String> head(URI uri, Map<String, String> map) {
        return executeRequest("HEAD", uri, map, new byte[0], HttpResponse.BodyHandlers.ofString(), HttpRequest.BodyPublishers.noBody());
    }

    public ResponseWrapper<String> delete(URI uri, Map<String, String> map) {
        return executeRequest("DELETE", uri, map, new byte[0], HttpResponse.BodyHandlers.ofString(), HttpRequest.BodyPublishers.noBody());
    }

    public ResponseWrapper<String> post(URI uri, byte[] bArr, Map<String, String> map) {
        return executeRequest("POST", uri, map, bArr, HttpResponse.BodyHandlers.ofString(), HttpRequest.BodyPublishers.ofByteArray(bArr));
    }

    public ResponseWrapper<String> patch(URI uri, byte[] bArr, Map<String, String> map) {
        return executeRequest("PATCH", uri, map, bArr, HttpResponse.BodyHandlers.ofString(), HttpRequest.BodyPublishers.ofByteArray(bArr));
    }

    public ResponseWrapper<String> put(URI uri, byte[] bArr, Map<String, String> map) {
        return executeRequest("PUT", uri, map, bArr, HttpResponse.BodyHandlers.ofString(), HttpRequest.BodyPublishers.ofByteArray(bArr));
    }

    public ResponseWrapper<String> uploadStream(String str, URI uri, InputStream inputStream, long j, Map<String, String> map) {
        try {
            HttpRequest.Builder method = HttpRequest.newBuilder().uri(uri).method(str, HttpRequest.BodyPublishers.ofInputStream(() -> {
                return inputStream;
            }));
            Objects.requireNonNull(method);
            map.forEach(method::header);
            ContainerRef fromUrl = ContainerRef.fromUrl(uri.toASCIIString());
            if (this.authProvider.getAuthHeader(fromUrl) != null) {
                method = method.header(Const.AUTHORIZATION_HEADER, this.authProvider.getAuthHeader(fromUrl));
            }
            return toResponseWrapper(this.client.send(method.build(), HttpResponse.BodyHandlers.ofString()));
        } catch (Exception e) {
            throw new OrasException("Failed to upload stream", e);
        }
    }

    private <T> ResponseWrapper<T> executeRequest(String str, URI uri, Map<String, String> map, byte[] bArr, HttpResponse.BodyHandler<T> bodyHandler, HttpRequest.BodyPublisher bodyPublisher) {
        try {
            HttpRequest.Builder method = HttpRequest.newBuilder().uri(uri).method(str, bodyPublisher);
            ContainerRef fromUrl = ContainerRef.fromUrl(uri.toASCIIString());
            if (this.authProvider.getAuthHeader(fromUrl) != null) {
                method = method.header(Const.AUTHORIZATION_HEADER, this.authProvider.getAuthHeader(fromUrl));
            }
            HttpRequest.Builder builder = method;
            Objects.requireNonNull(builder);
            map.forEach(builder::header);
            HttpRequest build = method.header(Const.USER_AGENT_HEADER, Const.USER_AGENT_VALUE).build();
            logRequest(build, bArr);
            HttpResponse<T> send = this.client.send(build, bodyHandler);
            if (send.statusCode() != 301 && send.statusCode() != 302 && send.statusCode() != 307) {
                return toResponseWrapper(send);
            }
            LOG.debug("Redirecting to {}", send.headers().firstValue(Const.LOCATION_HEADER).orElseThrow());
            HttpRequest build2 = HttpRequest.newBuilder().uri(new URI((String) send.headers().firstValue(Const.LOCATION_HEADER).orElseThrow())).method(str, bodyPublisher).build();
            logRequest(build2, bArr);
            return toResponseWrapper(this.client.send(build2, bodyHandler));
        } catch (Exception e) {
            LOG.error("Failed to execute request", e);
            throw new OrasException("Unable to create HTTP request", e);
        }
    }

    private <T> ResponseWrapper<T> toResponseWrapper(HttpResponse<T> httpResponse) {
        return new ResponseWrapper<>(httpResponse.body(), httpResponse.statusCode(), (Map) httpResponse.headers().map().entrySet().stream().collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, entry -> {
            return (String) ((List) entry.getValue()).get(0);
        })));
    }

    private void logRequest(HttpRequest httpRequest, byte[] bArr) {
        LOG.debug("Executing {} request to {}", httpRequest.method(), httpRequest.uri());
        LOG.debug("Headers: {}", httpRequest.headers().map().entrySet().stream().collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, entry -> {
            return Const.AUTHORIZATION_HEADER.equalsIgnoreCase((String) entry.getKey()) ? List.of("<redacted>") : (List) entry.getValue();
        })));
        if (LOG.isTraceEnabled()) {
            LOG.trace("Body: {}", new String(bArr, StandardCharsets.UTF_8));
        }
    }
}
