package io.apiman.gateway.platforms.vertx3.http;

import io.apiman.common.config.options.TLSOptions;
import io.vertx.core.http.HttpClientOptions;
import io.vertx.core.logging.Logger;
import io.vertx.core.logging.LoggerFactory;
import io.vertx.core.net.JksOptions;
import java.net.URL;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.SSLContext;

/* loaded from: input_file:io/apiman/gateway/platforms/vertx3/http/HttpClientOptionsFactory.class */
public class HttpClientOptionsFactory {
    private static final String[] EMPTY = new String[0];
    private static Map<TLSOptions, HttpClientOptions> configCache = new HashMap();
    private static Logger log = LoggerFactory.getLogger(HttpClientOptionsFactory.class);

    public static HttpClientOptions parseOptions(TLSOptions tLSOptions, URL url) {
        if (configCache.containsKey(tLSOptions)) {
            return configCache.get(tLSOptions);
        }
        HttpClientOptions doParse = doParse(tLSOptions, url);
        configCache.put(tLSOptions, doParse);
        return doParse;
    }

    private static HttpClientOptions doParse(TLSOptions tLSOptions, URL url) {
        HttpClientOptions httpClientOptions = new HttpClientOptions();
        if (url.getProtocol().equals("http")) {
            return httpClientOptions.setSsl(false);
        }
        httpClientOptions.setSsl(true);
        httpClientOptions.setTrustAll(tLSOptions.isTrustSelfSigned() || tLSOptions.isDevMode()).setVerifyHost(!tLSOptions.isAllowAnyHost() || tLSOptions.isDevMode());
        if (tLSOptions.getTrustStore() != null) {
            httpClientOptions.setTrustStoreOptions(new JksOptions().setPath(tLSOptions.getTrustStore()).setPassword(tLSOptions.getTrustStorePassword()));
        }
        if (tLSOptions.getKeyStore() != null) {
            httpClientOptions.setKeyStoreOptions(new JksOptions().setPath(tLSOptions.getKeyStore()).setPassword(tLSOptions.getKeyStorePassword()));
        }
        if (tLSOptions.getAllowedCiphers() != null) {
            for (String str : arrayDifference(tLSOptions.getAllowedCiphers(), tLSOptions.getDisallowedCiphers(), getDefaultCipherSuites())) {
                httpClientOptions.addEnabledCipherSuite(str);
            }
        }
        if (tLSOptions.getAllowedProtocols() != null) {
            log.info("Can't set allowed protocols on Vert.x gateway");
        }
        return httpClientOptions;
    }

    private static String[] arrayDifference(String[] strArr, String[] strArr2, String[] strArr3) {
        ArrayList arrayList = new ArrayList(Arrays.asList(optionalVar(strArr, strArr3)));
        arrayList.removeAll(new ArrayList(Arrays.asList(optionalVar(strArr2, EMPTY))));
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    private static String[] optionalVar(String[] strArr, String[] strArr2) {
        return (strArr == null || strArr.length == 0) ? strArr2 : strArr;
    }

    private static String[] getDefaultCipherSuites() {
        try {
            return SSLContext.getDefault().getDefaultSSLParameters().getCipherSuites();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }
}
