package cn.com.kanq.common.config;

import cn.com.kanq.common.util.HttpRequestHeaderInterceptorImpl;
import io.undertow.servlet.api.SecurityConstraint;
import io.undertow.servlet.api.SecurityInfo;
import io.undertow.servlet.api.TransportGuaranteeType;
import io.undertow.servlet.api.WebResourceCollection;
import java.security.KeyStore;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContexts;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.web.embedded.undertow.UndertowBuilderCustomizer;
import org.springframework.boot.web.embedded.undertow.UndertowDeploymentInfoCustomizer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
@ConditionalOnProperty(value = {"kq.https.enabled"}, havingValue = "true")
/* loaded from: input_file:cn/com/kanq/common/config/SSLConfig.class */
public class SSLConfig {

    @Value("${server.port}")
    private Integer port;

    @Value("${server.http.port}")
    private Integer httpPort;

    @Value("${server.address}")
    private String host;

    @Bean
    public CloseableHttpClient getIgnoreSSLClient() throws Exception {
        return HttpClients.custom().addInterceptorFirst(HttpRequestHeaderInterceptorImpl.me).setSSLContext(SSLContexts.custom().loadTrustMaterial((KeyStore) null, (x509CertificateArr, str) -> {
            return true;
        }).build()).setSSLHostnameVerifier(new NoopHostnameVerifier()).build();
    }

    @Bean
    public UndertowDeploymentInfoCustomizer deploymentInfoCustomizer() {
        return deploymentInfo -> {
            deploymentInfo.addSecurityConstraint(new SecurityConstraint().addWebResourceCollection(new WebResourceCollection().addUrlPattern("/*")).setTransportGuaranteeType(TransportGuaranteeType.CONFIDENTIAL).setEmptyRoleSemantic(SecurityInfo.EmptyRoleSemantic.PERMIT)).setConfidentialPortManager(httpServerExchange -> {
                return this.port.intValue();
            });
        };
    }

    @Bean
    public UndertowBuilderCustomizer builderCustomizer() {
        return builder -> {
            builder.addHttpListener(this.httpPort.intValue(), this.host);
        };
    }
}
