package fi.vm.sade.javautils.http;

import fi.vm.sade.javautils.http.auth.Authenticator;
import fi.vm.sade.javautils.httpclient.OphHttpClient;
import java.io.IOException;
import java.net.URI;
import java.util.HashMap;
import java.util.concurrent.TimeUnit;
import org.apache.commons.lang.StringUtils;
import org.apache.http.ConnectionReuseStrategy;
import org.apache.http.HttpRequest;
import org.apache.http.HttpResponse;
import org.apache.http.ProtocolException;
import org.apache.http.client.CookieStore;
import org.apache.http.client.RedirectStrategy;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.config.SocketConfig;
import org.apache.http.conn.ConnectionKeepAliveStrategy;
import org.apache.http.conn.HttpClientConnectionManager;
import org.apache.http.impl.DefaultConnectionReuseStrategy;
import org.apache.http.impl.NoConnectionReuseStrategy;
import org.apache.http.impl.client.BasicCookieStore;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.DefaultRedirectStrategy;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.RedirectLocations;
import org.apache.http.impl.client.cache.CacheConfig;
import org.apache.http.impl.client.cache.CachingHttpClientBuilder;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.impl.cookie.BasicClientCookie;
import org.apache.http.protocol.BasicHttpContext;
import org.apache.http.protocol.HttpContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/java-http-0.5.0-SNAPSHOT.jar:fi/vm/sade/javautils/http/OphHttpClient.class */
public class OphHttpClient {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) OphHttpClient.class);
    private static final int MAX_CACHE_ENTRIES = 20;
    private static final int MAX_OBJECT_SIZE = 10485760;
    private static final String CSRF = "CachingRestClient";
    private LogUtil logUtil;
    private CloseableHttpClient cachingClient;
    private CookieStore cookieStore;
    private Authenticator authenticator;
    private String callerId;
    private ThreadLocal<HttpContext> localContext;
    private HashMap<String, Boolean> csrfCookiesCreateForHost;

    /* loaded from: input_file:WEB-INF/lib/java-http-0.5.0-SNAPSHOT.jar:fi/vm/sade/javautils/http/OphHttpClient$Builder.class */
    public static final class Builder {
        String callerId;
        int connectionTimeoutMs = 10000;
        int socketTimeoutMs = 10000;
        long connectionTTLSec = 60;
        boolean allowUrlLogging = true;
        Authenticator authenticator = Authenticator.NONE;
        CookieStore cookieStore = new BasicCookieStore();
        HttpClientConnectionManager connectionManager = createConnectionManager();
        ConnectionKeepAliveStrategy keepAliveStrategy = createKeepAliveStrategy();
        RedirectStrategy redirectStrategy = createRedirectStrategy();
        ConnectionReuseStrategy reuseStrategy = new DefaultConnectionReuseStrategy();
        CacheConfig cacheConfig = null;

        public Builder(String str) {
            this.callerId = str;
        }

        public Builder cache(CacheConfig.Builder builder) {
            this.cacheConfig = builder.build();
            return this;
        }

        public Builder useDefaultCache() {
            this.cacheConfig = customCacheConfig().setMaxCacheEntries(20).setMaxObjectSize(10485760L).build();
            return this;
        }

        public static CacheConfig.Builder customCacheConfig() {
            return CacheConfig.custom();
        }

        public Builder timeoutMs(int i) {
            this.connectionTimeoutMs = i;
            return this;
        }

        public Builder setSocketTimeoutMs(int i) {
            this.socketTimeoutMs = i;
            return this;
        }

        public Builder connectionTTLSec(long j) {
            this.connectionTTLSec = j;
            return this;
        }

        public Builder disableUrlLogging() {
            this.allowUrlLogging = false;
            return this;
        }

        public Builder disableConnectionReuse() {
            this.reuseStrategy = new NoConnectionReuseStrategy();
            return this;
        }

        public Builder authenticator(Authenticator authenticator) {
            if (authenticator == null) {
                throw new NullPointerException("Authenticator == null");
            }
            this.authenticator = authenticator;
            return this;
        }

        public OphHttpClient build() {
            return new OphHttpClient(this);
        }

        private static ConnectionKeepAliveStrategy createKeepAliveStrategy() {
            return (httpResponse, httpContext) -> {
                return 60000L;
            };
        }

        private static RedirectStrategy createRedirectStrategy() {
            return new DefaultRedirectStrategy() { // from class: fi.vm.sade.javautils.http.OphHttpClient.Builder.1
                @Override // org.apache.http.impl.client.DefaultRedirectStrategy
                public URI getLocationURI(HttpRequest httpRequest, HttpResponse httpResponse, HttpContext httpContext) throws ProtocolException {
                    URI locationURI = super.getLocationURI(httpRequest, httpResponse, httpContext);
                    String uri = locationURI.toString();
                    if (CasUtil.isCasUrl(uri)) {
                        OphHttpClient.log.debug("Set redirected_to_cas=true, url: " + uri);
                        httpContext.setAttribute(CasUtil.getCasAttributeName(), "true");
                        httpContext.setAttribute("http.protocol.redirect-locations", new RedirectLocations());
                    } else {
                        OphHttpClient.log.debug("Set redirected_to_cas=false, url: " + uri);
                        httpContext.removeAttribute(CasUtil.getCasAttributeName());
                    }
                    return locationURI;
                }
            };
        }

        private static HttpClientConnectionManager createConnectionManager() {
            PoolingHttpClientConnectionManager poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager();
            poolingHttpClientConnectionManager.setDefaultMaxPerRoute(100);
            poolingHttpClientConnectionManager.setMaxTotal(1000);
            return poolingHttpClientConnectionManager;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/java-http-0.5.0-SNAPSHOT.jar:fi/vm/sade/javautils/http/OphHttpClient$Headers.class */
    private static class Headers {
        private static final String CALLER_ID = "Caller-Id";
        private static final String CSRF = "CSRF";

        private Headers() {
        }
    }

    private OphHttpClient(Builder builder) {
        this.localContext = ThreadLocal.withInitial(BasicHttpContext::new);
        this.csrfCookiesCreateForHost = new HashMap<>();
        this.logUtil = new LogUtil(builder.allowUrlLogging, builder.connectionTimeoutMs, builder.socketTimeoutMs);
        this.authenticator = builder.authenticator;
        this.cookieStore = builder.cookieStore;
        this.callerId = builder.callerId;
        RequestConfig build = RequestConfig.custom().setConnectTimeout(builder.connectionTimeoutMs).build();
        SocketConfig build2 = SocketConfig.custom().setSoTimeout(builder.socketTimeoutMs).build();
        HttpClientBuilder create = builder.cacheConfig == null ? HttpClientBuilder.create() : CachingHttpClientBuilder.create().setCacheConfig(builder.cacheConfig);
        create.setDefaultRequestConfig(build).setDefaultSocketConfig(build2).setConnectionManager(builder.connectionManager).setKeepAliveStrategy(builder.keepAliveStrategy).setDefaultCookieStore(this.cookieStore).setRedirectStrategy(builder.redirectStrategy).setConnectionReuseStrategy(builder.reuseStrategy).setConnectionTimeToLive(builder.connectionTTLSec, TimeUnit.SECONDS);
        this.cachingClient = create.build();
    }

    public <T> OphHttpResponse<T> execute(OphHttpRequest ophHttpRequest) {
        return new OphHttpResponseImpl(execute(ophHttpRequest.getHttpUriRequest(), true));
    }

    private CloseableHttpResponse execute(HttpUriRequest httpUriRequest, boolean z) {
        ensureCSRFCookie(httpUriRequest.getURI().getHost());
        httpUriRequest.addHeader(OphHttpClient.Header.CSRF, CSRF);
        if (StringUtils.isNotEmpty(this.callerId) && httpUriRequest.getFirstHeader("Caller-Id") == null) {
            httpUriRequest.addHeader("Caller-Id", this.callerId);
        }
        boolean authenticate = authenticate(httpUriRequest, z);
        CloseableHttpResponse performRequest = performRequest(httpUriRequest);
        boolean isRedirectToCas = CasUtil.isRedirectToCas(performRequest);
        boolean wasRedirectedToCas = CasUtil.wasRedirectedToCas(this.localContext.get());
        if (log.isDebugEnabled()) {
            log.debug(this.logUtil.info(httpUriRequest, performRequest, isRedirectToCas, wasRedirectedToCas, z));
        }
        if (z && authenticate && (isRedirectToCas || wasRedirectedToCas)) {
            throw new RuntimeException("Just got new valid ticket, but still got cas login page.. something wrong with the system, target service didn't process the request/ticket correctly?\n" + this.logUtil.info(httpUriRequest, performRequest, isRedirectToCas, wasRedirectedToCas, z));
        }
        boolean z2 = performRequest.getStatusLine().getStatusCode() == 401;
        if (isRedirectToCas || wasRedirectedToCas || z2) {
            if (z) {
                log.warn("Redirected to CAS or 401 unauthorized, retrieving ticket again and retrying request");
                log.debug("Set redirected_to_cas=false");
                this.localContext.get().removeAttribute(CasUtil.getCasAttributeName());
                this.authenticator.clearSession();
                this.cookieStore.clear();
                this.csrfCookiesCreateForHost = new HashMap<>();
                try {
                    performRequest.close();
                    return execute(httpUriRequest, false);
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            }
            this.logUtil.error(httpUriRequest, performRequest, "Was redirected to CAS or received 401 unauthorized error.");
        }
        this.logUtil.logResponse(httpUriRequest, performRequest);
        return performRequest;
    }

    private synchronized void ensureCSRFCookie(String str) {
        if (this.csrfCookiesCreateForHost.containsKey(str)) {
            return;
        }
        this.csrfCookiesCreateForHost.put(str, true);
        BasicClientCookie basicClientCookie = new BasicClientCookie(OphHttpClient.Header.CSRF, CSRF);
        basicClientCookie.setDomain(str);
        basicClientCookie.setPath("/");
        this.cookieStore.addCookie(basicClientCookie);
    }

    private boolean authenticate(HttpUriRequest httpUriRequest, boolean z) {
        try {
            return this.authenticator.authenticate(httpUriRequest, this.cookieStore);
        } catch (Exception e) {
            if (z) {
                log.warn("Failed to CAS authenticate. Renewing proxy ticket.");
                log.debug("Failed to CAS authenticate. Renewing proxy ticket.", (Throwable) e);
                return false;
            }
            log.warn("Failed second time to CAS authenticate");
            log.debug("Failed second time to CAS authenticate", (Throwable) e);
            throw new RuntimeException("Failed to authenticate a second time. CAS likely didn't recognise TGT!");
        }
    }

    private CloseableHttpResponse performRequest(HttpUriRequest httpUriRequest) {
        try {
            return this.cachingClient.execute(httpUriRequest, this.localContext.get());
        } catch (IOException e) {
            log.error("Failed to execute request: {}", (Throwable) e);
            throw new RuntimeException("Internal error calling " + httpUriRequest.getMethod() + "/" + httpUriRequest.getURI() + " (check logs): " + e.getMessage());
        }
    }

    public LogUtil getLogUtil() {
        return this.logUtil;
    }

    public CloseableHttpClient getCachingClient() {
        return this.cachingClient;
    }

    public CookieStore getCookieStore() {
        return this.cookieStore;
    }

    public Authenticator getAuthenticator() {
        return this.authenticator;
    }

    public String getCallerId() {
        return this.callerId;
    }

    public ThreadLocal<HttpContext> getLocalContext() {
        return this.localContext;
    }

    public HashMap<String, Boolean> getCsrfCookiesCreateForHost() {
        return this.csrfCookiesCreateForHost;
    }
}
