package com.atlassian.bamboo.agent.bootstrap.http;

import com.atlassian.bamboo.agent.bootstrap.SslKeystoreUtils;
import java.io.IOException;
import java.io.Serializable;
import java.net.InetAddress;
import java.net.ProxySelector;
import java.net.SocketTimeoutException;
import java.util.ArrayList;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import org.apache.http.HttpException;
import org.apache.http.HttpHost;
import org.apache.http.HttpRequest;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.config.SocketConfig;
import org.apache.http.conn.routing.HttpRoute;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContextBuilder;
import org.apache.http.conn.ssl.SSLContexts;
import org.apache.http.conn.ssl.SSLInitializationException;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.DefaultHttpRequestRetryHandler;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.impl.conn.SystemDefaultRoutePlanner;
import org.apache.http.protocol.HttpContext;
import org.apache.log4j.Logger;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:com/atlassian/bamboo/agent/bootstrap/http/RemoteAgentHttpClientFactory.class */
public final class RemoteAgentHttpClientFactory implements Serializable {
    private static final Logger log = Logger.getLogger(RemoteAgentHttpClientFactory.class);
    private static final String PROPERTY_HTTP_CLIENT_TIMEOUT = "bamboo.agent.http.client.timeout";
    private static final String PROPERTY_HTTP_CLIENT_RETRIES = "bamboo.agent.http.client.retries";
    public static final String BAMBOO_AGENT_IGNORE_SERVER_CERT_NAME = "bamboo.agent.ignoreServerCertName";
    private static final int DEFAULT_HTTP_CLIENT_TIMEOUT_SECONDS = 300;
    private static final int DEFAULT_HTTP_CLIENT_RETRIES = 10;
    private int retries = getRetries();
    private int timeoutMs = getTimeoutMs();

    @Nullable
    private X509HostnameVerifier hostnameVerifierOverride;
    private SchemeRegistryFactory schemeRegistryDataFactory;
    private String fixedVirtualHost;

    /* loaded from: input_file:com/atlassian/bamboo/agent/bootstrap/http/RemoteAgentHttpClientFactory$TunnelAwareRoutePlanner.class */
    private static class TunnelAwareRoutePlanner extends SystemDefaultRoutePlanner {
        private TunnelAwareRoutePlanner() {
            super((ProxySelector) null);
        }

        public HttpRoute determineRoute(HttpHost httpHost, HttpRequest httpRequest, HttpContext httpContext) throws HttpException {
            HttpRoute determineRoute = super.determineRoute(httpHost, httpRequest, httpContext);
            HttpHost targetHost = determineRoute.getTargetHost();
            InetAddress localAddress = determineRoute.getLocalAddress();
            HttpHost proxyHost = determineRoute.getProxyHost();
            boolean startsWith = httpRequest.getRequestLine().getUri().startsWith("https");
            return proxyHost == null ? new HttpRoute(targetHost, localAddress, startsWith) : new HttpRoute(targetHost, localAddress, proxyHost, startsWith);
        }
    }

    public CloseableHttpClient newHttpClient() {
        log.info("Creating a new HTTP client...");
        DefaultHttpRequestRetryHandler defaultHttpRequestRetryHandler = new DefaultHttpRequestRetryHandler(this.retries, true) { // from class: com.atlassian.bamboo.agent.bootstrap.http.RemoteAgentHttpClientFactory.1
            @Override // org.apache.http.impl.client.DefaultHttpRequestRetryHandler, org.apache.http.client.HttpRequestRetryHandler
            public boolean retryRequest(IOException iOException, int i, HttpContext httpContext) {
                return iOException instanceof SocketTimeoutException ? i < getRetryCount() : super.retryRequest(iOException, i, httpContext);
            }
        };
        SocketConfig build = SocketConfig.custom().setSoTimeout(this.timeoutMs).build();
        RequestConfig build2 = RequestConfig.custom().setConnectTimeout(this.timeoutMs).setSocketTimeout(this.timeoutMs).build();
        PoolingHttpClientConnectionManager poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager(getSchemeRegistry(this.schemeRegistryDataFactory.newSchemeRegistry(this)));
        poolingHttpClientConnectionManager.setDefaultSocketConfig(build);
        HttpClientBuilder defaultRequestConfig = HttpClientBuilder.create().setConnectionManager(poolingHttpClientConnectionManager).setRetryHandler(defaultHttpRequestRetryHandler).setDefaultSocketConfig(build).setDefaultRequestConfig(build2);
        X509HostnameVerifier chooseHostnameVerifier = chooseHostnameVerifier();
        if (chooseHostnameVerifier != null) {
            defaultRequestConfig.setHostnameVerifier(chooseHostnameVerifier);
        }
        if (this.fixedVirtualHost != null) {
            defaultRequestConfig.addInterceptorFirst(new FixedVirtualHostInterceptor(this.fixedVirtualHost));
        }
        defaultRequestConfig.setRoutePlanner(new SystemDefaultRoutePlanner((ProxySelector) null));
        return defaultRequestConfig.build();
    }

    public SSLConnectionSocketFactory newSslConnectionSocketFactory() throws SSLInitializationException {
        try {
            SSLContextBuilder useTLS = SSLContexts.custom().useTLS();
            if (SslKeystoreUtils.isKeyStoreConfigured()) {
                try {
                    String keystorePassword = SslKeystoreUtils.getKeystorePassword();
                    if (keystorePassword == null) {
                        keystorePassword = "";
                    }
                    useTLS.loadKeyMaterial(SslKeystoreUtils.loadKeyStore(), keystorePassword.toCharArray());
                } catch (Exception e) {
                    log.warn("Unable to load key store", e);
                }
            }
            if (SslKeystoreUtils.isTrustStoreConfigured()) {
                try {
                    useTLS.loadTrustMaterial(SslKeystoreUtils.loadTrustStore(), new TrustSelfSignedStrategy());
                } catch (Exception e2) {
                    log.warn("Unable to load trust store", e2);
                }
            }
            SSLContext build = useTLS.build();
            removeUndesirableCiphers(build.getDefaultSSLParameters());
            X509HostnameVerifier chooseHostnameVerifier = chooseHostnameVerifier();
            return chooseHostnameVerifier == null ? new SSLConnectionSocketFactory(build) : new SSLConnectionSocketFactory(build, chooseHostnameVerifier);
        } catch (Exception e3) {
            throw new SSLInitializationException("Error during intialisation of SSL connection factory: ", e3);
        }
    }

    private void removeUndesirableCiphers(SSLParameters sSLParameters) {
        String[] cipherSuites = sSLParameters.getCipherSuites();
        ArrayList arrayList = new ArrayList();
        for (String str : cipherSuites) {
            if (!str.contains("_GCM_")) {
                arrayList.add(str);
            }
        }
        sSLParameters.setCipherSuites((String[]) arrayList.toArray(new String[arrayList.size()]));
    }

    public void setSchemeRegistryDataFactory(SchemeRegistryFactory schemeRegistryFactory) {
        this.schemeRegistryDataFactory = schemeRegistryFactory;
    }

    public void setRetries(int i) {
        this.retries = i;
    }

    public void setTimeoutMs(int i) {
        this.timeoutMs = i;
    }

    public void setHostnameVerifier(X509HostnameVerifier x509HostnameVerifier) {
        this.hostnameVerifierOverride = x509HostnameVerifier;
    }

    public void setFixedVirtualHost(String str) {
        this.fixedVirtualHost = str;
    }

    private X509HostnameVerifier chooseHostnameVerifier() {
        if (this.hostnameVerifierOverride != null) {
            return this.hostnameVerifierOverride;
        }
        if (!Boolean.getBoolean(BAMBOO_AGENT_IGNORE_SERVER_CERT_NAME)) {
            return null;
        }
        log.info("Allowing non-matching certificates in HTTPClient");
        return SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
    }

    private static Registry<ConnectionSocketFactory> getSchemeRegistry(Map<String, ConnectionSocketFactory> map) {
        RegistryBuilder create = RegistryBuilder.create();
        for (Map.Entry<String, ConnectionSocketFactory> entry : map.entrySet()) {
            create.register(entry.getKey(), entry.getValue());
        }
        return create.build();
    }

    private static int getRetries() {
        return Integer.getInteger(PROPERTY_HTTP_CLIENT_RETRIES, DEFAULT_HTTP_CLIENT_RETRIES).intValue();
    }

    public static int getTimeoutMs() {
        return (int) TimeUnit.SECONDS.toMillis(Integer.getInteger(PROPERTY_HTTP_CLIENT_TIMEOUT, DEFAULT_HTTP_CLIENT_TIMEOUT_SECONDS).intValue());
    }
}
