package com.marklogic.client.impl;

import com.marklogic.client.DatabaseClient;
import com.marklogic.client.DatabaseClientBuilder;
import com.marklogic.client.DatabaseClientFactory;
import com.marklogic.client.datamovement.PathSplitter;
import com.marklogic.client.extra.okhttpclient.RemoveAcceptEncodingConfigurator;
import com.marklogic.client.impl.SSLUtil;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.function.BiConsumer;
import java.util.function.Function;
import javax.net.ssl.SSLContext;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:com/marklogic/client/impl/DatabaseClientPropertySource.class */
public class DatabaseClientPropertySource {
    private static final String PREFIX = "marklogic.client.";
    private final Function<String, Object> propertySource;
    private static Map<String, BiConsumer<DatabaseClientFactory.Bean, Object>> connectionPropertyHandlers = new LinkedHashMap();

    public DatabaseClientPropertySource(Function<String, Object> function) {
        this.propertySource = function;
    }

    public DatabaseClient newClient() {
        DatabaseClientFactory.Bean newClientBean = newClientBean();
        return DatabaseClientFactory.newClient(newClientBean.getHost(), newClientBean.getPort(), newClientBean.getBasePath(), newClientBean.getDatabase(), newClientBean.getSecurityContext(), newClientBean.getConnectionType());
    }

    public DatabaseClientFactory.Bean newClientBean() {
        DatabaseClientFactory.Bean bean = new DatabaseClientFactory.Bean();
        connectionPropertyHandlers.forEach((str, biConsumer) -> {
            Object apply = this.propertySource.apply(str);
            if (apply != null) {
                biConsumer.accept(bean, apply);
            }
        });
        bean.setSecurityContext(newSecurityContext());
        return bean;
    }

    private ConnectionString makeConnectionString() {
        String str = (String) this.propertySource.apply("marklogic.client.connectionString");
        if (str == null || str.trim().length() <= 0) {
            return null;
        }
        return new ConnectionString(str, "connection string");
    }

    private DatabaseClientFactory.SecurityContext newSecurityContext() {
        Object apply = this.propertySource.apply("marklogic.client.securityContext");
        if (apply != null) {
            if (apply instanceof DatabaseClientFactory.SecurityContext) {
                return (DatabaseClientFactory.SecurityContext) apply;
            }
            throw new IllegalArgumentException("Security context must be of type " + DatabaseClientFactory.SecurityContext.class.getName());
        }
        ConnectionString makeConnectionString = makeConnectionString();
        String determineAuthType = determineAuthType(makeConnectionString);
        SSLUtil.SSLInputs buildSSLInputs = buildSSLInputs(determineAuthType);
        DatabaseClientFactory.SecurityContext newSecurityContext = newSecurityContext(determineAuthType, makeConnectionString, buildSSLInputs);
        if (buildSSLInputs.getSslContext() != null) {
            newSecurityContext.withSSLContext(buildSSLInputs.getSslContext(), buildSSLInputs.getTrustManager());
        }
        newSecurityContext.withSSLHostnameVerifier(determineHostnameVerifier());
        return newSecurityContext;
    }

    private String determineAuthType(ConnectionString connectionString) {
        Object apply = this.propertySource.apply("marklogic.client.authType");
        if (apply == null && connectionString != null) {
            return DatabaseClientBuilder.AUTH_TYPE_DIGEST;
        }
        if (apply == null || !(apply instanceof String)) {
            throw new IllegalArgumentException("Security context should be set, or auth type must be of type String");
        }
        return (String) apply;
    }

    private DatabaseClientFactory.SecurityContext newSecurityContext(String str, ConnectionString connectionString, SSLUtil.SSLInputs sSLInputs) {
        String lowerCase = str.toLowerCase();
        boolean z = -1;
        switch (lowerCase.hashCode()) {
            case -1331913276:
                if (lowerCase.equals(DatabaseClientBuilder.AUTH_TYPE_DIGEST)) {
                    z = true;
                    break;
                }
                break;
            case 3522669:
                if (lowerCase.equals(DatabaseClientBuilder.AUTH_TYPE_SAML)) {
                    z = 5;
                    break;
                }
                break;
            case 93508654:
                if (lowerCase.equals(DatabaseClientBuilder.AUTH_TYPE_BASIC)) {
                    z = false;
                    break;
                }
                break;
            case 94756405:
                if (lowerCase.equals(DatabaseClientBuilder.AUTH_TYPE_MARKLOGIC_CLOUD)) {
                    z = 2;
                    break;
                }
                break;
            case 105516695:
                if (lowerCase.equals(DatabaseClientBuilder.AUTH_TYPE_OAUTH)) {
                    z = 6;
                    break;
                }
                break;
            case 303053659:
                if (lowerCase.equals(DatabaseClientBuilder.AUTH_TYPE_KERBEROS)) {
                    z = 3;
                    break;
                }
                break;
            case 1952399767:
                if (lowerCase.equals(DatabaseClientBuilder.AUTH_TYPE_CERTIFICATE)) {
                    z = 4;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return newBasicAuthContext(connectionString);
            case true:
                return newDigestAuthContext(connectionString);
            case true:
                return newCloudAuthContext();
            case true:
                return newKerberosAuthContext();
            case true:
                return newCertificateAuthContext(sSLInputs);
            case true:
                return newSAMLAuthContext();
            case true:
                return newOAuthContext();
            default:
                throw new IllegalArgumentException("Unrecognized auth type: " + str);
        }
    }

    private String getRequiredStringValue(String str) {
        return getRequiredStringValue(str, String.format("%s must be of type String", str));
    }

    private String getRequiredStringValue(String str, String str2) {
        Object apply = this.propertySource.apply("marklogic.client." + str);
        if (apply == null || !(apply instanceof String)) {
            throw new IllegalArgumentException(str2);
        }
        return (String) apply;
    }

    private String getNullableStringValue(String str) {
        return getNullableStringValue(str, null);
    }

    private String getNullableStringValue(String str, String str2) {
        Object apply = this.propertySource.apply("marklogic.client." + str);
        if (apply == null || (apply instanceof String)) {
            return apply != null ? (String) apply : str2;
        }
        throw new IllegalArgumentException(str + " must be of type String");
    }

    private DatabaseClientFactory.SecurityContext newBasicAuthContext(ConnectionString connectionString) {
        return connectionString != null ? new DatabaseClientFactory.BasicAuthContext(connectionString.getUsername(), connectionString.getPassword()) : new DatabaseClientFactory.BasicAuthContext(getRequiredStringValue("username", "Must specify a username when using basic authentication."), getRequiredStringValue("password", "Must specify a password when using basic authentication."));
    }

    private DatabaseClientFactory.SecurityContext newDigestAuthContext(ConnectionString connectionString) {
        return connectionString != null ? new DatabaseClientFactory.DigestAuthContext(connectionString.getUsername(), connectionString.getPassword()) : new DatabaseClientFactory.DigestAuthContext(getRequiredStringValue("username", "Must specify a username when using digest authentication."), getRequiredStringValue("password", "Must specify a password when using digest authentication."));
    }

    private DatabaseClientFactory.SecurityContext newCloudAuthContext() {
        String requiredStringValue = getRequiredStringValue("cloud.apiKey");
        String nullableStringValue = getNullableStringValue("cloud.tokenDuration");
        Integer num = null;
        if (nullableStringValue != null) {
            try {
                num = Integer.valueOf(Integer.parseInt(nullableStringValue));
            } catch (NumberFormatException e) {
                throw new IllegalArgumentException("Cloud token duration must be numeric");
            }
        }
        return new DatabaseClientFactory.MarkLogicCloudAuthContext(requiredStringValue, num);
    }

    private DatabaseClientFactory.SecurityContext newCertificateAuthContext(SSLUtil.SSLInputs sSLInputs) {
        String nullableStringValue = getNullableStringValue("certificate.file");
        String nullableStringValue2 = getNullableStringValue("certificate.password");
        if (nullableStringValue == null || nullableStringValue.trim().length() <= 0) {
            if (sSLInputs.getSslContext() == null) {
                throw new RuntimeException("An SSLContext is required for certificate authentication.");
            }
            return new DatabaseClientFactory.CertificateAuthContext(sSLInputs.getSslContext(), sSLInputs.getTrustManager());
        }
        if (nullableStringValue2 != null) {
            try {
                if (nullableStringValue2.trim().length() > 0) {
                    return new DatabaseClientFactory.CertificateAuthContext(nullableStringValue, nullableStringValue2, sSLInputs.getTrustManager());
                }
            } catch (Exception e) {
                throw new RuntimeException("Unable to create CertificateAuthContext; cause " + e.getMessage(), e);
            }
        }
        return new DatabaseClientFactory.CertificateAuthContext(nullableStringValue, sSLInputs.getTrustManager());
    }

    private DatabaseClientFactory.SecurityContext newKerberosAuthContext() {
        return new DatabaseClientFactory.KerberosAuthContext(getRequiredStringValue("kerberos.principal"));
    }

    private DatabaseClientFactory.SecurityContext newSAMLAuthContext() {
        return new DatabaseClientFactory.SAMLAuthContext(getRequiredStringValue("saml.token"));
    }

    private DatabaseClientFactory.SecurityContext newOAuthContext() {
        return new DatabaseClientFactory.OAuthContext(getRequiredStringValue("oauth.token"));
    }

    private DatabaseClientFactory.SSLHostnameVerifier determineHostnameVerifier() {
        Object apply = this.propertySource.apply("marklogic.client.sslHostnameVerifier");
        if (apply instanceof DatabaseClientFactory.SSLHostnameVerifier) {
            return (DatabaseClientFactory.SSLHostnameVerifier) apply;
        }
        if (!(apply instanceof String)) {
            return null;
        }
        String str = (String) apply;
        if ("ANY".equalsIgnoreCase(str)) {
            return DatabaseClientFactory.SSLHostnameVerifier.ANY;
        }
        if ("COMMON".equalsIgnoreCase(str)) {
            return DatabaseClientFactory.SSLHostnameVerifier.COMMON;
        }
        if ("STRICT".equalsIgnoreCase(str)) {
            return DatabaseClientFactory.SSLHostnameVerifier.STRICT;
        }
        throw new IllegalArgumentException(String.format("Unrecognized value for SSLHostnameVerifier: %s", str));
    }

    private SSLUtil.SSLInputs buildSSLInputs(String str) {
        X509TrustManager trustManager = getTrustManager();
        SSLContext sSLContext = getSSLContext();
        if (sSLContext != null) {
            return new SSLUtil.SSLInputs(sSLContext, trustManager);
        }
        String nullableStringValue = getNullableStringValue("ssl.keystore.path");
        if (nullableStringValue != null && nullableStringValue.trim().length() > 0) {
            return useKeyStoreForTwoWaySSL(nullableStringValue, trustManager);
        }
        String sSLProtocol = getSSLProtocol(str);
        return sSLProtocol != null ? PathSplitter.DEFAULT_SPLITTER_KEY.equalsIgnoreCase(sSLProtocol) ? useDefaultSSLContext(trustManager) : useNewSSLContext(sSLProtocol, trustManager) : new SSLUtil.SSLInputs(null, trustManager);
    }

    private X509TrustManager getTrustManager() {
        Object apply = this.propertySource.apply("marklogic.client.trustManager");
        if (apply != null) {
            if (apply instanceof X509TrustManager) {
                return (X509TrustManager) apply;
            }
            throw new IllegalArgumentException("Trust manager must be an instanceof " + X509TrustManager.class.getName());
        }
        String nullableStringValue = getNullableStringValue("ssl.truststore.path");
        if (nullableStringValue == null || nullableStringValue.trim().length() <= 0) {
            return null;
        }
        return buildTrustManagerFromTrustStorePath(nullableStringValue);
    }

    private X509TrustManager buildTrustManagerFromTrustStorePath(String str) {
        String nullableStringValue = getNullableStringValue("ssl.truststore.password");
        return (X509TrustManager) SSLUtil.getTrustManagers(getNullableStringValue("ssl.truststore.algorithm", "SunX509"), SSLUtil.getKeyStore(str, nullableStringValue != null ? nullableStringValue.toCharArray() : null, getNullableStringValue("ssl.truststore.type", "JKS")))[0];
    }

    private SSLContext getSSLContext() {
        Object apply = this.propertySource.apply("marklogic.client.sslContext");
        if (apply == null) {
            return null;
        }
        if (apply instanceof SSLContext) {
            return (SSLContext) apply;
        }
        throw new IllegalArgumentException("SSL context must be an instanceof " + SSLContext.class.getName());
    }

    private String getSSLProtocol(String str) {
        String nullableStringValue = getNullableStringValue("sslProtocol");
        if (nullableStringValue != null) {
            nullableStringValue = nullableStringValue.trim();
        }
        if ((nullableStringValue == null || nullableStringValue.length() == 0) && DatabaseClientBuilder.AUTH_TYPE_MARKLOGIC_CLOUD.equalsIgnoreCase(str)) {
            nullableStringValue = PathSplitter.DEFAULT_SPLITTER_KEY;
        }
        return nullableStringValue;
    }

    private SSLUtil.SSLInputs useKeyStoreForTwoWaySSL(String str, X509TrustManager x509TrustManager) {
        String nullableStringValue = getNullableStringValue("ssl.keystore.password");
        return SSLUtil.createSSLContextFromKeyStore(str, nullableStringValue != null ? nullableStringValue.toCharArray() : null, getNullableStringValue("ssl.keystore.type", "JKS"), getNullableStringValue("ssl.keystore.algorithm", "SunX509"), getNullableStringValue("sslProtocol", "TLSv1.2"), x509TrustManager);
    }

    private SSLUtil.SSLInputs useDefaultSSLContext(X509TrustManager x509TrustManager) {
        try {
            return new SSLUtil.SSLInputs(SSLContext.getDefault(), x509TrustManager != null ? x509TrustManager : SSLUtil.getDefaultTrustManager());
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Unable to obtain default SSLContext; cause: " + e.getMessage(), e);
        }
    }

    private SSLUtil.SSLInputs useNewSSLContext(String str, X509TrustManager x509TrustManager) {
        try {
            SSLContext sSLContext = SSLContext.getInstance(str);
            if (x509TrustManager != null) {
                try {
                    sSLContext.init(null, new X509TrustManager[]{x509TrustManager}, null);
                } catch (KeyManagementException e) {
                    throw new RuntimeException(String.format("Unable to initialize SSLContext; protocol: %s; cause: %s", str, e.getMessage()), e);
                }
            }
            return new SSLUtil.SSLInputs(sSLContext, x509TrustManager);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException(String.format("Unable to get SSLContext instance with protocol: %s; cause: %s", str, e2.getMessage()), e2);
        }
    }

    static {
        connectionPropertyHandlers.put("marklogic.client.connectionString", (bean, obj) -> {
            if (!(obj instanceof String)) {
                throw new IllegalArgumentException("Connection string must be of type String");
            }
            ConnectionString connectionString = new ConnectionString((String) obj, "connection string");
            bean.setHost(connectionString.getHost());
            bean.setPort(connectionString.getPort());
            if (connectionString.getDatabase() == null || connectionString.getDatabase().trim().length() <= 0) {
                return;
            }
            bean.setDatabase(connectionString.getDatabase());
        });
        connectionPropertyHandlers.put("marklogic.client.host", (bean2, obj2) -> {
            if (!(obj2 instanceof String)) {
                throw new IllegalArgumentException("Host must be of type String");
            }
            bean2.setHost((String) obj2);
        });
        connectionPropertyHandlers.put("marklogic.client.port", (bean3, obj3) -> {
            if (obj3 instanceof String) {
                bean3.setPort(Integer.parseInt((String) obj3));
            } else {
                if (!(obj3 instanceof Integer)) {
                    throw new IllegalArgumentException("Port must be of type String or Integer");
                }
                bean3.setPort(((Integer) obj3).intValue());
            }
        });
        connectionPropertyHandlers.put("marklogic.client.database", (bean4, obj4) -> {
            if (!(obj4 instanceof String)) {
                throw new IllegalArgumentException("Database must be of type String");
            }
            bean4.setDatabase((String) obj4);
        });
        connectionPropertyHandlers.put("marklogic.client.basePath", (bean5, obj5) -> {
            if (!(obj5 instanceof String)) {
                throw new IllegalArgumentException("Base path must be of type String");
            }
            bean5.setBasePath((String) obj5);
        });
        connectionPropertyHandlers.put("marklogic.client.connectionType", (bean6, obj6) -> {
            if (obj6 instanceof DatabaseClient.ConnectionType) {
                bean6.setConnectionType((DatabaseClient.ConnectionType) obj6);
            } else {
                if (!(obj6 instanceof String)) {
                    throw new IllegalArgumentException("Connection type must either be a String or an instance of ConnectionType");
                }
                String str = (String) obj6;
                if (str.trim().length() > 0) {
                    bean6.setConnectionType(DatabaseClient.ConnectionType.valueOf(str.toUpperCase()));
                }
            }
        });
        connectionPropertyHandlers.put("marklogic.client.disableGzippedResponses", (bean7, obj7) -> {
            boolean z = false;
            if ((obj7 instanceof Boolean) && Boolean.TRUE.equals(obj7)) {
                z = true;
            } else if (obj7 instanceof String) {
                z = Boolean.parseBoolean((String) obj7);
            }
            if (z) {
                DatabaseClientFactory.addConfigurator(new RemoveAcceptEncodingConfigurator());
            }
        });
    }
}
