package org.springframework.cloud.gateway.config;

import cn.hutool.crypto.KeyUtil;
import io.netty.channel.ChannelOption;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import org.springframework.beans.factory.config.AbstractFactoryBean;
import org.springframework.boot.autoconfigure.web.ServerProperties;
import org.springframework.boot.context.properties.PropertyMapper;
import org.springframework.cloud.gateway.config.HttpClientProperties;
import org.springframework.core.annotation.AnnotationAwareOrderComparator;
import org.springframework.util.CollectionUtils;
import org.springframework.util.ResourceUtils;
import org.springframework.util.StringUtils;
import reactor.netty.http.Http11SslContextSpec;
import reactor.netty.http.Http2SslContextSpec;
import reactor.netty.http.HttpProtocol;
import reactor.netty.http.client.HttpClient;
import reactor.netty.http.client.HttpResponseDecoderSpec;
import reactor.netty.resources.ConnectionProvider;
import reactor.netty.tcp.SslProvider;
import reactor.netty.transport.ProxyProvider;

/* loaded from: input_file:BOOT-INF/lib/spring-cloud-gateway-server-3.1.8.jar:org/springframework/cloud/gateway/config/HttpClientFactory.class */
public class HttpClientFactory extends AbstractFactoryBean<HttpClient> {
    protected final HttpClientProperties properties;
    protected final ServerProperties serverProperties;
    protected final HttpClientSslConfigurer sslConfigurer;
    protected final List<HttpClientCustomizer> customizers;

    public HttpClientFactory(HttpClientProperties httpClientProperties, ServerProperties serverProperties, List<HttpClientCustomizer> list) {
        this.properties = httpClientProperties;
        this.serverProperties = serverProperties;
        this.sslConfigurer = null;
        this.customizers = list;
    }

    public HttpClientFactory(HttpClientProperties httpClientProperties, ServerProperties serverProperties, HttpClientSslConfigurer httpClientSslConfigurer, List<HttpClientCustomizer> list) {
        this.properties = httpClientProperties;
        this.serverProperties = serverProperties;
        this.sslConfigurer = httpClientSslConfigurer;
        this.customizers = list;
    }

    @Override // org.springframework.beans.factory.config.AbstractFactoryBean, org.springframework.beans.factory.FactoryBean
    public Class<?> getObjectType() {
        return HttpClient.class;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.springframework.beans.factory.config.AbstractFactoryBean
    public HttpClient createInstance() {
        HttpClient httpResponseDecoder = HttpClient.create(buildConnectionProvider(this.properties)).httpResponseDecoder(this::httpResponseDecoder);
        if (this.serverProperties.getHttp2().isEnabled()) {
            httpResponseDecoder = httpResponseDecoder.protocol(HttpProtocol.HTTP11, HttpProtocol.H2);
        }
        if (this.properties.getConnectTimeout() != null) {
            httpResponseDecoder = (HttpClient) httpResponseDecoder.option(ChannelOption.CONNECT_TIMEOUT_MILLIS, this.properties.getConnectTimeout());
        }
        HttpClient configureSsl = configureSsl(configureProxy(httpResponseDecoder));
        if (this.properties.isWiretap()) {
            configureSsl = configureSsl.wiretap(true);
        }
        if (this.properties.isCompression()) {
            configureSsl = configureSsl.compress(true);
        }
        return applyCustomizers(configureSsl);
    }

    protected HttpClient configureSsl(HttpClient httpClient) {
        if (this.sslConfigurer != null) {
            return this.sslConfigurer.configureSsl(httpClient);
        }
        HttpClientProperties.Ssl ssl = this.properties.getSsl();
        if ((ssl.getKeyStore() != null && ssl.getKeyStore().length() > 0) || getTrustedX509CertificatesForTrustManager().length > 0 || ssl.isUseInsecureTrustManager()) {
            httpClient = httpClient.secure(sslContextSpec -> {
                configureSslContext(ssl, sslContextSpec);
            });
        }
        return httpClient;
    }

    @Deprecated
    protected void configureSslContext(HttpClientProperties.Ssl ssl, SslProvider.SslContextSpec sslContextSpec) {
        SslProvider.ProtocolSslContextSpec forClient = this.serverProperties.getHttp2().isEnabled() ? Http2SslContextSpec.forClient() : Http11SslContextSpec.forClient();
        forClient.configure(sslContextBuilder -> {
            X509Certificate[] trustedX509CertificatesForTrustManager = getTrustedX509CertificatesForTrustManager();
            if (trustedX509CertificatesForTrustManager.length > 0) {
                setTrustManager(sslContextBuilder, trustedX509CertificatesForTrustManager);
            } else if (ssl.isUseInsecureTrustManager()) {
                setTrustManager(sslContextBuilder, InsecureTrustManagerFactory.INSTANCE);
            }
            try {
                sslContextBuilder.keyManager(getKeyManagerFactory());
            } catch (Exception e) {
                this.logger.error(e);
            }
        });
        sslContextSpec.sslContext(forClient).handshakeTimeout(ssl.getHandshakeTimeout()).closeNotifyFlushTimeout(ssl.getCloseNotifyFlushTimeout()).closeNotifyReadTimeout(ssl.getCloseNotifyReadTimeout());
    }

    private HttpClient applyCustomizers(HttpClient httpClient) {
        if (!CollectionUtils.isEmpty(this.customizers)) {
            this.customizers.sort(AnnotationAwareOrderComparator.INSTANCE);
            Iterator<HttpClientCustomizer> it = this.customizers.iterator();
            while (it.hasNext()) {
                httpClient = it.next().customize(httpClient);
            }
        }
        return httpClient;
    }

    protected HttpClient configureProxy(HttpClient httpClient) {
        if (StringUtils.hasText(this.properties.getProxy().getHost())) {
            HttpClientProperties.Proxy proxy = this.properties.getProxy();
            httpClient = httpClient.proxy(typeSpec -> {
                configureProxyProvider(proxy, typeSpec);
            });
        }
        return httpClient;
    }

    @Deprecated
    protected X509Certificate[] getTrustedX509CertificatesForTrustManager() {
        HttpClientProperties.Ssl ssl = this.properties.getSsl();
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance(KeyUtil.X509);
            ArrayList arrayList = new ArrayList();
            for (String str : ssl.getTrustedX509Certificates()) {
                try {
                    arrayList.addAll(certificateFactory.generateCertificates(ResourceUtils.getURL(str).openStream()));
                } catch (IOException e) {
                    throw new RuntimeException("Could not load certificate '" + str + "'", e);
                }
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        } catch (CertificateException e2) {
            throw new RuntimeException("Could not load CertificateFactory X.509", e2);
        }
    }

    @Deprecated
    protected KeyManagerFactory getKeyManagerFactory() {
        HttpClientProperties.Ssl ssl = this.properties.getSsl();
        try {
            if (ssl.getKeyStore() == null || ssl.getKeyStore().length() <= 0) {
                return null;
            }
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            char[] charArray = ssl.getKeyPassword() != null ? ssl.getKeyPassword().toCharArray() : null;
            if (charArray == null && ssl.getKeyStorePassword() != null) {
                charArray = ssl.getKeyStorePassword().toCharArray();
            }
            keyManagerFactory.init(createKeyStore(), charArray);
            return keyManagerFactory;
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }

    @Deprecated
    protected KeyStore createKeyStore() {
        HttpClientProperties.Ssl ssl = this.properties.getSsl();
        try {
            KeyStore keyStore = ssl.getKeyStoreProvider() != null ? KeyStore.getInstance(ssl.getKeyStoreType(), ssl.getKeyStoreProvider()) : KeyStore.getInstance(ssl.getKeyStoreType());
            try {
                keyStore.load(ResourceUtils.getURL(ssl.getKeyStore()).openStream(), ssl.getKeyStorePassword() != null ? ssl.getKeyStorePassword().toCharArray() : null);
                return keyStore;
            } catch (Exception e) {
                throw new RuntimeException("Could not load key store ' " + ssl.getKeyStore() + "'", e);
            }
        } catch (KeyStoreException | NoSuchProviderException e2) {
            throw new RuntimeException("Could not load KeyStore for given type and provider", e2);
        }
    }

    @Deprecated
    protected void setTrustManager(SslContextBuilder sslContextBuilder, X509Certificate... x509CertificateArr) {
        sslContextBuilder.trustManager(x509CertificateArr);
    }

    @Deprecated
    protected void setTrustManager(SslContextBuilder sslContextBuilder, TrustManagerFactory trustManagerFactory) {
        sslContextBuilder.trustManager(trustManagerFactory);
    }

    protected ProxyProvider.Builder configureProxyProvider(HttpClientProperties.Proxy proxy, ProxyProvider.TypeSpec typeSpec) {
        ProxyProvider.Builder host = typeSpec.type(proxy.getType()).host(proxy.getHost());
        PropertyMapper propertyMapper = PropertyMapper.get();
        Objects.requireNonNull(proxy);
        PropertyMapper.Source whenNonNull = propertyMapper.from(proxy::getPort).whenNonNull();
        Objects.requireNonNull(host);
        whenNonNull.to((v1) -> {
            r1.port(v1);
        });
        Objects.requireNonNull(proxy);
        PropertyMapper.Source whenHasText = propertyMapper.from(proxy::getUsername).whenHasText();
        Objects.requireNonNull(host);
        whenHasText.to(host::username);
        Objects.requireNonNull(proxy);
        propertyMapper.from(proxy::getPassword).whenHasText().to(str -> {
            host.password(str -> {
                return str;
            });
        });
        Objects.requireNonNull(proxy);
        PropertyMapper.Source whenHasText2 = propertyMapper.from(proxy::getNonProxyHostsPattern).whenHasText();
        Objects.requireNonNull(host);
        whenHasText2.to(host::nonProxyHosts);
        return host;
    }

    protected HttpResponseDecoderSpec httpResponseDecoder(HttpResponseDecoderSpec httpResponseDecoderSpec) {
        if (this.properties.getMaxHeaderSize() != null) {
            httpResponseDecoderSpec.maxHeaderSize((int) this.properties.getMaxHeaderSize().toBytes());
        }
        if (this.properties.getMaxInitialLineLength() != null) {
            httpResponseDecoderSpec.maxInitialLineLength((int) this.properties.getMaxInitialLineLength().toBytes());
        }
        return httpResponseDecoderSpec;
    }

    protected ConnectionProvider buildConnectionProvider(HttpClientProperties httpClientProperties) {
        ConnectionProvider build;
        HttpClientProperties.Pool pool = httpClientProperties.getPool();
        if (pool.getType() == HttpClientProperties.Pool.PoolType.DISABLED) {
            build = ConnectionProvider.newConnection();
        } else {
            ConnectionProvider.Builder builder = ConnectionProvider.builder(pool.getName());
            if (pool.getType() == HttpClientProperties.Pool.PoolType.FIXED) {
                builder.maxConnections(pool.getMaxConnections().intValue()).pendingAcquireMaxCount(-1).pendingAcquireTimeout(Duration.ofMillis(pool.getAcquireTimeout().longValue()));
            } else {
                builder.maxConnections(Integer.MAX_VALUE).pendingAcquireTimeout(Duration.ofMillis(0L)).pendingAcquireMaxCount(-1);
            }
            if (pool.getMaxIdleTime() != null) {
                builder.maxIdleTime(pool.getMaxIdleTime());
            }
            if (pool.getMaxLifeTime() != null) {
                builder.maxLifeTime(pool.getMaxLifeTime());
            }
            builder.evictInBackground(pool.getEvictionInterval());
            builder.metrics(pool.isMetrics());
            build = builder.build();
        }
        return build;
    }
}
