package hudson.plugins.gradle.injection.token;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.plugins.gradle.injection.DevelocityAccessCredentials;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import javax.annotation.Nullable;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:hudson/plugins/gradle/injection/token/ShortLivedTokenClient.class */
public class ShortLivedTokenClient {
    private static final int MAX_RETRIES = 3;
    private final OkHttpClient httpClient;
    private static final Logger LOGGER = LoggerFactory.getLogger(ShortLivedTokenClient.class);
    private static final RequestBody EMPTY_BODY = RequestBody.create(new byte[0]);
    private static final Duration RETRY_INTERVAL = Duration.ofSeconds(1);

    public ShortLivedTokenClient(boolean z) {
        OkHttpClient.Builder callTimeout = new OkHttpClient().newBuilder().callTimeout(10L, TimeUnit.SECONDS);
        if (z) {
            callTimeout.hostnameVerifier((str, sSLSession) -> {
                return true;
            });
            try {
                TrustManager[] createAllTrustingTrustManager = createAllTrustingTrustManager();
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(null, createAllTrustingTrustManager, null);
                callTimeout.sslSocketFactory(sSLContext.getSocketFactory(), (X509TrustManager) createAllTrustingTrustManager[0]);
            } catch (KeyManagementException | NoSuchAlgorithmException e) {
                throw new RuntimeException(e);
            }
        }
        this.httpClient = callTimeout.build();
    }

    @SuppressFBWarnings({"NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE"})
    public Optional<DevelocityAccessCredentials.HostnameAccessKey> get(String str, DevelocityAccessCredentials.HostnameAccessKey hostnameAccessKey, @Nullable Integer num) {
        Response execute;
        String str2 = normalize(str) + "api/auth/token";
        if (num != null) {
            str2 = str2 + "?expiresInHours=" + num;
        }
        Request build = new Request.Builder().url(str2).addHeader("Authorization", "Bearer " + hostnameAccessKey.getKey()).addHeader("Content-Type", "application/json").post(EMPTY_BODY).build();
        int i = 0;
        Integer num2 = null;
        while (i < MAX_RETRIES) {
            try {
                execute = this.httpClient.newCall(build).execute();
                try {
                } catch (Throwable th) {
                    if (execute != null) {
                        try {
                            execute.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (IOException e) {
                LOGGER.warn("Short lived token request failed {}", str2, e);
                return Optional.empty();
            } catch (InterruptedException e2) {
            }
            if (execute.code() == 200 && execute.body() != null) {
                Optional<DevelocityAccessCredentials.HostnameAccessKey> of = Optional.of(DevelocityAccessCredentials.HostnameAccessKey.of(hostnameAccessKey.getHostname(), execute.body().string()));
                if (execute != null) {
                    execute.close();
                }
                return of;
            }
            if (execute.code() == 401) {
                LOGGER.warn("Develocity short lived token request failed {} with status code 401", str2);
                Optional<DevelocityAccessCredentials.HostnameAccessKey> empty = Optional.empty();
                if (execute != null) {
                    execute.close();
                }
                return empty;
            }
            i++;
            num2 = Integer.valueOf(execute.code());
            Thread.sleep(RETRY_INTERVAL.toMillis());
            if (execute != null) {
                execute.close();
            }
        }
        LOGGER.warn("Develocity short lived token request failed {} with status code {}", str2, num2);
        return Optional.empty();
    }

    private static String normalize(String str) {
        return str.endsWith("/") ? str : str + "/";
    }

    private static TrustManager[] createAllTrustingTrustManager() {
        return new TrustManager[]{new X509TrustManager() { // from class: hudson.plugins.gradle.injection.token.ShortLivedTokenClient.1
            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }
        }};
    }
}
