package com.gitlab.credit_reference_platform.crp.gateway.icl.client.configuration;

import com.gitlab.credit_reference_platform.crp.gateway.acctmgmt.enum_type.SecretSubType;
import com.gitlab.credit_reference_platform.crp.gateway.acctmgmt.service.ICertificateSecretService;
import com.gitlab.credit_reference_platform.crp.gateway.exception.ServiceException;
import com.gitlab.credit_reference_platform.crp.gateway.service.IConfigurableService;
import com.gitlab.vincenthung.commons.security.keystore.factory.KeyStoreFactory;
import com.gitlab.vincenthung.commons.security.keystore.factory.KeyStoreFactoryException;
import feign.Client;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.net.ssl.SSLSocketFactory;
import lombok.Generated;
import org.apache.hc.core5.ssl.SSLContextBuilder;
import org.apache.hc.core5.ssl.TrustStrategy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.DependsOn;
import org.springframework.util.StringUtils;

@DependsOn({"crpPropertiesService"})
/* loaded from: input_file:BOOT-INF/lib/crp-gateway-icl-crp-service-2.1.1.jar:com/gitlab/credit_reference_platform/crp/gateway/icl/client/configuration/CRPProxiedClientConfiguration.class */
public class CRPProxiedClientConfiguration implements IConfigurableService {

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) CRPProxiedClientConfiguration.class);

    @Value("${crp.gateway.icl.conn.crp.host:}")
    private String iclApiHost;

    @Value("${crp.gateway.icl.conn.crp.proxy:}")
    private String iclApiProxyHost;

    @Value("${crp.gateway.icl.conn.crp.protocol:}")
    private String protocol;
    public static final String DEFAULT_PROTOCOL = "TLSv1.2";

    @Autowired
    private ICertificateSecretService certificateSecretService;

    private Proxy constructIclApiProxy() {
        Proxy proxy = null;
        if (StringUtils.hasText(this.iclApiProxyHost)) {
            String[] split = this.iclApiProxyHost.split(":", 2);
            String str = split[0];
            try {
                int parseInt = Integer.parseInt(split.length > 1 ? split[1] : "8080");
                proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(str, parseInt));
                log.info("Configured Proxy [{}:{}] for {}", str, Integer.valueOf(parseInt), getClass().getSimpleName());
            } catch (NumberFormatException e) {
                log.error("Failed to parse [{}] to port, expected positive integer");
            }
        }
        return proxy;
    }

    private SSLSocketFactory constructSSLSocketFactory() {
        try {
            List<X509Certificate> activeCertificates = this.certificateSecretService.getActiveCertificates(SecretSubType.CRP_SERVER_CERTIFICATE);
            if (activeCertificates == null || activeCertificates.isEmpty()) {
                log.warn("The CRP Server Certificate Record not found for customizing ApiClient");
                return null;
            }
            try {
                KeyStoreFactory init = KeyStoreFactory.init(null, null, null);
                for (int i = 0; i < activeCertificates.size(); i++) {
                    init.addTrustedCertificate((Certificate) activeCertificates.get(i), "crp" + i, true);
                }
                KeyStore keyStore = init.getKeyStore();
                if (!StringUtils.hasText(this.protocol)) {
                    this.protocol = "TLSv1.2";
                }
                try {
                    return SSLContextBuilder.create().setProtocol(this.protocol).loadTrustMaterial(keyStore, (TrustStrategy) null).build().getSocketFactory();
                } catch (Exception e) {
                    throw new IllegalStateException("Failed to setup SSLContext for CRPApiClient", e);
                }
            } catch (KeyStoreFactoryException e2) {
                throw new IllegalStateException("Failed to init KeyStoreFactory for CRPApiClient", e2);
            }
        } catch (ServiceException e3) {
            throw new IllegalStateException("Failed to obtain CRP Server Certificate for CRPApiClient", e3);
        }
    }

    @Override // com.gitlab.credit_reference_platform.crp.gateway.service.IConfigurableService
    public boolean isConfigured() {
        return StringUtils.hasText(this.iclApiHost);
    }

    @Bean
    public Client feignClient() {
        SSLSocketFactory sSLSocketFactory = null;
        try {
            sSLSocketFactory = constructSSLSocketFactory();
        } catch (Exception e) {
            log.error("Failed to initiate SSLSocketFactory", (Throwable) e);
        }
        Proxy constructIclApiProxy = constructIclApiProxy();
        return constructIclApiProxy != null ? new Client.Proxied(sSLSocketFactory, null, constructIclApiProxy) : new Client.Default(sSLSocketFactory, null);
    }
}
