package org.apereo.cas.config;

import java.util.ArrayList;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpHost;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.message.BasicHeader;
import org.apache.http.ssl.SSLContexts;
import org.apereo.cas.authentication.CasSSLContext;
import org.apereo.cas.authentication.DefaultCasSSLContext;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.core.authentication.HttpClientProperties;
import org.apereo.cas.configuration.model.core.authentication.HttpClientTrustStoreProperties;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.util.http.HttpClient;
import org.apereo.cas.util.http.SimpleHttpClient;
import org.apereo.cas.util.http.SimpleHttpClientFactoryBean;
import org.springframework.beans.factory.FactoryBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("casCoreHttpConfiguration")
@Order(Integer.MIN_VALUE)
/* loaded from: input_file:WEB-INF/lib/cas-server-core-web-6.4.6.2.jar:org/apereo/cas/config/CasCoreHttpConfiguration.class */
public class CasCoreHttpConfiguration {

    @Autowired
    private CasConfigurationProperties casProperties;

    @ConditionalOnMissingBean(name = {"trustStoreSslSocketFactory"})
    @Bean
    public SSLConnectionSocketFactory trustStoreSslSocketFactory() throws Exception {
        return new SSLConnectionSocketFactory(sslContext(), hostnameVerifier());
    }

    @ConditionalOnMissingBean(name = {"casSslContext"})
    @Bean
    public CasSSLContext casSslContext() throws Exception {
        HttpClientTrustStoreProperties truststore = this.casProperties.getHttpClient().getTruststore();
        return (truststore.getFile() != null && truststore.getFile().exists() && StringUtils.isNotBlank(truststore.getPsw())) ? new DefaultCasSSLContext(truststore.getFile(), truststore.getPsw(), truststore.getType(), this.casProperties.getHttpClient()) : this.casProperties.getHttpClient().getHostNameVerifier().equalsIgnoreCase("none") ? CasSSLContext.disabled() : CasSSLContext.system();
    }

    @ConditionalOnMissingBean(name = {"sslContext"})
    @Bean
    public SSLContext sslContext() throws Exception {
        CasSSLContext casSslContext = casSslContext();
        return casSslContext != null ? casSslContext.getSslContext() : SSLContexts.createSystemDefault();
    }

    @ConditionalOnMissingBean(name = {"httpClient"})
    @Bean(destroyMethod = "destroy")
    public FactoryBean<SimpleHttpClient> httpClient() throws Exception {
        return buildHttpClientFactoryBean();
    }

    @ConditionalOnMissingBean(name = {"noRedirectHttpClient"})
    @Bean(destroyMethod = "destroy")
    public HttpClient noRedirectHttpClient() throws Exception {
        return getHttpClient(false);
    }

    @ConditionalOnMissingBean(name = {"supportsTrustStoreSslSocketFactoryHttpClient"})
    @Bean(destroyMethod = "destroy")
    public HttpClient supportsTrustStoreSslSocketFactoryHttpClient() throws Exception {
        return getHttpClient(true);
    }

    @ConditionalOnMissingBean(name = {"hostnameVerifier"})
    @RefreshScope
    @Bean
    public HostnameVerifier hostnameVerifier() {
        return this.casProperties.getHttpClient().getHostNameVerifier().equalsIgnoreCase("none") ? NoopHostnameVerifier.INSTANCE : new DefaultHostnameVerifier();
    }

    private HttpClient getHttpClient(boolean z) throws Exception {
        SimpleHttpClientFactoryBean buildHttpClientFactoryBean = buildHttpClientFactoryBean();
        buildHttpClientFactoryBean.setRedirectsEnabled(z);
        buildHttpClientFactoryBean.setCircularRedirectsAllowed(z);
        return buildHttpClientFactoryBean.getObject();
    }

    private SimpleHttpClientFactoryBean buildHttpClientFactoryBean() throws Exception {
        SimpleHttpClientFactoryBean.DefaultHttpClient defaultHttpClient = new SimpleHttpClientFactoryBean.DefaultHttpClient();
        HttpClientProperties httpClient = this.casProperties.getHttpClient();
        defaultHttpClient.setConnectionTimeout(Beans.newDuration(httpClient.getConnectionTimeout()).toMillis());
        defaultHttpClient.setReadTimeout((int) Beans.newDuration(httpClient.getReadTimeout()).toMillis());
        if (StringUtils.isNotBlank(httpClient.getProxyHost()) && httpClient.getProxyPort() > 0) {
            defaultHttpClient.setProxy(new HttpHost(httpClient.getProxyHost(), httpClient.getProxyPort()));
        }
        defaultHttpClient.setSslSocketFactory(trustStoreSslSocketFactory());
        defaultHttpClient.setHostnameVerifier(hostnameVerifier());
        defaultHttpClient.setSslContext(sslContext());
        ArrayList arrayList = new ArrayList();
        httpClient.getDefaultHeaders().forEach((str, str2) -> {
            arrayList.add(new BasicHeader(str, str2));
        });
        defaultHttpClient.setDefaultHeaders(arrayList);
        return defaultHttpClient;
    }
}
