package com.sap.cloud.security.xsuaa.token.authentication.httpclient;

import com.sap.cloud.security.client.HttpClientException;
import com.sap.cloud.security.config.ClientIdentity;
import com.sap.cloud.security.mtls.SSLContextFactory;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import javax.net.ssl.SSLContext;
import org.apache.hc.client5.http.config.ConnectionConfig;
import org.apache.hc.client5.http.config.RequestConfig;
import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
import org.apache.hc.client5.http.impl.classic.HttpClients;
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
import org.apache.hc.client5.http.io.HttpClientConnectionManager;
import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder;
import org.apache.hc.core5.http.ssl.TLS;
import org.apache.hc.core5.util.Timeout;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:com/sap/cloud/security/xsuaa/token/authentication/httpclient/DefaultSpringHttpClientFactory.class */
public class DefaultSpringHttpClientFactory implements SpringHttpClientFactory {
    final Set<String> httpClientsCreated = Collections.synchronizedSet(new HashSet());
    final ConcurrentHashMap<String, HttpClientConnectionManager> sslConnectionManagers = new ConcurrentHashMap<>();
    private static final int MAX_CONNECTIONS_PER_ROUTE = 4;
    private static final int MAX_CONNECTIONS = 20;
    private static final Logger LOGGER = LoggerFactory.getLogger(DefaultSpringHttpClientFactory.class);
    private static final Timeout DEFAULT_TIMEOUT = Timeout.ofSeconds(5);
    private static final Timeout DEFAULT_SOCKET_TIMEOUT = Timeout.ofSeconds(5);

    @Override // com.sap.cloud.security.xsuaa.token.authentication.httpclient.SpringHttpClientFactory
    public RestTemplate createRestTemplateClient(ClientIdentity clientIdentity) {
        HttpComponentsClientHttpRequestFactory httpComponentsClientHttpRequestFactory = new HttpComponentsClientHttpRequestFactory();
        httpComponentsClientHttpRequestFactory.setHttpClient(createClient(clientIdentity));
        return new RestTemplate(httpComponentsClientHttpRequestFactory);
    }

    private CloseableHttpClient createClient(ClientIdentity clientIdentity) throws HttpClientException {
        String id = clientIdentity != null ? clientIdentity.getId() : null;
        if (this.httpClientsCreated.contains(id)) {
            LOGGER.warn("Application has already created HttpClient for clientId = {}, please check.", id);
        }
        this.httpClientsCreated.add(id);
        return (id == null || !clientIdentity.isCertificateBased()) ? HttpClients.custom().disableRedirectHandling().build() : createTLSClient(clientIdentity);
    }

    private CloseableHttpClient createTLSClient(ClientIdentity clientIdentity) {
        RequestConfig build = RequestConfig.custom().setConnectionRequestTimeout(DEFAULT_TIMEOUT).setRedirectsEnabled(false).build();
        ConnectionConfig build2 = ConnectionConfig.custom().setSocketTimeout(DEFAULT_SOCKET_TIMEOUT).setConnectTimeout(DEFAULT_TIMEOUT).build();
        try {
            SSLContext create = SSLContextFactory.getInstance().create(clientIdentity);
            return HttpClients.custom().setDefaultRequestConfig(build).setConnectionManager(this.sslConnectionManagers.computeIfAbsent(clientIdentity.getId(), str -> {
                return PoolingHttpClientConnectionManagerBuilder.create().setDefaultConnectionConfig(build2).setMaxConnPerRoute(MAX_CONNECTIONS_PER_ROUTE).setMaxConnTotal(MAX_CONNECTIONS).setSSLSocketFactory(SSLConnectionSocketFactoryBuilder.create().setTlsVersions(new TLS[]{TLS.V_1_3}).setSslContext(create).build()).build();
            })).build();
        } catch (IOException | GeneralSecurityException e) {
            throw new HttpClientException(String.format("Couldn't set up https client for service provider %s. %s.", clientIdentity.getId(), e.getLocalizedMessage()));
        }
    }
}
