package com.openblocks.sdk.webclient;

import com.openblocks.sdk.plugin.common.ssl.DisableVerifySslConfig;
import com.openblocks.sdk.plugin.common.ssl.SslConfig;
import com.openblocks.sdk.plugin.common.ssl.SslHelper;
import com.openblocks.sdk.plugin.common.ssl.VerifySelfSignedCertSslConfig;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Set;
import javax.net.ssl.SSLException;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.client.reactive.ReactorClientHttpConnector;
import org.springframework.web.reactive.function.client.WebClient;
import reactor.netty.http.client.HttpClient;
import reactor.netty.tcp.SslProvider;
import reactor.netty.transport.ProxyProvider;

/* loaded from: input_file:com/openblocks/sdk/webclient/WebClientBuildHelper.class */
public class WebClientBuildHelper {
    private static final Logger log = LoggerFactory.getLogger(WebClientBuildHelper.class);
    private static final String proxyHost = System.getProperty("http.proxyHost");
    private static final String proxyPortStr = System.getProperty("http.proxyPort");
    private SslConfig sslConfig;
    private Set<String> disallowedHosts;
    private boolean systemProxy;

    private WebClientBuildHelper() {
    }

    public static WebClientBuildHelper builder() {
        return new WebClientBuildHelper();
    }

    public WebClientBuildHelper sslConfig(SslConfig sslConfig) {
        this.sslConfig = sslConfig;
        return this;
    }

    public WebClientBuildHelper disallowedHosts(Set<String> set) {
        this.disallowedHosts = set;
        return this;
    }

    public WebClientBuildHelper systemProxy() {
        this.systemProxy = true;
        return this;
    }

    public WebClient build() {
        return toWebClientBuilder().build();
    }

    public WebClient.Builder toWebClientBuilder() {
        HttpClient create = HttpClient.create();
        if (this.sslConfig != null) {
            if (this.sslConfig instanceof DisableVerifySslConfig) {
                create = create.secure(sslProviderWithoutCertVerify());
            }
            SslConfig sslConfig = this.sslConfig;
            if (sslConfig instanceof VerifySelfSignedCertSslConfig) {
                create = create.secure(sslProviderWithSelfSignedCert((VerifySelfSignedCertSslConfig) sslConfig));
            }
        }
        if (this.systemProxy && StringUtils.isNoneBlank(new CharSequence[]{proxyHost, proxyPortStr})) {
            create = (HttpClient) create.proxy(typeSpec -> {
                typeSpec.type(ProxyProvider.Proxy.HTTP).host(proxyHost).port(Integer.parseInt(proxyPortStr));
            });
        }
        if (CollectionUtils.isNotEmpty(this.disallowedHosts)) {
            create = (HttpClient) create.resolver(new SafeHostResolverGroup(this.disallowedHosts));
        }
        return WebClient.builder().clientConnector(new ReactorClientHttpConnector(create));
    }

    private static SslProvider sslProviderWithSelfSignedCert(VerifySelfSignedCertSslConfig verifySelfSignedCertSslConfig) {
        try {
            return SslProvider.builder().sslContext(SslContextBuilder.forClient().trustManager(new X509Certificate[]{SslHelper.parseCertificate(verifySelfSignedCertSslConfig.getSelfSignedCert())}).build()).build();
        } catch (CertificateException | SSLException e) {
            log.error("parse certificate error", e);
            return SslProvider.defaultClientProvider();
        }
    }

    private static SslProvider sslProviderWithoutCertVerify() {
        try {
            return SslProvider.builder().sslContext(SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).build()).build();
        } catch (SSLException e) {
            return SslProvider.defaultClientProvider();
        }
    }
}
