package com.amazon.opendistroforelasticsearch.commons.rest;

import com.amazon.opendistroforelasticsearch.commons.ConfigConstants;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Arrays;
import javax.net.ssl.SSLContext;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.nio.client.HttpAsyncClientBuilder;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.TrustStrategy;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.client.RestClient;
import org.elasticsearch.client.RestClientBuilder;
import org.elasticsearch.client.RestHighLevelClient;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.settings.Settings;

/* loaded from: input_file:com/amazon/opendistroforelasticsearch/commons/rest/SecureRestClientBuilder.class */
public class SecureRestClientBuilder {
    private final boolean httpSSLEnabled;
    private final String user;
    private final String passwd;
    private final ArrayList<HttpHost> hosts;
    private final Path configPath;
    private final Settings settings;
    private int defaultConnectTimeOutMSecs;
    private int defaultSoTimeoutMSecs;
    private int defaultConnRequestTimeoutMSecs;
    private static final Logger log = LogManager.getLogger(SecureRestClientBuilder.class);

    public SecureRestClientBuilder(String str, int i, boolean z, String str2, String str3) {
        this.hosts = new ArrayList<>();
        this.defaultConnectTimeOutMSecs = 5000;
        this.defaultSoTimeoutMSecs = 10000;
        this.defaultConnRequestTimeoutMSecs = 0;
        if (Strings.isNullOrEmpty(str2) || Strings.isNullOrEmpty(str3)) {
            throw new IllegalArgumentException("Invalid user or password");
        }
        this.httpSSLEnabled = z;
        this.user = str2;
        this.passwd = str3;
        this.settings = Settings.EMPTY;
        this.configPath = null;
        this.hosts.add(new HttpHost(str, i, z ? ConfigConstants.HTTPS : ConfigConstants.HTTP));
    }

    public SecureRestClientBuilder(HttpHost[] httpHostArr, boolean z, String str, String str2) {
        this.hosts = new ArrayList<>();
        this.defaultConnectTimeOutMSecs = 5000;
        this.defaultSoTimeoutMSecs = 10000;
        this.defaultConnRequestTimeoutMSecs = 0;
        if (Strings.isNullOrEmpty(str) || Strings.isNullOrEmpty(str2)) {
            throw new IllegalArgumentException("Invalid user or password");
        }
        this.httpSSLEnabled = z;
        this.user = str;
        this.passwd = str2;
        this.settings = Settings.EMPTY;
        this.configPath = null;
        this.hosts.addAll(Arrays.asList(httpHostArr));
    }

    public SecureRestClientBuilder(Settings settings, Path path) {
        this.hosts = new ArrayList<>();
        this.defaultConnectTimeOutMSecs = 5000;
        this.defaultSoTimeoutMSecs = 10000;
        this.defaultConnRequestTimeoutMSecs = 0;
        this.httpSSLEnabled = settings.getAsBoolean(ConfigConstants.OPENDISTRO_SECURITY_SSL_HTTP_ENABLED, false).booleanValue();
        this.settings = settings;
        this.configPath = path;
        this.user = null;
        this.passwd = null;
        this.hosts.add(new HttpHost(ConfigConstants.HOST_DEFAULT, settings.getAsInt(ConfigConstants.HTTP_PORT, Integer.valueOf(ConfigConstants.HTTP_PORT_DEFAULT)).intValue(), this.httpSSLEnabled ? ConfigConstants.HTTPS : ConfigConstants.HTTP));
    }

    public RestClient build() throws IOException {
        return createRestClientBuilder().build();
    }

    public RestHighLevelClient buildHighlevelClient() throws IOException {
        return new RestHighLevelClient(createRestClientBuilder());
    }

    public SecureRestClientBuilder setConnectTimeout(int i) {
        this.defaultConnectTimeOutMSecs = i;
        return this;
    }

    public SecureRestClientBuilder setSocketTimeout(int i) {
        this.defaultSoTimeoutMSecs = i;
        return this;
    }

    public SecureRestClientBuilder setConnectionRequestTimeout(int i) {
        this.defaultConnRequestTimeoutMSecs = i;
        return this;
    }

    private RestClientBuilder createRestClientBuilder() throws IOException {
        RestClientBuilder builder = RestClient.builder((HttpHost[]) this.hosts.toArray(new HttpHost[this.hosts.size()]));
        builder.setRequestConfigCallback(new RestClientBuilder.RequestConfigCallback() { // from class: com.amazon.opendistroforelasticsearch.commons.rest.SecureRestClientBuilder.1
            public RequestConfig.Builder customizeRequestConfig(RequestConfig.Builder builder2) {
                return builder2.setConnectTimeout(SecureRestClientBuilder.this.defaultConnectTimeOutMSecs).setSocketTimeout(SecureRestClientBuilder.this.defaultSoTimeoutMSecs).setConnectionRequestTimeout(SecureRestClientBuilder.this.defaultConnRequestTimeoutMSecs);
            }
        });
        try {
            final SSLContext createSSLContext = createSSLContext();
            final CredentialsProvider createCredsProvider = createCredsProvider();
            builder.setHttpClientConfigCallback(new RestClientBuilder.HttpClientConfigCallback() { // from class: com.amazon.opendistroforelasticsearch.commons.rest.SecureRestClientBuilder.2
                public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpAsyncClientBuilder) {
                    if (createSSLContext != null) {
                        httpAsyncClientBuilder.setSSLContext(createSSLContext);
                    }
                    if (createCredsProvider != null) {
                        httpAsyncClientBuilder.setDefaultCredentialsProvider(createCredsProvider);
                    }
                    return httpAsyncClientBuilder;
                }
            });
            return builder;
        } catch (IOException | GeneralSecurityException e) {
            throw new IOException(e);
        }
    }

    private SSLContext createSSLContext() throws IOException, GeneralSecurityException {
        SSLContextBuilder sSLContextBuilder = new SSLContextBuilder();
        if (this.httpSSLEnabled) {
            String trustPem = getTrustPem();
            if (Strings.isNullOrEmpty(trustPem)) {
                sSLContextBuilder.loadTrustMaterial((KeyStore) null, new TrustSelfSignedStrategy());
            } else {
                sSLContextBuilder.loadTrustMaterial(new TrustStore(resolve(trustPem, this.configPath)).create(), (TrustStrategy) null);
            }
            KeyStore keyStore = getKeyStore();
            if (keyStore != null) {
                sSLContextBuilder.loadKeyMaterial(keyStore, getKeystorePasswd().toCharArray());
            }
        }
        return sSLContextBuilder.build();
    }

    private CredentialsProvider createCredsProvider() {
        if (Strings.isNullOrEmpty(this.user) || Strings.isNullOrEmpty(this.passwd)) {
            return null;
        }
        BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
        basicCredentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(this.user, this.passwd));
        return basicCredentialsProvider;
    }

    private String resolve(String str, Path path) {
        String str2 = null;
        if (str != null && str.length() > 0) {
            str2 = path.resolve(str).toAbsolutePath().toString();
            log.debug("Resolved {} to {} against {}", str, str2, path.toAbsolutePath().toString());
        }
        if (str2 == null || str2.length() == 0) {
            throw new ElasticsearchException("Empty file path for " + str, new Object[0]);
        }
        if (Files.isDirectory(Paths.get(str2, new String[0]), LinkOption.NOFOLLOW_LINKS)) {
            throw new ElasticsearchException("Is a directory: " + str2 + " Expected a file for " + str, new Object[0]);
        }
        if (!Files.isReadable(Paths.get(str2, new String[0]))) {
            throw new ElasticsearchException("Unable to read " + str2 + " (" + Paths.get(str2, new String[0]) + "). Please make sure this files exists and is readable regarding to permissions. Property: " + str, new Object[0]);
        }
        if ("".equals(str2)) {
            str2 = null;
        }
        return str2;
    }

    private String getTrustPem() {
        return this.settings.get(ConfigConstants.OPENDISTRO_SECURITY_SSL_HTTP_PEMCERT_FILEPATH, (String) null);
    }

    private String getKeystorePasswd() {
        return this.settings.get(ConfigConstants.OPENDISTRO_SECURITY_SSL_HTTP_KEYSTORE_KEYPASSWORD, (String) null);
    }

    private KeyStore getKeyStore() throws IOException, GeneralSecurityException {
        KeyStore keyStore = KeyStore.getInstance("jks");
        String str = this.settings.get(ConfigConstants.OPENDISTRO_SECURITY_SSL_HTTP_KEYSTORE_FILEPATH, (String) null);
        String str2 = this.settings.get(ConfigConstants.OPENDISTRO_SECURITY_SSL_HTTP_KEYSTORE_PASSWORD, (String) null);
        if (Strings.isNullOrEmpty(str) || Strings.isNullOrEmpty(str2)) {
            return null;
        }
        InputStream newInputStream = Files.newInputStream(Paths.get(resolve(str, this.configPath), new String[0]), new OpenOption[0]);
        try {
            keyStore.load(newInputStream, str2.toCharArray());
            if (newInputStream != null) {
                newInputStream.close();
            }
            return keyStore;
        } catch (Throwable th) {
            if (newInputStream != null) {
                try {
                    newInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
