package org.springframework.boot.buildpack.platform.docker.transport;

import java.net.URISyntaxException;
import java.util.concurrent.TimeUnit;
import org.apache.hc.client5.http.classic.HttpClient;
import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
import org.apache.hc.client5.http.impl.classic.HttpClients;
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
import org.apache.hc.client5.http.socket.LayeredConnectionSocketFactory;
import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.http.io.SocketConfig;
import org.apache.hc.core5.util.Timeout;
import org.springframework.boot.buildpack.platform.docker.configuration.DockerHost;
import org.springframework.boot.buildpack.platform.docker.configuration.ResolvedDockerHost;
import org.springframework.boot.buildpack.platform.docker.ssl.SslContextFactory;
import org.springframework.util.Assert;

/* loaded from: input_file:org/springframework/boot/buildpack/platform/docker/transport/RemoteHttpClientTransport.class */
final class RemoteHttpClientTransport extends HttpClientTransport {
    private static final Timeout SOCKET_TIMEOUT = Timeout.of(30, TimeUnit.MINUTES);

    private RemoteHttpClientTransport(HttpClient httpClient, HttpHost httpHost) {
        super(httpClient, httpHost);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static RemoteHttpClientTransport createIfPossible(ResolvedDockerHost resolvedDockerHost) {
        return createIfPossible(resolvedDockerHost, new SslContextFactory());
    }

    static RemoteHttpClientTransport createIfPossible(ResolvedDockerHost resolvedDockerHost, SslContextFactory sslContextFactory) {
        if (!resolvedDockerHost.isRemote()) {
            return null;
        }
        try {
            return create(resolvedDockerHost, sslContextFactory, HttpHost.create(resolvedDockerHost.getAddress()));
        } catch (URISyntaxException e) {
            return null;
        }
    }

    private static RemoteHttpClientTransport create(DockerHost dockerHost, SslContextFactory sslContextFactory, HttpHost httpHost) {
        PoolingHttpClientConnectionManagerBuilder defaultSocketConfig = PoolingHttpClientConnectionManagerBuilder.create().setDefaultSocketConfig(SocketConfig.copy(SocketConfig.DEFAULT).setSoTimeout(SOCKET_TIMEOUT).build());
        if (dockerHost.isSecure()) {
            defaultSocketConfig.setSSLSocketFactory(getSecureConnectionSocketFactory(dockerHost, sslContextFactory));
        }
        HttpClientBuilder custom = HttpClients.custom();
        custom.setConnectionManager(defaultSocketConfig.build());
        return new RemoteHttpClientTransport(custom.build(), new HttpHost(dockerHost.isSecure() ? "https" : "http", httpHost.getHostName(), httpHost.getPort()));
    }

    private static LayeredConnectionSocketFactory getSecureConnectionSocketFactory(DockerHost dockerHost, SslContextFactory sslContextFactory) {
        String certificatePath = dockerHost.getCertificatePath();
        Assert.hasText(certificatePath, () -> {
            return "Docker host TLS verification requires trust material location to be specified with certificate path";
        });
        return new SSLConnectionSocketFactory(sslContextFactory.forDirectory(certificatePath));
    }
}
