package io.trino.jdbc.$internal.client.uri;

import io.trino.jdbc.$internal.client.ClientException;
import io.trino.jdbc.$internal.client.DnsResolver;
import io.trino.jdbc.$internal.client.KerberosUtil;
import io.trino.jdbc.$internal.client.OkHttpUtil;
import io.trino.jdbc.$internal.client.auth.external.CompositeRedirectHandler;
import io.trino.jdbc.$internal.client.auth.external.ExternalAuthenticator;
import io.trino.jdbc.$internal.client.auth.external.HttpTokenPoller;
import io.trino.jdbc.$internal.client.auth.external.RedirectHandler;
import io.trino.jdbc.$internal.client.uri.ConnectionProperties;
import io.trino.jdbc.$internal.okhttp3.OkHttpClient;
import java.io.File;
import java.time.Duration;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.TimeUnit;

/* loaded from: input_file:BOOT-INF/lib/trino-jdbc-474.jar:io/trino/jdbc/$internal/client/uri/HttpClientFactory.class */
public class HttpClientFactory {
    private HttpClientFactory() {
    }

    public static OkHttpClient.Builder toHttpClientBuilder(TrinoUri trinoUri, String str) {
        OkHttpClient.Builder unauthenticatedClientBuilder = unauthenticatedClientBuilder(trinoUri, str);
        OkHttpUtil.setupCookieJar(unauthenticatedClientBuilder);
        if (trinoUri.hasPassword()) {
            if (!trinoUri.isUseSecureConnection()) {
                throw new RuntimeException("TLS/SSL is required for authentication with username and password");
            }
            unauthenticatedClientBuilder.addNetworkInterceptor(OkHttpUtil.basicAuth(trinoUri.getRequiredUser(), trinoUri.getPassword().orElseThrow(() -> {
                return new RuntimeException("Password expected");
            })));
        }
        if (trinoUri.getKerberosRemoteServiceName().isPresent()) {
            if (!trinoUri.isUseSecureConnection()) {
                throw new RuntimeException("TLS/SSL is required for Kerberos authentication");
            }
            OkHttpUtil.setupKerberos(unauthenticatedClientBuilder, trinoUri.getRequiredKerberosServicePrincipalPattern(), trinoUri.getRequiredKerberosRemoteServiceName(), trinoUri.getRequiredKerberosUseCanonicalHostname(), trinoUri.getKerberosPrincipal(), trinoUri.getKerberosConfigPath(), trinoUri.getKerberosKeytabPath(), Optional.ofNullable(trinoUri.getKerberosCredentialCachePath().orElseGet(() -> {
                return (File) KerberosUtil.defaultCredentialCachePath().map(File::new).orElse(null);
            })), trinoUri.getKerberosDelegation(), trinoUri.getKerberosConstrainedDelegation());
        }
        if (trinoUri.getAccessToken().isPresent()) {
            if (!trinoUri.isUseSecureConnection()) {
                throw new RuntimeException("TLS/SSL required for authentication using an access token");
            }
            unauthenticatedClientBuilder.addNetworkInterceptor(OkHttpUtil.tokenAuth(trinoUri.getAccessToken().get()));
        }
        if (trinoUri.isExternalAuthenticationEnabled()) {
            if (!trinoUri.isUseSecureConnection()) {
                throw new RuntimeException("TLS/SSL required for authentication using external authorization");
            }
            HttpTokenPoller httpTokenPoller = new HttpTokenPoller(unauthenticatedClientBuilder.build());
            Duration duration = (Duration) trinoUri.getExternalAuthenticationTimeout().map(duration2 -> {
                return Duration.ofMillis(duration2.toMillis());
            }).orElse(Duration.ofMinutes(2L));
            KnownTokenCache externalAuthenticationTokenCache = trinoUri.getExternalAuthenticationTokenCache();
            Optional<U> map = trinoUri.getExternalRedirectStrategies().map(CompositeRedirectHandler::new);
            Class<RedirectHandler> cls = RedirectHandler.class;
            Objects.requireNonNull(RedirectHandler.class);
            Optional map2 = map.map((v1) -> {
                return r1.cast(v1);
            });
            ExternalAuthenticator externalAuthenticator = new ExternalAuthenticator(TrinoUri.getRedirectHandler().orElseGet(() -> {
                return (RedirectHandler) map2.orElseThrow(() -> {
                    return new RuntimeException("External authentication redirect handler is not configured");
                });
            }), httpTokenPoller, externalAuthenticationTokenCache.create(), duration);
            unauthenticatedClientBuilder.authenticator(externalAuthenticator);
            unauthenticatedClientBuilder.addNetworkInterceptor(externalAuthenticator);
        }
        return unauthenticatedClientBuilder;
    }

    public static OkHttpClient.Builder unauthenticatedClientBuilder(TrinoUri trinoUri, String str) {
        OkHttpClient.Builder builder = new OkHttpClient.Builder();
        setupUserAgent(builder, str);
        OkHttpUtil.setupSocksProxy(builder, trinoUri.getSocksProxy());
        OkHttpUtil.setupHttpProxy(builder, trinoUri.getHttpProxy());
        OkHttpUtil.setupTimeouts(builder, Math.toIntExact(trinoUri.getTimeout().toMillis()), TimeUnit.MILLISECONDS);
        OkHttpUtil.setupHttpLogging(builder, trinoUri.getHttpLoggingLevel());
        if (trinoUri.isUseSecureConnection()) {
            ConnectionProperties.SslVerificationMode sslVerification = trinoUri.getSslVerification();
            if (sslVerification.equals(ConnectionProperties.SslVerificationMode.FULL) || sslVerification.equals(ConnectionProperties.SslVerificationMode.CA)) {
                OkHttpUtil.setupSsl(builder, trinoUri.getSslKeyStorePath(), trinoUri.getSslKeyStorePassword(), trinoUri.getSslKeyStoreType(), trinoUri.getSslUseSystemKeyStore(), trinoUri.getSslTrustStorePath(), trinoUri.getSslTrustStorePassword(), trinoUri.getSslTrustStoreType(), trinoUri.getSslUseSystemTrustStore());
            }
            if (sslVerification.equals(ConnectionProperties.SslVerificationMode.FULL)) {
                trinoUri.getHostnameInCertificate().ifPresent(str2 -> {
                    OkHttpUtil.setupAlternateHostnameVerification(builder, str2);
                });
            }
            if (sslVerification.equals(ConnectionProperties.SslVerificationMode.CA)) {
                builder.hostnameVerifier((str3, sSLSession) -> {
                    return true;
                });
            }
            if (sslVerification.equals(ConnectionProperties.SslVerificationMode.NONE)) {
                OkHttpUtil.setupInsecureSsl(builder);
            }
        } else {
            OkHttpUtil.setupInsecureSsl(builder);
        }
        trinoUri.getDnsResolver().ifPresent(cls -> {
            DnsResolver instantiateDnsResolver = instantiateDnsResolver(cls, trinoUri.getDnsResolverContext());
            Objects.requireNonNull(instantiateDnsResolver);
            builder.dns(instantiateDnsResolver::lookup);
        });
        return builder;
    }

    protected static void setupUserAgent(OkHttpClient.Builder builder, String str) {
        builder.addInterceptor(OkHttpUtil.userAgent(str));
    }

    private static DnsResolver instantiateDnsResolver(Class<? extends DnsResolver> cls, String str) {
        try {
            return cls.getConstructor(String.class).newInstance(str);
        } catch (ReflectiveOperationException e) {
            throw new ClientException("Unable to instantiate custom DNS resolver " + cls.getName(), e);
        }
    }
}
