package eu.cqse.teamscale.client;

import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.concurrent.TimeUnit;
import java.util.function.Consumer;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import okhttp3.OkHttpClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import retrofit2.Retrofit;

/* loaded from: input_file:WEB-INF/lib/teamscale-client-0.3.0.jar:eu/cqse/teamscale/client/HttpUtils.class */
public class HttpUtils {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) HttpUtils.class);
    private static boolean shouldValidateSsl = false;

    /* loaded from: input_file:WEB-INF/lib/teamscale-client-0.3.0.jar:eu/cqse/teamscale/client/HttpUtils$TrustAllCertificatesManager.class */
    public static class TrustAllCertificatesManager implements X509TrustManager {
        static final TrustAllCertificatesManager INSTANCE = new TrustAllCertificatesManager();

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }
    }

    public static void setShouldValidateSsl(boolean z) {
        shouldValidateSsl = z;
    }

    public static Retrofit createRetrofit(Consumer<Retrofit.Builder> consumer) {
        return createRetrofit(consumer, builder -> {
        });
    }

    public static Retrofit createRetrofit(Consumer<Retrofit.Builder> consumer, Consumer<OkHttpClient.Builder> consumer2) {
        OkHttpClient.Builder builder = new OkHttpClient.Builder();
        setDefaults(builder);
        setUpSslValidation(builder);
        consumer2.accept(builder);
        Retrofit.Builder client = new Retrofit.Builder().client(builder.build());
        consumer.accept(client);
        return client.build();
    }

    private static void setDefaults(OkHttpClient.Builder builder) {
        builder.connectTimeout(60L, TimeUnit.SECONDS);
        builder.readTimeout(60L, TimeUnit.SECONDS);
        builder.writeTimeout(60L, TimeUnit.SECONDS);
    }

    private static void setUpSslValidation(OkHttpClient.Builder builder) {
        if (shouldValidateSsl) {
            return;
        }
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{TrustAllCertificatesManager.INSTANCE}, new SecureRandom());
            builder.sslSocketFactory(sSLContext.getSocketFactory(), TrustAllCertificatesManager.INSTANCE);
            builder.hostnameVerifier((str, sSLSession) -> {
                return true;
            });
        } catch (GeneralSecurityException e) {
            LOGGER.error("Could not disable SSL certificate validation. Leaving it enabled", (Throwable) e);
        }
    }
}
