package org.jenkinsci.plugins.oic;

import com.nimbusds.jose.util.DefaultResourceRetriever;
import hudson.ProxyConfiguration;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.List;
import java.util.Map;
import javax.net.ssl.HttpsURLConnection;
import jenkins.security.FIPS140;
import jenkins.util.SystemProperties;
import org.jenkinsci.plugins.oic.ssl.IgnoringHostNameVerifier;
import org.jenkinsci.plugins.oic.ssl.TLSUtils;

/* loaded from: input_file:org/jenkinsci/plugins/oic/ProxyAwareResourceRetriever.class */
class ProxyAwareResourceRetriever extends DefaultResourceRetriever {
    private static final int CONNECTION_TIMEOUT_MS = SystemProperties.getInteger("OIC_CONNECTION_TIMEOUT_MS", 2000).intValue();
    private static final int READ_TIMEOUT_MS = SystemProperties.getInteger("OIC_CONNECTION_READ_TIMEOUT_MS", 5000).intValue();
    private static final int SIZE_LIMIT = SystemProperties.getInteger("OIC_CONNECTION_SIZE_LIMIT", 0).intValue();
    private final boolean disableTLSValidation;

    private ProxyAwareResourceRetriever(boolean z) throws KeyManagementException, NoSuchAlgorithmException {
        super(CONNECTION_TIMEOUT_MS, READ_TIMEOUT_MS, SIZE_LIMIT, true, z ? TLSUtils.createAnythingGoesSSLSocketFactory() : null);
        this.disableTLSValidation = z;
        setHeaders(Map.of("Accept", List.of("application/json")));
    }

    protected HttpURLConnection openHTTPConnection(URL url) throws IOException {
        HttpURLConnection httpURLConnection = (HttpURLConnection) ProxyConfiguration.open(url);
        if (this.disableTLSValidation && (httpURLConnection instanceof HttpsURLConnection)) {
            ((HttpsURLConnection) httpURLConnection).setHostnameVerifier(IgnoringHostNameVerifier.INSTANCE);
        }
        return httpURLConnection;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ProxyAwareResourceRetriever createProxyAwareResourceRetriver(boolean z) {
        if (FIPS140.useCompliantAlgorithms() && z) {
            throw new IllegalArgumentException("Can not disable TLS validation when running Jenkins in FIPS 140 mode");
        }
        try {
            return new ProxyAwareResourceRetriever(z);
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new IllegalStateException("Could not construct the ProxyAwareResourceRetriver", e);
        }
    }
}
