package software.amazon.awssdk.http.apache.internal.impl;

import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.time.Duration;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.config.SocketConfig;
import org.apache.http.conn.DnsResolver;
import org.apache.http.conn.HttpClientConnectionManager;
import org.apache.http.conn.HttpConnectionFactory;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLInitializationException;
import org.apache.http.impl.conn.DefaultSchemePortResolver;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import software.amazon.awssdk.annotation.ReviewBeforeRelease;
import software.amazon.awssdk.http.SdkHttpConfigurationOption;
import software.amazon.awssdk.http.apache.ApacheSdkHttpClientFactory;
import software.amazon.awssdk.http.apache.internal.Defaults;
import software.amazon.awssdk.http.apache.internal.conn.SdkTlsSocketFactory;
import software.amazon.awssdk.utils.AttributeMap;
import software.amazon.awssdk.utils.NumericUtils;

/* loaded from: input_file:software/amazon/awssdk/http/apache/internal/impl/ApacheConnectionManagerFactory.class */
public class ApacheConnectionManagerFactory {
    public HttpClientConnectionManager create(ApacheSdkHttpClientFactory apacheSdkHttpClientFactory, AttributeMap attributeMap) {
        PoolingHttpClientConnectionManager poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager(createSocketFactoryRegistry(getPreferredSocketFactory(attributeMap)), (HttpConnectionFactory) null, DefaultSchemePortResolver.INSTANCE, (DnsResolver) null, apacheSdkHttpClientFactory.connectionTimeToLive().orElse(Defaults.CONNECTION_POOL_TTL).toMillis(), TimeUnit.MILLISECONDS);
        poolingHttpClientConnectionManager.setDefaultMaxPerRoute(((Integer) attributeMap.get(SdkHttpConfigurationOption.MAX_CONNECTIONS)).intValue());
        poolingHttpClientConnectionManager.setMaxTotal(((Integer) attributeMap.get(SdkHttpConfigurationOption.MAX_CONNECTIONS)).intValue());
        poolingHttpClientConnectionManager.setDefaultSocketConfig(buildSocketConfig(attributeMap));
        return poolingHttpClientConnectionManager;
    }

    private ConnectionSocketFactory getPreferredSocketFactory(AttributeMap attributeMap) {
        return new SdkTlsSocketFactory(getPreferredSslContext(), getHostNameVerifier(attributeMap));
    }

    private static SSLContext getPreferredSslContext() {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, null, null);
            return sSLContext;
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new SSLInitializationException(e.getMessage(), e);
        }
    }

    private SocketConfig buildSocketConfig(AttributeMap attributeMap) {
        return SocketConfig.custom().setSoKeepAlive(false).setSoTimeout(NumericUtils.saturatedCast(((Duration) attributeMap.get(SdkHttpConfigurationOption.SOCKET_TIMEOUT)).toMillis())).setTcpNoDelay(true).build();
    }

    @ReviewBeforeRelease("Need to have a way to communicate with HTTP impl supports disabling of stricthostname verification. If it doesn't we either need to fail in S3 or switch to path styleaddressing.")
    private HostnameVerifier getHostNameVerifier(AttributeMap attributeMap) {
        return ((Boolean) attributeMap.get(SdkHttpConfigurationOption.USE_STRICT_HOSTNAME_VERIFICATION)).booleanValue() ? SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER : SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER;
    }

    private Registry<ConnectionSocketFactory> createSocketFactoryRegistry(ConnectionSocketFactory connectionSocketFactory) {
        return RegistryBuilder.create().register("http", PlainConnectionSocketFactory.getSocketFactory()).register("https", connectionSocketFactory).build();
    }
}
