package org.gradle.internal.resource.transport.http;

import com.google.common.collect.Lists;
import java.io.IOException;
import java.net.ProxySelector;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import javax.net.ssl.HostnameVerifier;
import org.apache.http.HttpException;
import org.apache.http.HttpHost;
import org.apache.http.HttpRequest;
import org.apache.http.HttpRequestInterceptor;
import org.apache.http.auth.AuthScheme;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.AuthState;
import org.apache.http.auth.Credentials;
import org.apache.http.auth.NTCredentials;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.client.config.CookieSpecs;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.config.SocketConfig;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.util.PublicSuffixMatcher;
import org.apache.http.conn.util.PublicSuffixMatcherLoader;
import org.apache.http.impl.auth.BasicScheme;
import org.apache.http.impl.auth.BasicSchemeFactory;
import org.apache.http.impl.auth.DigestSchemeFactory;
import org.apache.http.impl.auth.KerberosSchemeFactory;
import org.apache.http.impl.auth.SPNegoSchemeFactory;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.SystemDefaultCredentialsProvider;
import org.apache.http.impl.conn.SystemDefaultRoutePlanner;
import org.apache.http.impl.cookie.DefaultCookieSpecProvider;
import org.apache.http.impl.cookie.IgnoreSpecProvider;
import org.apache.http.impl.cookie.NetscapeDraftSpecProvider;
import org.apache.http.impl.cookie.RFC6265CookieSpecProvider;
import org.apache.http.protocol.HttpContext;
import org.gradle.api.JavaVersion;
import org.gradle.api.credentials.HttpHeaderCredentials;
import org.gradle.api.credentials.PasswordCredentials;
import org.gradle.api.specs.Spec;
import org.gradle.authentication.Authentication;
import org.gradle.authentication.http.BasicAuthentication;
import org.gradle.authentication.http.DigestAuthentication;
import org.gradle.authentication.http.HttpHeaderAuthentication;
import org.gradle.internal.authentication.AllSchemesAuthentication;
import org.gradle.internal.authentication.AuthenticationInternal;
import org.gradle.internal.jvm.Jvm;
import org.gradle.internal.resource.UriTextResource;
import org.gradle.internal.resource.transport.http.HttpProxySettings;
import org.gradle.internal.resource.transport.http.ntlm.NTLMCredentials;
import org.gradle.internal.resource.transport.http.ntlm.NTLMSchemeFactory;
import org.gradle.util.CollectionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:gradle-4.10.1-bin.zip:gradle-4.10.1/lib/plugins/gradle-resources-http-4.10.1.jar:org/gradle/internal/resource/transport/http/HttpClientConfigurer.class */
public class HttpClientConfigurer {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) HttpClientConfigurer.class);
    private static final int MAX_HTTP_CONNECTIONS = 20;
    private static final String[] SSL_PROTOCOLS;
    private static final String HTTPS_PROTOCOLS = "https.protocols";
    private final HttpSettings httpSettings;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:gradle-4.10.1-bin.zip:gradle-4.10.1/lib/plugins/gradle-resources-http-4.10.1.jar:org/gradle/internal/resource/transport/http/HttpClientConfigurer$PreemptiveAuth.class */
    public static class PreemptiveAuth implements HttpRequestInterceptor {
        private final AuthScheme authScheme;
        private final boolean alwaysSendAuth;

        PreemptiveAuth(AuthScheme authScheme, boolean z) {
            this.authScheme = authScheme;
            this.alwaysSendAuth = z;
        }

        @Override // org.apache.http.HttpRequestInterceptor
        public void process(HttpRequest httpRequest, HttpContext httpContext) throws HttpException, IOException {
            AuthState authState = (AuthState) httpContext.getAttribute("http.auth.target-scope");
            if (authState.getAuthScheme() != null || authState.hasAuthOptions()) {
                return;
            }
            String method = httpRequest.getRequestLine().getMethod();
            if (this.alwaysSendAuth || method.equals("PUT") || method.equals("POST")) {
                CredentialsProvider credentialsProvider = (CredentialsProvider) httpContext.getAttribute("http.auth.credentials-provider");
                HttpHost httpHost = (HttpHost) httpContext.getAttribute("http.target_host");
                Credentials credentials = credentialsProvider.getCredentials(new AuthScope(httpHost.getHostName(), httpHost.getPort()));
                if (credentials == null) {
                    throw new HttpException("No credentials for preemptive authentication");
                }
                authState.update(this.authScheme, credentials);
            }
        }
    }

    public HttpClientConfigurer(HttpSettings httpSettings) {
        this.httpSettings = httpSettings;
    }

    public void configure(HttpClientBuilder httpClientBuilder) {
        SystemDefaultCredentialsProvider systemDefaultCredentialsProvider = new SystemDefaultCredentialsProvider();
        configureSslSocketConnectionFactory(httpClientBuilder, this.httpSettings.getSslContextFactory(), this.httpSettings.getHostnameVerifier());
        configureAuthSchemeRegistry(httpClientBuilder);
        configureCredentials(httpClientBuilder, systemDefaultCredentialsProvider, this.httpSettings.getAuthenticationSettings());
        configureProxy(httpClientBuilder, systemDefaultCredentialsProvider, this.httpSettings);
        configureUserAgent(httpClientBuilder);
        configureCookieSpecRegistry(httpClientBuilder);
        configureRequestConfig(httpClientBuilder);
        configureSocketConfig(httpClientBuilder);
        configureRedirectStrategy(httpClientBuilder);
        httpClientBuilder.setDefaultCredentialsProvider(systemDefaultCredentialsProvider);
        httpClientBuilder.setMaxConnTotal(20);
        httpClientBuilder.setMaxConnPerRoute(20);
    }

    private void configureSslSocketConnectionFactory(HttpClientBuilder httpClientBuilder, SslContextFactory sslContextFactory, HostnameVerifier hostnameVerifier) {
        httpClientBuilder.setSSLSocketFactory(new SSLConnectionSocketFactory(sslContextFactory.createSslContext(), SSL_PROTOCOLS, (String[]) null, hostnameVerifier));
    }

    private void configureAuthSchemeRegistry(HttpClientBuilder httpClientBuilder) {
        httpClientBuilder.setDefaultAuthSchemeRegistry(RegistryBuilder.create().register("Basic", new BasicSchemeFactory()).register("Digest", new DigestSchemeFactory()).register("NTLM", new NTLMSchemeFactory()).register("Negotiate", new SPNegoSchemeFactory()).register("Kerberos", new KerberosSchemeFactory()).register(HttpHeaderAuthScheme.AUTH_SCHEME_NAME, new HttpHeaderSchemeFactory()).build());
    }

    private void configureCredentials(HttpClientBuilder httpClientBuilder, CredentialsProvider credentialsProvider, Collection<Authentication> collection) {
        if (collection.size() > 0) {
            useCredentials(credentialsProvider, AuthScope.ANY_HOST, -1, collection);
            httpClientBuilder.addInterceptorFirst(new PreemptiveAuth(getAuthScheme(collection), isPreemptiveEnabled(collection)));
        }
    }

    private AuthScheme getAuthScheme(Collection<Authentication> collection) {
        return (collection.size() == 1 && (collection.iterator().next() instanceof HttpHeaderAuthentication)) ? new HttpHeaderAuthScheme() : new BasicScheme();
    }

    private void configureProxy(HttpClientBuilder httpClientBuilder, CredentialsProvider credentialsProvider, HttpSettings httpSettings) {
        Iterator it2 = Lists.newArrayList(httpSettings.getProxySettings().getProxy(), httpSettings.getSecureProxySettings().getProxy()).iterator();
        while (it2.hasNext()) {
            HttpProxySettings.HttpProxy httpProxy = (HttpProxySettings.HttpProxy) it2.next();
            if (httpProxy != null && httpProxy.credentials != null) {
                useCredentials(credentialsProvider, httpProxy.host, httpProxy.port, Collections.singleton(new AllSchemesAuthentication(httpProxy.credentials)));
            }
        }
        httpClientBuilder.setRoutePlanner(new SystemDefaultRoutePlanner(ProxySelector.getDefault()));
    }

    private void useCredentials(CredentialsProvider credentialsProvider, String str, int i, Collection<? extends Authentication> collection) {
        for (Authentication authentication : collection) {
            String authScheme = getAuthScheme(authentication);
            org.gradle.api.credentials.Credentials credentials = ((AuthenticationInternal) authentication).getCredentials();
            if (credentials instanceof HttpHeaderCredentials) {
                HttpHeaderCredentials httpHeaderCredentials = (HttpHeaderCredentials) credentials;
                credentialsProvider.setCredentials(new AuthScope(str, i, AuthScope.ANY_REALM, authScheme), new HttpClientHttpHeaderCredentials(httpHeaderCredentials.getName(), httpHeaderCredentials.getValue()));
                LOGGER.debug("Using {} for authenticating against '{}:{}' using {}", httpHeaderCredentials, str, Integer.valueOf(i), authScheme);
            } else {
                if (!(credentials instanceof PasswordCredentials)) {
                    throw new IllegalArgumentException(String.format("Credentials must be an instance of: %s or %s", PasswordCredentials.class.getCanonicalName(), HttpHeaderCredentials.class.getCanonicalName()));
                }
                PasswordCredentials passwordCredentials = (PasswordCredentials) credentials;
                if (authentication instanceof AllSchemesAuthentication) {
                    NTLMCredentials nTLMCredentials = new NTLMCredentials(passwordCredentials);
                    credentialsProvider.setCredentials(new AuthScope(str, i, AuthScope.ANY_REALM, "NTLM"), new NTCredentials(nTLMCredentials.getUsername(), nTLMCredentials.getPassword(), nTLMCredentials.getWorkstation(), nTLMCredentials.getDomain()));
                    LOGGER.debug("Using {} and {} for authenticating against '{}:{}' using {}", passwordCredentials, nTLMCredentials, str, Integer.valueOf(i), "NTLM");
                }
                credentialsProvider.setCredentials(new AuthScope(str, i, AuthScope.ANY_REALM, authScheme), new UsernamePasswordCredentials(passwordCredentials.getUsername(), passwordCredentials.getPassword()));
                LOGGER.debug("Using {} for authenticating against '{}:{}' using {}", passwordCredentials, str, Integer.valueOf(i), authScheme);
            }
        }
    }

    private boolean isPreemptiveEnabled(Collection<Authentication> collection) {
        return CollectionUtils.any(collection, new Spec<Authentication>() { // from class: org.gradle.internal.resource.transport.http.HttpClientConfigurer.1
            @Override // org.gradle.api.specs.Spec
            public boolean isSatisfiedBy(Authentication authentication) {
                return (authentication instanceof BasicAuthentication) || (authentication instanceof HttpHeaderAuthentication);
            }
        });
    }

    public void configureUserAgent(HttpClientBuilder httpClientBuilder) {
        httpClientBuilder.setUserAgent(UriTextResource.getUserAgentString());
    }

    private void configureCookieSpecRegistry(HttpClientBuilder httpClientBuilder) {
        PublicSuffixMatcher publicSuffixMatcher = PublicSuffixMatcherLoader.getDefault();
        httpClientBuilder.setPublicSuffixMatcher(publicSuffixMatcher);
        DefaultCookieSpecProvider defaultCookieSpecProvider = new DefaultCookieSpecProvider(DefaultCookieSpecProvider.CompatibilityLevel.DEFAULT, publicSuffixMatcher, new String[]{"EEE, dd-MMM-yy HH:mm:ss z", "EEE, dd-MMM-yy HH:mm:ss zzz", "EEE MMM d HH:mm:ss yyyy", "EEE, dd MMM yyyy HH:mm:ss zzz"}, false);
        httpClientBuilder.setDefaultCookieSpecRegistry(RegistryBuilder.create().register("default", defaultCookieSpecProvider).register("best-match", defaultCookieSpecProvider).register("compatibility", defaultCookieSpecProvider).register(CookieSpecs.STANDARD, new RFC6265CookieSpecProvider(RFC6265CookieSpecProvider.CompatibilityLevel.RELAXED, publicSuffixMatcher)).register(CookieSpecs.STANDARD_STRICT, new RFC6265CookieSpecProvider(RFC6265CookieSpecProvider.CompatibilityLevel.STRICT, publicSuffixMatcher)).register("netscape", new NetscapeDraftSpecProvider()).register("ignoreCookies", new IgnoreSpecProvider()).build());
    }

    private void configureRequestConfig(HttpClientBuilder httpClientBuilder) {
        HttpTimeoutSettings timeoutSettings = this.httpSettings.getTimeoutSettings();
        httpClientBuilder.setDefaultRequestConfig(RequestConfig.custom().setConnectTimeout(timeoutSettings.getConnectionTimeoutMs()).setSocketTimeout(timeoutSettings.getSocketTimeoutMs()).build());
    }

    private void configureSocketConfig(HttpClientBuilder httpClientBuilder) {
        httpClientBuilder.setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(this.httpSettings.getTimeoutSettings().getSocketTimeoutMs()).build());
    }

    private void configureRedirectStrategy(HttpClientBuilder httpClientBuilder) {
        if (this.httpSettings.isFollowRedirects()) {
            httpClientBuilder.setRedirectStrategy(new AlwaysRedirectRedirectStrategy());
        } else {
            httpClientBuilder.disableRedirectHandling();
        }
    }

    private String getAuthScheme(Authentication authentication) {
        if (authentication instanceof BasicAuthentication) {
            return "Basic";
        }
        if (authentication instanceof DigestAuthentication) {
            return "Digest";
        }
        if (authentication instanceof HttpHeaderAuthentication) {
            return HttpHeaderAuthScheme.AUTH_SCHEME_NAME;
        }
        if (authentication instanceof AllSchemesAuthentication) {
            return AuthScope.ANY_SCHEME;
        }
        throw new IllegalArgumentException(String.format("Authentication scheme of '%s' is not supported.", authentication.getClass().getSimpleName()));
    }

    static {
        String property = System.getProperty(HTTPS_PROTOCOLS);
        if (property != null) {
            SSL_PROTOCOLS = property.split(",");
        } else if (JavaVersion.current().isJava7() || (JavaVersion.current().isJava8() && Jvm.current().isIbmJvm())) {
            SSL_PROTOCOLS = new String[]{"TLSv1", "TLSv1.1", "TLSv1.2"};
        } else {
            SSL_PROTOCOLS = null;
        }
    }
}
