package org.talend.sdk.components.vault.client;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.LinkedBlockingQueue;
import java.util.concurrent.ThreadFactory;
import java.util.concurrent.ThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.stream.Stream;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.inject.Disposes;
import javax.enterprise.inject.Produces;
import javax.inject.Inject;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.WebTarget;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.talend.sdk.components.vault.configuration.Documentation;

@ApplicationScoped
/* loaded from: input_file:org/talend/sdk/components/vault/client/VaultClientSetup.class */
public class VaultClientSetup {
    private static final Logger log = LoggerFactory.getLogger(VaultClientSetup.class);

    @Inject
    @Documentation("HTTP connection timeout to vault server.")
    @ConfigProperty(name = "talend.vault.cache.client.timeout.connect", defaultValue = "30000")
    private Long connectTimeout;

    @Inject
    @Documentation("HTTP read timeout to vault server.")
    @ConfigProperty(name = "talend.vault.cache.client.timeout.read", defaultValue = "30000")
    private Long readTimeout;

    @Inject
    @Documentation("JAX-RS fully qualified name of the provides (message body readers/writers) for vault and component-server clients.")
    @ConfigProperty(name = "talend.vault.cache.client.providers")
    private Optional<String> providers;

    @Inject
    @Documentation("Should any certificate be accepted - only for dev purposes.")
    @ConfigProperty(name = "talend.vault.cache.client.certificate.acceptAny", defaultValue = "false")
    private Boolean acceptAnyCertificate;

    @Inject
    @Documentation("Where the keystore to use to connect to vault is located.")
    @ConfigProperty(name = "talend.vault.cache.client.vault.certificate.keystore.location")
    private Optional<String> vaultKeystoreLocation;

    @Inject
    @Documentation("The keystore type for `talend.vault.cache.client.vault.certificate.keystore.location`.")
    @ConfigProperty(name = "talend.vault.cache.client.vault.certificate.keystore.type")
    private Optional<String> vaultKeystoreType;

    @Inject
    @Documentation("The keystore password for `talend.vault.cache.client.vault.certificate.keystore.location`.")
    @ConfigProperty(name = "talend.vault.cache.client.vault.certificate.keystore.password", defaultValue = "changeit")
    private String vaultKeystorePassword;

    @Inject
    @Documentation("Valid hostnames for the Vault certificates (see `java.net.ssl.HostnameVerifier`).")
    @ConfigProperty(name = "talend.vault.cache.client.vault.hostname.accepted", defaultValue = "localhost,127.0.0.1,0:0:0:0:0:0:0:1")
    private List<String> vaultHostnames;

    @Inject
    @Documentation("The truststore type for `talend.vault.cache.client.vault.certificate.keystore.location`.")
    @ConfigProperty(name = "talend.vault.cache.client.vault.certificate.truststore.type")
    private Optional<String> vaultTruststoreType;

    @Inject
    @Documentation("Thread pool max size for Vault client.")
    @ConfigProperty(name = "talend.vault.cache.client.executor.vault.max", defaultValue = "256")
    private Integer vaultExecutorMaxSize;

    @Inject
    @Documentation("Thread pool core size for Vault client.")
    @ConfigProperty(name = "talend.vault.cache.client.executor.vault.core", defaultValue = "64")
    private Integer vaultExecutorCoreSize;

    @Inject
    @Documentation("Thread keep alive (in ms) for Vault client thread pool.")
    @ConfigProperty(name = "talend.vault.cache.client.executor.vault.keepAlive", defaultValue = "60000")
    private Integer vaultExecutorKeepAlive;

    @Inject
    @Documentation("Base URL to connect to Vault.")
    @ConfigProperty(name = "talend.vault.cache.vault.url", defaultValue = "no-vault")
    private String vaultUrl;

    @ApplicationScoped
    @Produces
    @VaultHttp
    public WebTarget vaultTarget(@VaultHttp Client client) {
        return client.target(this.vaultUrl);
    }

    @ApplicationScoped
    @Produces
    @VaultHttp
    public ExecutorService vaultExecutorService() {
        return createExecutor(this.vaultExecutorCoreSize.intValue(), this.vaultExecutorMaxSize.intValue(), this.vaultExecutorKeepAlive.intValue(), "vault");
    }

    @VaultHttp
    public void releaseVaultExecutor(@Disposes @VaultHttp ExecutorService executorService) {
        executorService.shutdownNow();
    }

    @ApplicationScoped
    @Produces
    @VaultHttp
    public Client vaultClient(@VaultHttp ExecutorService executorService) {
        return createClient(executorService, this.vaultKeystoreLocation, this.vaultKeystoreType, this.vaultKeystorePassword, this.vaultTruststoreType, this.vaultHostnames).build();
    }

    @VaultHttp
    public void releaseVaultClient(@Disposes @VaultHttp Client client) {
        client.close();
    }

    private ThreadPoolExecutor createExecutor(int i, int i2, long j, final String str) {
        return new ThreadPoolExecutor(i, i2, j, TimeUnit.MILLISECONDS, new LinkedBlockingQueue(), new ThreadFactory() { // from class: org.talend.sdk.components.vault.client.VaultClientSetup.1
            private final ThreadGroup group = (ThreadGroup) Optional.ofNullable(System.getSecurityManager()).map((v0) -> {
                return v0.getThreadGroup();
            }).orElseGet(() -> {
                return Thread.currentThread().getThreadGroup();
            });
            private final AtomicInteger threadNumber = new AtomicInteger(1);

            @Override // java.util.concurrent.ThreadFactory
            public Thread newThread(Runnable runnable) {
                Thread thread = new Thread(this.group, runnable, "talend-vault-proxy-" + str + "-" + this.threadNumber.getAndIncrement(), 0L);
                if (thread.isDaemon()) {
                    thread.setDaemon(false);
                }
                if (thread.getPriority() != 5) {
                    thread.setPriority(5);
                }
                return thread;
            }
        });
    }

    private ClientBuilder createClient(ExecutorService executorService, Optional<String> optional, Optional<String> optional2, String str, Optional<String> optional3, List<String> list) {
        ClientBuilder newBuilder = ClientBuilder.newBuilder();
        newBuilder.connectTimeout(this.connectTimeout.longValue(), TimeUnit.MILLISECONDS);
        newBuilder.readTimeout(this.readTimeout.longValue(), TimeUnit.MILLISECONDS);
        newBuilder.executorService(executorService);
        if (this.acceptAnyCertificate.booleanValue()) {
            newBuilder.hostnameVerifier((str2, sSLSession) -> {
                return true;
            });
            newBuilder.sslContext(createUnsafeSSLContext());
        } else if (optional.isPresent()) {
            newBuilder.hostnameVerifier((str3, sSLSession2) -> {
                return list.contains(str3);
            });
            newBuilder.sslContext(createSSLContext(optional, optional2, str, optional3));
        }
        this.providers.map(str4 -> {
            return Stream.of((Object[]) str4.split(",")).map((v0) -> {
                return v0.trim();
            }).filter(str4 -> {
                return !str4.isEmpty();
            }).map(str5 -> {
                try {
                    return Thread.currentThread().getContextClassLoader().loadClass(str5).getConstructor(new Class[0]).newInstance(new Object[0]);
                } catch (Exception e) {
                    log.warn("Can't add provider " + str5 + ": " + e.getMessage(), e);
                    return null;
                }
            }).filter(Objects::nonNull);
        }).ifPresent(stream -> {
            Objects.requireNonNull(newBuilder);
            stream.forEach(newBuilder::register);
        });
        return newBuilder;
    }

    private SSLContext createUnsafeSSLContext() {
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: org.talend.sdk.components.vault.client.VaultClientSetup.2
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        }};
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            return sSLContext;
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new IllegalStateException(e);
        }
    }

    private SSLContext createSSLContext(Optional<String> optional, Optional<String> optional2, String str, Optional<String> optional3) {
        File file = new File(optional.orElseThrow(IllegalArgumentException::new));
        if (!file.exists()) {
            throw new IllegalArgumentException(file + " does not exist");
        }
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            try {
                KeyStore keyStore = KeyStore.getInstance(optional2.orElseGet(KeyStore::getDefaultType));
                keyStore.load(fileInputStream, str.toCharArray());
                fileInputStream.close();
                try {
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(optional3.orElseGet(TrustManagerFactory::getDefaultAlgorithm));
                    trustManagerFactory.init(keyStore);
                    SSLContext sSLContext = SSLContext.getInstance("TLS");
                    sSLContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());
                    return sSLContext;
                } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException e) {
                    throw new IllegalStateException(e);
                }
            } catch (Throwable th) {
                try {
                    fileInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (IOException | CertificateException e2) {
            throw new IllegalArgumentException(e2);
        } catch (KeyStoreException | NoSuchAlgorithmException e3) {
            throw new IllegalStateException(e3);
        }
    }

    public Long getConnectTimeout() {
        return this.connectTimeout;
    }

    public Long getReadTimeout() {
        return this.readTimeout;
    }

    public Optional<String> getProviders() {
        return this.providers;
    }

    public Boolean getAcceptAnyCertificate() {
        return this.acceptAnyCertificate;
    }

    public Optional<String> getVaultKeystoreLocation() {
        return this.vaultKeystoreLocation;
    }

    public Optional<String> getVaultKeystoreType() {
        return this.vaultKeystoreType;
    }

    public String getVaultKeystorePassword() {
        return this.vaultKeystorePassword;
    }

    public List<String> getVaultHostnames() {
        return this.vaultHostnames;
    }

    public Optional<String> getVaultTruststoreType() {
        return this.vaultTruststoreType;
    }

    public Integer getVaultExecutorMaxSize() {
        return this.vaultExecutorMaxSize;
    }

    public Integer getVaultExecutorCoreSize() {
        return this.vaultExecutorCoreSize;
    }

    public Integer getVaultExecutorKeepAlive() {
        return this.vaultExecutorKeepAlive;
    }

    public String getVaultUrl() {
        return this.vaultUrl;
    }

    public void setConnectTimeout(Long l) {
        this.connectTimeout = l;
    }

    public void setReadTimeout(Long l) {
        this.readTimeout = l;
    }

    public void setProviders(Optional<String> optional) {
        this.providers = optional;
    }

    public void setAcceptAnyCertificate(Boolean bool) {
        this.acceptAnyCertificate = bool;
    }

    public void setVaultKeystoreLocation(Optional<String> optional) {
        this.vaultKeystoreLocation = optional;
    }

    public void setVaultKeystoreType(Optional<String> optional) {
        this.vaultKeystoreType = optional;
    }

    public void setVaultKeystorePassword(String str) {
        this.vaultKeystorePassword = str;
    }

    public void setVaultHostnames(List<String> list) {
        this.vaultHostnames = list;
    }

    public void setVaultTruststoreType(Optional<String> optional) {
        this.vaultTruststoreType = optional;
    }

    public void setVaultExecutorMaxSize(Integer num) {
        this.vaultExecutorMaxSize = num;
    }

    public void setVaultExecutorCoreSize(Integer num) {
        this.vaultExecutorCoreSize = num;
    }

    public void setVaultExecutorKeepAlive(Integer num) {
        this.vaultExecutorKeepAlive = num;
    }

    public void setVaultUrl(String str) {
        this.vaultUrl = str;
    }

    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof VaultClientSetup)) {
            return false;
        }
        VaultClientSetup vaultClientSetup = (VaultClientSetup) obj;
        if (!vaultClientSetup.canEqual(this)) {
            return false;
        }
        Long connectTimeout = getConnectTimeout();
        Long connectTimeout2 = vaultClientSetup.getConnectTimeout();
        if (connectTimeout == null) {
            if (connectTimeout2 != null) {
                return false;
            }
        } else if (!connectTimeout.equals(connectTimeout2)) {
            return false;
        }
        Long readTimeout = getReadTimeout();
        Long readTimeout2 = vaultClientSetup.getReadTimeout();
        if (readTimeout == null) {
            if (readTimeout2 != null) {
                return false;
            }
        } else if (!readTimeout.equals(readTimeout2)) {
            return false;
        }
        Boolean acceptAnyCertificate = getAcceptAnyCertificate();
        Boolean acceptAnyCertificate2 = vaultClientSetup.getAcceptAnyCertificate();
        if (acceptAnyCertificate == null) {
            if (acceptAnyCertificate2 != null) {
                return false;
            }
        } else if (!acceptAnyCertificate.equals(acceptAnyCertificate2)) {
            return false;
        }
        Integer vaultExecutorMaxSize = getVaultExecutorMaxSize();
        Integer vaultExecutorMaxSize2 = vaultClientSetup.getVaultExecutorMaxSize();
        if (vaultExecutorMaxSize == null) {
            if (vaultExecutorMaxSize2 != null) {
                return false;
            }
        } else if (!vaultExecutorMaxSize.equals(vaultExecutorMaxSize2)) {
            return false;
        }
        Integer vaultExecutorCoreSize = getVaultExecutorCoreSize();
        Integer vaultExecutorCoreSize2 = vaultClientSetup.getVaultExecutorCoreSize();
        if (vaultExecutorCoreSize == null) {
            if (vaultExecutorCoreSize2 != null) {
                return false;
            }
        } else if (!vaultExecutorCoreSize.equals(vaultExecutorCoreSize2)) {
            return false;
        }
        Integer vaultExecutorKeepAlive = getVaultExecutorKeepAlive();
        Integer vaultExecutorKeepAlive2 = vaultClientSetup.getVaultExecutorKeepAlive();
        if (vaultExecutorKeepAlive == null) {
            if (vaultExecutorKeepAlive2 != null) {
                return false;
            }
        } else if (!vaultExecutorKeepAlive.equals(vaultExecutorKeepAlive2)) {
            return false;
        }
        Optional<String> providers = getProviders();
        Optional<String> providers2 = vaultClientSetup.getProviders();
        if (providers == null) {
            if (providers2 != null) {
                return false;
            }
        } else if (!providers.equals(providers2)) {
            return false;
        }
        Optional<String> vaultKeystoreLocation = getVaultKeystoreLocation();
        Optional<String> vaultKeystoreLocation2 = vaultClientSetup.getVaultKeystoreLocation();
        if (vaultKeystoreLocation == null) {
            if (vaultKeystoreLocation2 != null) {
                return false;
            }
        } else if (!vaultKeystoreLocation.equals(vaultKeystoreLocation2)) {
            return false;
        }
        Optional<String> vaultKeystoreType = getVaultKeystoreType();
        Optional<String> vaultKeystoreType2 = vaultClientSetup.getVaultKeystoreType();
        if (vaultKeystoreType == null) {
            if (vaultKeystoreType2 != null) {
                return false;
            }
        } else if (!vaultKeystoreType.equals(vaultKeystoreType2)) {
            return false;
        }
        String vaultKeystorePassword = getVaultKeystorePassword();
        String vaultKeystorePassword2 = vaultClientSetup.getVaultKeystorePassword();
        if (vaultKeystorePassword == null) {
            if (vaultKeystorePassword2 != null) {
                return false;
            }
        } else if (!vaultKeystorePassword.equals(vaultKeystorePassword2)) {
            return false;
        }
        List<String> vaultHostnames = getVaultHostnames();
        List<String> vaultHostnames2 = vaultClientSetup.getVaultHostnames();
        if (vaultHostnames == null) {
            if (vaultHostnames2 != null) {
                return false;
            }
        } else if (!vaultHostnames.equals(vaultHostnames2)) {
            return false;
        }
        Optional<String> vaultTruststoreType = getVaultTruststoreType();
        Optional<String> vaultTruststoreType2 = vaultClientSetup.getVaultTruststoreType();
        if (vaultTruststoreType == null) {
            if (vaultTruststoreType2 != null) {
                return false;
            }
        } else if (!vaultTruststoreType.equals(vaultTruststoreType2)) {
            return false;
        }
        String vaultUrl = getVaultUrl();
        String vaultUrl2 = vaultClientSetup.getVaultUrl();
        return vaultUrl == null ? vaultUrl2 == null : vaultUrl.equals(vaultUrl2);
    }

    protected boolean canEqual(Object obj) {
        return obj instanceof VaultClientSetup;
    }

    public int hashCode() {
        Long connectTimeout = getConnectTimeout();
        int hashCode = (1 * 59) + (connectTimeout == null ? 43 : connectTimeout.hashCode());
        Long readTimeout = getReadTimeout();
        int hashCode2 = (hashCode * 59) + (readTimeout == null ? 43 : readTimeout.hashCode());
        Boolean acceptAnyCertificate = getAcceptAnyCertificate();
        int hashCode3 = (hashCode2 * 59) + (acceptAnyCertificate == null ? 43 : acceptAnyCertificate.hashCode());
        Integer vaultExecutorMaxSize = getVaultExecutorMaxSize();
        int hashCode4 = (hashCode3 * 59) + (vaultExecutorMaxSize == null ? 43 : vaultExecutorMaxSize.hashCode());
        Integer vaultExecutorCoreSize = getVaultExecutorCoreSize();
        int hashCode5 = (hashCode4 * 59) + (vaultExecutorCoreSize == null ? 43 : vaultExecutorCoreSize.hashCode());
        Integer vaultExecutorKeepAlive = getVaultExecutorKeepAlive();
        int hashCode6 = (hashCode5 * 59) + (vaultExecutorKeepAlive == null ? 43 : vaultExecutorKeepAlive.hashCode());
        Optional<String> providers = getProviders();
        int hashCode7 = (hashCode6 * 59) + (providers == null ? 43 : providers.hashCode());
        Optional<String> vaultKeystoreLocation = getVaultKeystoreLocation();
        int hashCode8 = (hashCode7 * 59) + (vaultKeystoreLocation == null ? 43 : vaultKeystoreLocation.hashCode());
        Optional<String> vaultKeystoreType = getVaultKeystoreType();
        int hashCode9 = (hashCode8 * 59) + (vaultKeystoreType == null ? 43 : vaultKeystoreType.hashCode());
        String vaultKeystorePassword = getVaultKeystorePassword();
        int hashCode10 = (hashCode9 * 59) + (vaultKeystorePassword == null ? 43 : vaultKeystorePassword.hashCode());
        List<String> vaultHostnames = getVaultHostnames();
        int hashCode11 = (hashCode10 * 59) + (vaultHostnames == null ? 43 : vaultHostnames.hashCode());
        Optional<String> vaultTruststoreType = getVaultTruststoreType();
        int hashCode12 = (hashCode11 * 59) + (vaultTruststoreType == null ? 43 : vaultTruststoreType.hashCode());
        String vaultUrl = getVaultUrl();
        return (hashCode12 * 59) + (vaultUrl == null ? 43 : vaultUrl.hashCode());
    }

    public String toString() {
        return "VaultClientSetup(connectTimeout=" + getConnectTimeout() + ", readTimeout=" + getReadTimeout() + ", providers=" + getProviders() + ", acceptAnyCertificate=" + getAcceptAnyCertificate() + ", vaultKeystoreLocation=" + getVaultKeystoreLocation() + ", vaultKeystoreType=" + getVaultKeystoreType() + ", vaultKeystorePassword=" + getVaultKeystorePassword() + ", vaultHostnames=" + getVaultHostnames() + ", vaultTruststoreType=" + getVaultTruststoreType() + ", vaultExecutorMaxSize=" + getVaultExecutorMaxSize() + ", vaultExecutorCoreSize=" + getVaultExecutorCoreSize() + ", vaultExecutorKeepAlive=" + getVaultExecutorKeepAlive() + ", vaultUrl=" + getVaultUrl() + ")";
    }
}
