package com.atlassian.asap.core.keys.publickey;

import com.atlassian.asap.Preconditions;
import com.atlassian.asap.api.exception.CannotRetrieveKeyException;
import com.atlassian.asap.core.exception.PublicKeyNotFoundException;
import com.atlassian.asap.core.exception.PublicKeyRetrievalException;
import com.atlassian.asap.core.keys.KeyProvider;
import com.atlassian.asap.core.keys.PemReader;
import com.atlassian.asap.core.validator.ValidatedKeyId;
import java.io.IOException;
import java.net.URI;
import java.security.PublicKey;
import java.util.Objects;
import org.apache.commons.lang3.StringUtils;
import org.apache.hc.client5.http.classic.HttpClient;
import org.apache.hc.client5.http.classic.methods.HttpGet;
import org.apache.hc.client5.http.config.ConnectionConfig;
import org.apache.hc.client5.http.config.RequestConfig;
import org.apache.hc.client5.http.impl.DefaultRedirectStrategy;
import org.apache.hc.client5.http.impl.cache.CacheConfig;
import org.apache.hc.client5.http.impl.cache.CachingHttpClientBuilder;
import org.apache.hc.client5.http.impl.cache.CachingHttpClients;
import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager;
import org.apache.hc.core5.util.Timeout;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/asap/core/keys/publickey/HttpPublicKeyProvider.class */
public class HttpPublicKeyProvider implements KeyProvider<PublicKey> {
    static final int DEFAULT_MAX_CONNECTIONS = 20;
    static final String PEM_MIME_TYPE = "application/x-pem-file";
    static final String ACCEPT_HEADER_VALUE = "application/x-pem-file";
    static final String USER_AGENT_HEADER_VALUE = "ASAP-Java KeyProvider Client";
    private static final Logger logger = LoggerFactory.getLogger(HttpPublicKeyProvider.class);
    private final HttpClient httpClient;
    private final PemReader pemReader;
    private final URI baseUrl;

    public HttpPublicKeyProvider(URI uri, HttpClient httpClient, PemReader pemReader) {
        this(uri, httpClient, pemReader, false);
    }

    HttpPublicKeyProvider(URI uri, HttpClient httpClient, PemReader pemReader, boolean z) {
        Objects.requireNonNull(uri, "Base URL cannot be null");
        Preconditions.checkArgument(Boolean.valueOf(uri.isAbsolute()), "Base URL must be absolute");
        Preconditions.checkArgument(Boolean.valueOf((z && "http".equals(uri.getScheme())) || "https".equals(uri.getScheme())), "Invalid base URL scheme");
        Preconditions.checkArgument(Boolean.valueOf(StringUtils.endsWith(uri.toString(), "/")), "Base URL does not end with trailing slash: " + uri);
        this.baseUrl = uri;
        this.httpClient = (HttpClient) Objects.requireNonNull(httpClient);
        this.pemReader = (PemReader) Objects.requireNonNull(pemReader);
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.atlassian.asap.core.keys.KeyProvider
    public PublicKey getKey(ValidatedKeyId validatedKeyId) throws CannotRetrieveKeyException {
        URI resolve = this.baseUrl.resolve(validatedKeyId.getKeyId());
        logger.debug("Fetching public key {}, either from the network or from the HTTP client cache", resolve);
        return retrievePublicKey(validatedKeyId, resolve);
    }

    private PublicKey retrievePublicKey(ValidatedKeyId validatedKeyId, URI uri) throws CannotRetrieveKeyException {
        HttpPublicKeyResponseHandler httpPublicKeyResponseHandler = new HttpPublicKeyResponseHandler(this.pemReader, validatedKeyId, uri);
        HttpGet httpGet = new HttpGet(uri);
        httpGet.setHeader("Accept", "application/x-pem-file");
        httpGet.setHeader("User-Agent", USER_AGENT_HEADER_VALUE);
        try {
            return (PublicKey) this.httpClient.execute(httpGet, httpPublicKeyResponseHandler);
        } catch (PublicKeyNotFoundException | PublicKeyRetrievalException e) {
            throw e;
        } catch (IOException e2) {
            logger.warn("A problem occurred when trying to retrieve public key from URL {}", uri, e2);
            throw new PublicKeyRetrievalException("Error getting HTTPS public key - " + e2.getMessage(), e2, validatedKeyId, uri);
        }
    }

    public static HttpClient defaultHttpClient() {
        return defaultHttpClientBuilder().build();
    }

    public static HttpClientBuilder defaultHttpClientBuilder() {
        return configureHttpClientBuilder(CachingHttpClients.custom());
    }

    public static HttpClientBuilder configureHttpClientBuilder(CachingHttpClientBuilder cachingHttpClientBuilder) {
        ConnectionConfig.Builder socketTimeout = ConnectionConfig.custom().setConnectTimeout(Timeout.ofSeconds(5L)).setSocketTimeout(Timeout.ofSeconds(10L));
        PoolingHttpClientConnectionManager poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager();
        poolingHttpClientConnectionManager.setDefaultMaxPerRoute(DEFAULT_MAX_CONNECTIONS);
        poolingHttpClientConnectionManager.setMaxTotal(DEFAULT_MAX_CONNECTIONS);
        poolingHttpClientConnectionManager.setDefaultConnectionConfig(socketTimeout.build());
        RequestConfig.Builder custom = RequestConfig.custom();
        custom.setConnectionRequestTimeout(Timeout.ofSeconds(5L));
        return cachingHttpClientBuilder.setCacheConfig(CacheConfig.custom().setMaxCacheEntries(128).setMaxObjectSize(2048L).setHeuristicCachingEnabled(false).setSharedCache(false).setAsynchronousWorkers(2).build()).setDefaultRequestConfig(custom.build()).setConnectionManager(poolingHttpClientConnectionManager).useSystemProperties().setRedirectStrategy(DefaultRedirectStrategy.INSTANCE).setRetryStrategy(new S3ServiceUnavailableRetryStrategy(2, 100L));
    }

    public String toString() {
        return getClass().getSimpleName() + "{baseUrl=" + this.baseUrl + "}";
    }
}
