package org.springframework.cloud.dataflow.configuration.metadata;

import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.cloud.dataflow.configuration.metadata.container.ContainerImageMetadataProperties;
import org.springframework.cloud.dataflow.configuration.metadata.container.ContainerImageMetadataResolver;
import org.springframework.cloud.dataflow.configuration.metadata.container.ContainerImageParser;
import org.springframework.cloud.dataflow.configuration.metadata.container.DefaultContainerImageMetadataResolver;
import org.springframework.cloud.dataflow.configuration.metadata.container.RegistryConfiguration;
import org.springframework.cloud.dataflow.configuration.metadata.container.authorization.AnonymousRegistryAuthorizer;
import org.springframework.cloud.dataflow.configuration.metadata.container.authorization.AwsEcrAuthorizer;
import org.springframework.cloud.dataflow.configuration.metadata.container.authorization.BasicAuthRegistryAuthorizer;
import org.springframework.cloud.dataflow.configuration.metadata.container.authorization.DockerConfigJsonSecretToRegistryConfigurationConverter;
import org.springframework.cloud.dataflow.configuration.metadata.container.authorization.DockerOAuth2RegistryAuthorizer;
import org.springframework.cloud.dataflow.configuration.metadata.container.authorization.DropAuthorizationHeaderOnSignedS3RequestRedirectStrategy;
import org.springframework.cloud.dataflow.configuration.metadata.container.authorization.RegistryAuthorizer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.MediaType;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.http.converter.StringHttpMessageConverter;
import org.springframework.util.StringUtils;
import org.springframework.web.client.RestTemplate;

@EnableConfigurationProperties({ContainerImageMetadataProperties.class})
@Configuration
/* loaded from: input_file:org/springframework/cloud/dataflow/configuration/metadata/ApplicationConfigurationMetadataResolverAutoConfiguration.class */
public class ApplicationConfigurationMetadataResolverAutoConfiguration {
    private static final Logger logger = LoggerFactory.getLogger(ApplicationConfigurationMetadataResolverAutoConfiguration.class);

    @Bean
    public RegistryAuthorizer dockerOAuth2RegistryAuthorizer(@Qualifier("containerRestTemplate") RestTemplate restTemplate, @Qualifier("noSslVerificationContainerRestTemplate") RestTemplate restTemplate2) {
        return new DockerOAuth2RegistryAuthorizer(restTemplate, restTemplate2);
    }

    @Bean
    public RegistryAuthorizer anonymousRegistryAuthorizer() {
        return new AnonymousRegistryAuthorizer();
    }

    @Bean
    public RegistryAuthorizer basicAuthRegistryAuthorizer() {
        return new BasicAuthRegistryAuthorizer();
    }

    @Bean
    public RegistryAuthorizer awsRegistryAuthorizer() {
        return new AwsEcrAuthorizer();
    }

    @Bean
    public ContainerImageParser containerImageParser(ContainerImageMetadataProperties containerImageMetadataProperties) {
        return new ContainerImageParser(containerImageMetadataProperties.getDefaultRegistryHost(), containerImageMetadataProperties.getDefaultRepositoryTag(), containerImageMetadataProperties.getOfficialRepositoryNamespace());
    }

    @ConditionalOnMissingBean({ContainerImageMetadataResolver.class})
    @Bean
    public DefaultContainerImageMetadataResolver containerImageMetadataResolver(@Qualifier("containerRestTemplate") RestTemplate restTemplate, @Qualifier("noSslVerificationContainerRestTemplate") RestTemplate restTemplate2, ContainerImageParser containerImageParser, Map<String, RegistryConfiguration> map, List<RegistryAuthorizer> list) {
        return new DefaultContainerImageMetadataResolver(restTemplate, restTemplate2, containerImageParser, map, list);
    }

    @ConditionalOnMissingBean({ApplicationConfigurationMetadataResolver.class})
    @Bean
    public ApplicationConfigurationMetadataResolver metadataResolver(DefaultContainerImageMetadataResolver defaultContainerImageMetadataResolver) {
        return new BootApplicationConfigurationMetadataResolver(defaultContainerImageMetadataResolver);
    }

    @Bean
    public Map<String, RegistryConfiguration> registryConfigurationMap(ContainerImageMetadataProperties containerImageMetadataProperties, @Value("${.dockerconfigjson:#{null}}") String str, DockerConfigJsonSecretToRegistryConfigurationConverter dockerConfigJsonSecretToRegistryConfigurationConverter) {
        Map<String, RegistryConfiguration> map = (Map) containerImageMetadataProperties.getRegistryConfigurations().entrySet().stream().collect(Collectors.toMap(entry -> {
            return ((RegistryConfiguration) entry.getValue()).getRegistryHost();
        }, (v0) -> {
            return v0.getValue();
        }));
        map.values().stream().filter(registryConfiguration -> {
            return registryConfiguration.getAuthorizationType() == RegistryConfiguration.AuthorizationType.dockeroauth2;
        }).filter(registryConfiguration2 -> {
            return !registryConfiguration2.getExtra().containsKey(DockerOAuth2RegistryAuthorizer.DOCKER_REGISTRY_AUTH_URI_KEY);
        }).forEach(registryConfiguration3 -> {
            String dockerTokenServiceUri = dockerConfigJsonSecretToRegistryConfigurationConverter.getDockerTokenServiceUri(registryConfiguration3.getRegistryHost(), registryConfiguration3.getUser(), registryConfiguration3.getSecret());
            if (StringUtils.hasText(dockerTokenServiceUri)) {
                registryConfiguration3.getExtra().put(DockerOAuth2RegistryAuthorizer.DOCKER_REGISTRY_AUTH_URI_KEY, dockerTokenServiceUri);
            }
        });
        if (!StringUtils.isEmpty(str)) {
            map = (Map) Stream.concat(dockerConfigJsonSecretToRegistryConfigurationConverter.convert(str).entrySet().stream(), map.entrySet().stream()).collect(Collectors.toMap((v0) -> {
                return v0.getKey();
            }, (v0) -> {
                return v0.getValue();
            }, (registryConfiguration4, registryConfiguration5) -> {
                RegistryConfiguration registryConfiguration4 = new RegistryConfiguration();
                registryConfiguration4.setRegistryHost(registryConfiguration4.getRegistryHost());
                registryConfiguration4.setUser(StringUtils.hasText(registryConfiguration5.getUser()) ? registryConfiguration5.getUser() : registryConfiguration4.getUser());
                registryConfiguration4.setSecret(StringUtils.hasText(registryConfiguration5.getSecret()) ? registryConfiguration5.getSecret() : registryConfiguration4.getSecret());
                registryConfiguration4.setAuthorizationType(registryConfiguration5.getAuthorizationType() != null ? registryConfiguration5.getAuthorizationType() : registryConfiguration4.getAuthorizationType());
                registryConfiguration4.setManifestMediaType(StringUtils.hasText(registryConfiguration5.getManifestMediaType()) ? registryConfiguration5.getManifestMediaType() : registryConfiguration4.getManifestMediaType());
                registryConfiguration4.setDisableSslVerification(registryConfiguration5.isDisableSslVerification());
                registryConfiguration4.getExtra().putAll(registryConfiguration4.getExtra());
                registryConfiguration4.getExtra().putAll(registryConfiguration5.getExtra());
                return registryConfiguration4;
            }));
        }
        logger.info("Final Registry Configurations: " + map);
        return map;
    }

    @Bean
    public DockerConfigJsonSecretToRegistryConfigurationConverter secretToRegistryConfigurationConverter(@Qualifier("noSslVerificationContainerRestTemplate") RestTemplate restTemplate) {
        return new DockerConfigJsonSecretToRegistryConfigurationConverter(restTemplate);
    }

    @ConditionalOnMissingBean(name = {"containerRestTemplate"})
    @Bean
    public RestTemplate containerRestTemplate(RestTemplateBuilder restTemplateBuilder) {
        return initRestTemplate(restTemplateBuilder, HttpClients.custom());
    }

    @ConditionalOnMissingBean(name = {"noSslVerificationContainerRestTemplate"})
    @Bean
    public RestTemplate noSslVerificationContainerRestTemplate(RestTemplateBuilder restTemplateBuilder) throws NoSuchAlgorithmException, KeyManagementException {
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: org.springframework.cloud.dataflow.configuration.metadata.ApplicationConfigurationMetadataResolverAutoConfiguration.1
            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }
        }};
        SSLContext sSLContext = SSLContext.getInstance("SSL");
        sSLContext.init(null, trustManagerArr, new SecureRandom());
        return initRestTemplate(restTemplateBuilder, HttpClients.custom().setSSLContext(sSLContext).setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE));
    }

    private RestTemplate initRestTemplate(RestTemplateBuilder restTemplateBuilder, HttpClientBuilder httpClientBuilder) {
        HttpMessageConverter stringHttpMessageConverter = new StringHttpMessageConverter();
        ArrayList arrayList = new ArrayList(stringHttpMessageConverter.getSupportedMediaTypes());
        arrayList.add(MediaType.APPLICATION_OCTET_STREAM);
        stringHttpMessageConverter.setSupportedMediaTypes(arrayList);
        HttpComponentsClientHttpRequestFactory httpComponentsClientHttpRequestFactory = new HttpComponentsClientHttpRequestFactory(httpClientBuilder.setRedirectStrategy(new DropAuthorizationHeaderOnSignedS3RequestRedirectStrategy()).build());
        return restTemplateBuilder.additionalMessageConverters(new HttpMessageConverter[]{stringHttpMessageConverter}).requestFactory(() -> {
            return httpComponentsClientHttpRequestFactory;
        }).build();
    }
}
