package com.stackrox.jenkins.plugins;

import com.google.common.base.Strings;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.SocketException;
import java.nio.charset.StandardCharsets;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.TrustStrategy;

/* loaded from: input_file:WEB-INF/lib/stackrox-container-image-scanner.jar:com/stackrox/jenkins/plugins/HttpClientUtils.class */
public class HttpClientUtils {
    public static final int maxRetries = 3;

    public static CloseableHttpClient get(boolean z, String str) throws IOException {
        SSLContext build;
        if (z) {
            try {
                if (!Strings.isNullOrEmpty(str)) {
                    KeyStore keyStore = KeyStore.getInstance("pkcs12");
                    keyStore.load(null, "".toCharArray());
                    keyStore.setCertificateEntry("ca.crt", (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8))));
                    build = SSLContextBuilder.create().loadTrustMaterial(keyStore, (TrustStrategy) null).build();
                    return HttpClients.custom().setSSLSocketFactory(new SSLConnectionSocketFactory(build, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER)).setDefaultRequestConfig(RequestConfig.custom().setConnectTimeout(60000).setConnectionRequestTimeout(60000).setSocketTimeout(600000).build()).setRetryHandler((iOException, i, httpContext) -> {
                        return i <= 3 && (iOException instanceof SocketException);
                    }).build();
                }
            } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                throw new IOException(e);
            }
        }
        build = z ? SSLContextBuilder.create().build() : SSLContextBuilder.create().loadTrustMaterial(new TrustSelfSignedStrategy()).build();
        return HttpClients.custom().setSSLSocketFactory(new SSLConnectionSocketFactory(build, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER)).setDefaultRequestConfig(RequestConfig.custom().setConnectTimeout(60000).setConnectionRequestTimeout(60000).setSocketTimeout(600000).build()).setRetryHandler((iOException2, i2, httpContext2) -> {
            return i2 <= 3 && (iOException2 instanceof SocketException);
        }).build();
    }
}
