package com.marklogic.client.impl.okhttp;

import com.marklogic.client.DatabaseClientFactory;
import com.marklogic.client.impl.HTTPKerberosAuthInterceptor;
import com.marklogic.client.impl.HTTPSamlAuthInterceptor;
import com.marklogic.client.impl.SSLUtil;
import com.marklogic.okhttp3.ConnectionPool;
import com.marklogic.okhttp3.CookieJar;
import com.marklogic.okhttp3.Dns;
import com.marklogic.okhttp3.OkHttpClient;
import java.net.Inet4Address;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.net.SocketFactory;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:com/marklogic/client/impl/okhttp/OkHttpUtil.class */
public abstract class OkHttpUtil {
    private static final ConnectionPool connectionPool = new ConnectionPool();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/marklogic/client/impl/okhttp/OkHttpUtil$DnsImpl.class */
    public static class DnsImpl implements Dns {
        DnsImpl() {
        }

        @Override // com.marklogic.okhttp3.Dns
        public List<InetAddress> lookup(String str) throws UnknownHostException {
            List<InetAddress> lookup = Dns.SYSTEM.lookup(str);
            ArrayList arrayList = new ArrayList();
            for (InetAddress inetAddress : lookup) {
                if (inetAddress instanceof Inet4Address) {
                    arrayList.add(inetAddress);
                }
            }
            return arrayList.isEmpty() ? lookup : arrayList;
        }
    }

    public static OkHttpClient.Builder newOkHttpClientBuilder(String str, DatabaseClientFactory.SecurityContext securityContext) {
        OkHttpClient.Builder newClientBuilder = newClientBuilder();
        AuthenticationConfigurer authenticationConfigurer = null;
        if (securityContext instanceof DatabaseClientFactory.BasicAuthContext) {
            authenticationConfigurer = new BasicAuthenticationConfigurer();
        } else if (securityContext instanceof DatabaseClientFactory.DigestAuthContext) {
            authenticationConfigurer = new DigestAuthenticationConfigurer();
        } else if (securityContext instanceof DatabaseClientFactory.KerberosAuthContext) {
            configureKerberosAuth((DatabaseClientFactory.KerberosAuthContext) securityContext, str, newClientBuilder);
        } else if (!(securityContext instanceof DatabaseClientFactory.CertificateAuthContext)) {
            if (securityContext instanceof DatabaseClientFactory.SAMLAuthContext) {
                configureSAMLAuth((DatabaseClientFactory.SAMLAuthContext) securityContext, newClientBuilder);
            } else {
                if (!(securityContext instanceof DatabaseClientFactory.MarkLogicCloudAuthContext)) {
                    throw new IllegalArgumentException("Unsupported security context: " + securityContext.getClass());
                }
                authenticationConfigurer = new MarkLogicCloudAuthenticationConfigurer(str);
            }
        }
        if (authenticationConfigurer != null) {
            authenticationConfigurer.configureAuthentication(newClientBuilder, securityContext);
        }
        SSLContext sSLContext = securityContext.getSSLContext();
        X509TrustManager trustManager = securityContext.getTrustManager();
        DatabaseClientFactory.SSLHostnameVerifier sSLHostnameVerifier = null;
        if (sSLContext != null || (securityContext instanceof DatabaseClientFactory.CertificateAuthContext)) {
            sSLHostnameVerifier = securityContext.getSSLHostnameVerifier() != null ? securityContext.getSSLHostnameVerifier() : DatabaseClientFactory.SSLHostnameVerifier.COMMON;
        }
        configureSocketFactory(newClientBuilder, sSLContext, trustManager);
        configureHostnameVerifier(newClientBuilder, sSLHostnameVerifier);
        return newClientBuilder;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static OkHttpClient.Builder newClientBuilder() {
        return new OkHttpClient.Builder().followRedirects(false).followSslRedirects(false).connectionPool(connectionPool).cookieJar(CookieJar.NO_COOKIES).readTimeout(0L, TimeUnit.SECONDS).writeTimeout(0L, TimeUnit.SECONDS).dns(new DnsImpl());
    }

    private static void configureKerberosAuth(DatabaseClientFactory.KerberosAuthContext kerberosAuthContext, String str, OkHttpClient.Builder builder) {
        builder.addInterceptor(new HTTPKerberosAuthInterceptor(str, kerberosAuthContext.getKrbOptions()));
    }

    private static void configureSAMLAuth(DatabaseClientFactory.SAMLAuthContext sAMLAuthContext, OkHttpClient.Builder builder) {
        HTTPSamlAuthInterceptor hTTPSamlAuthInterceptor;
        String token = sAMLAuthContext.getToken();
        if (token != null && token.length() > 0) {
            hTTPSamlAuthInterceptor = new HTTPSamlAuthInterceptor(token);
        } else if (sAMLAuthContext.getAuthorizer() != null) {
            hTTPSamlAuthInterceptor = new HTTPSamlAuthInterceptor(sAMLAuthContext.getAuthorizer());
        } else {
            if (sAMLAuthContext.getRenewer() == null) {
                throw new IllegalArgumentException("Either a call back or renewer expected.");
            }
            hTTPSamlAuthInterceptor = new HTTPSamlAuthInterceptor(sAMLAuthContext.getAuthorization(), sAMLAuthContext.getRenewer());
        }
        builder.addInterceptor(hTTPSamlAuthInterceptor);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void configureHostnameVerifier(OkHttpClient.Builder builder, DatabaseClientFactory.SSLHostnameVerifier sSLHostnameVerifier) {
        HostnameVerifier hostnameVerifier = null;
        if (DatabaseClientFactory.SSLHostnameVerifier.ANY.equals(sSLHostnameVerifier)) {
            hostnameVerifier = (str, sSLSession) -> {
                return true;
            };
        } else if (DatabaseClientFactory.SSLHostnameVerifier.COMMON.equals(sSLHostnameVerifier) || DatabaseClientFactory.SSLHostnameVerifier.STRICT.equals(sSLHostnameVerifier)) {
            hostnameVerifier = null;
        } else if (sSLHostnameVerifier != null) {
            hostnameVerifier = new DatabaseClientFactory.SSLHostnameVerifier.HostnameVerifierAdapter(sSLHostnameVerifier);
        }
        if (hostnameVerifier != null) {
            builder.hostnameVerifier(hostnameVerifier);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void configureSocketFactory(OkHttpClient.Builder builder, SSLContext sSLContext, X509TrustManager x509TrustManager) {
        if (sSLContext == null) {
            builder.socketFactory(new SocketFactoryDelegator(SocketFactory.getDefault()));
        } else if (x509TrustManager != null) {
            builder.sslSocketFactory(new SSLSocketFactoryDelegator(sSLContext.getSocketFactory()), x509TrustManager);
        } else {
            initializeSslContext(builder, sSLContext);
        }
    }

    private static void initializeSslContext(OkHttpClient.Builder builder, SSLContext sSLContext) {
        TrustManager[] defaultTrustManagers = SSLUtil.getDefaultTrustManagers();
        try {
            sSLContext.init(null, defaultTrustManagers, null);
            builder.sslSocketFactory(new SSLSocketFactoryDelegator(sSLContext.getSocketFactory()), (X509TrustManager) defaultTrustManagers[0]);
        } catch (KeyManagementException e) {
            throw new RuntimeException("Unable to initialize SSLContext; cause: " + e.getMessage(), e);
        }
    }
}
