package com.xunlei.channel.gateway.common.http;

import java.lang.reflect.Field;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import okhttp3.Credentials;
import okhttp3.OkHttpClient;
import okhttp3.Protocol;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.cloud.netflix.ribbon.RibbonAutoConfiguration;
import org.springframework.cloud.netflix.ribbon.okhttp.RetryableOkHttpLoadBalancingClient;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.core.io.Resource;

@Configuration
@AutoConfigureAfter({RibbonAutoConfiguration.class})
/* loaded from: input_file:com/xunlei/channel/gateway/common/http/SSLClientConfig.class */
public class SSLClientConfig {

    @Configuration
    @ConditionalOnProperty(value = {"ribbon.okhttp.enabled"}, matchIfMissing = true)
    @ConditionalOnClass(name = {"okhttp3.OkHttpClient"})
    /* loaded from: input_file:com/xunlei/channel/gateway/common/http/SSLClientConfig$CustomOkHttpRibbonConfiguration.class */
    protected static class CustomOkHttpRibbonConfiguration {
        protected CustomOkHttpRibbonConfiguration() {
        }

        @Bean({"ssl_client"})
        @Primary
        public OkHttpClient okHttpClient(RetryableOkHttpLoadBalancingClient retryableOkHttpLoadBalancingClient, SSLContext sSLContext, @Value("${application.name}") String str, @Value("${application.key}") String str2) {
            String basic = Credentials.basic(str, str2);
            ArrayList arrayList = new ArrayList();
            arrayList.add(Protocol.HTTP_2);
            arrayList.add(Protocol.HTTP_1_1);
            OkHttpClient build = new OkHttpClient.Builder().readTimeout(60L, TimeUnit.SECONDS).connectTimeout(60L, TimeUnit.SECONDS).writeTimeout(120L, TimeUnit.SECONDS).protocols(arrayList).sslSocketFactory(sSLContext.getSocketFactory()).followSslRedirects(false).followRedirects(false).authenticator((route, response) -> {
                return response.request().newBuilder().header("Authorization", basic).build();
            }).hostnameVerifier(new HostnameVerifier() { // from class: com.xunlei.channel.gateway.common.http.SSLClientConfig.CustomOkHttpRibbonConfiguration.1
                @Override // javax.net.ssl.HostnameVerifier
                public boolean verify(String str3, SSLSession sSLSession) {
                    return true;
                }
            }).build();
            try {
                Field declaredField = RetryableOkHttpLoadBalancingClient.class.getSuperclass().getSuperclass().getDeclaredField("delegate");
                declaredField.setAccessible(true);
                declaredField.set(retryableOkHttpLoadBalancingClient, build);
            } catch (Exception e) {
                e.printStackTrace();
            }
            return build;
        }

        @Bean
        @Primary
        public SSLContext getSSLContext(@Value("${client.keystore}") Resource resource, @Value("${key-store-password}") String str) throws Exception {
            char[] charArray = str.toCharArray();
            KeyStore keyStore = KeyStore.getInstance("jks");
            keyStore.load(resource.getInputStream(), charArray);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, charArray);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagers, trustManagers, null);
            return sSLContext;
        }
    }
}
