package org.springframework.credhub.configuration;

import io.netty.channel.ChannelOption;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.IdentityCipherSuiteFilter;
import io.netty.handler.ssl.JdkSslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
import java.security.NoSuchAlgorithmException;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.credhub.support.ClientOptions;
import org.springframework.http.client.reactive.ClientHttpConnector;
import org.springframework.http.client.reactive.ReactorClientHttpConnector;
import reactor.netty.http.client.HttpClient;

/* loaded from: input_file:org/springframework/credhub/configuration/ClientHttpConnectorFactory.class */
public final class ClientHttpConnectorFactory {
    private static final Log logger = LogFactory.getLog(ClientHttpConnectorFactory.class);
    private static final SslCertificateUtils sslCertificateUtils = new SslCertificateUtils();

    private ClientHttpConnectorFactory() {
    }

    public static ClientHttpConnector create(ClientOptions clientOptions) {
        HttpClient secure;
        HttpClient create = HttpClient.create();
        if (usingCustomCerts(clientOptions)) {
            TrustManagerFactory createTrustManagerFactory = sslCertificateUtils.createTrustManagerFactory(clientOptions.getCaCertFiles());
            secure = create.secure(sslContextSpec -> {
                sslContextSpec.sslContext(SslContextBuilder.forClient().sslProvider(SslProvider.JDK).trustManager(createTrustManagerFactory));
            });
        } else {
            secure = create.secure(sslContextSpec2 -> {
                try {
                    sslContextSpec2.sslContext(new JdkSslContext(SSLContext.getDefault(), true, (Iterable) null, IdentityCipherSuiteFilter.INSTANCE, (ApplicationProtocolConfig) null, ClientAuth.REQUIRE, (String[]) null, false));
                } catch (NoSuchAlgorithmException e) {
                    logger.error("Error configuring HTTP connections", e);
                    throw new RuntimeException("Error configuring HTTP connections", e);
                }
            });
        }
        if (clientOptions.getConnectionTimeout() != null) {
            secure = secure.tcpConfiguration(tcpClient -> {
                return tcpClient.option(ChannelOption.CONNECT_TIMEOUT_MILLIS, Integer.valueOf(Math.toIntExact(clientOptions.getConnectionTimeout().toMillis())));
            });
        }
        return new ReactorClientHttpConnector(secure);
    }

    private static boolean usingCustomCerts(ClientOptions clientOptions) {
        return clientOptions.getCaCertFiles() != null;
    }
}
