package org.nuxeo.elasticsearch.client;

import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import javax.net.ssl.SSLContext;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.ssl.TrustStrategy;
import org.elasticsearch.client.RequestOptions;
import org.elasticsearch.client.RestClient;
import org.elasticsearch.client.RestClientBuilder;
import org.elasticsearch.client.RestHighLevelClient;
import org.nuxeo.ecm.core.api.NuxeoException;
import org.nuxeo.elasticsearch.api.ESClient;
import org.nuxeo.elasticsearch.api.ESClientFactory;
import org.nuxeo.elasticsearch.config.ElasticSearchClientConfig;
import org.nuxeo.elasticsearch.config.ElasticSearchEmbeddedServerConfig;
import org.nuxeo.elasticsearch.core.ElasticSearchEmbeddedNode;
import org.nuxeo.runtime.api.Framework;

/* loaded from: input_file:org/nuxeo/elasticsearch/client/ESRestClientFactory.class */
public class ESRestClientFactory implements ESClientFactory {
    private static final Log log = LogFactory.getLog(ESRestClientFactory.class);
    public static final String DEFAULT_CONNECT_TIMEOUT_MS = "5000";
    public static final String DEFAULT_SOCKET_TIMEOUT_MS = "20000";
    public static final String CONNECTION_TIMEOUT_MS_OPT = "connection.timeout.ms";
    public static final String SOCKET_TIMEOUT_MS_OPT = "socket.timeout.ms";
    public static final String AUTH_USER_OPT = "username";
    public static final String AUTH_PASSWORD_OPT = "password";
    public static final String TRUST_STORE_PATH_OPT = "trustStorePath";
    public static final String TRUST_STORE_PASSWORD_OPT = "trustStorePassword";
    public static final String TRUST_STORE_TYPE_OPT = "trustStoreType";
    public static final String KEY_STORE_PATH_OPT = "keyStorePath";
    public static final String KEY_STORE_PASSWORD_OPT = "keyStorePassword";
    public static final String KEY_STORE_TYPE_OPT = "keyStoreType";

    @Deprecated
    public static final String DEPRECATED_TRUST_STORE_PATH_OPT = "keystore.path";

    @Deprecated
    public static final String DEPRECATED_TRUST_STORE_PASSWORD_OPT = "keystore.password";

    @Deprecated
    public static final String DEPRECATED_TRUST_STORE_TYPE_OPT = "keystore.type";
    protected static final String DEPRECATED_ES_TRUST_STORE_PATH_PROP = "elasticsearch.restClient.keystorePath";
    protected static final String DEPRECATED_ES_TRUST_STORE_PASSWORD_PROP = "elasticsearch.restClient.keystorePassword";
    protected static final String DEPRECATED_ES_TRUST_STORE_TYPE_PROP = "elasticsearch.restClient.keystoreType";
    protected static final String ES_TRUST_STORE_PATH_PROP = "elasticsearch.restClient.truststore.path";
    protected static final String ES_TRUST_STORE_PASSWORD_PROP = "elasticsearch.restClient.truststore.password";
    protected static final String ES_TRUST_STORE_TYPE_PROP = "elasticsearch.restClient.truststore.type";

    @Override // org.nuxeo.elasticsearch.api.ESClientFactory
    public ESClient create(ElasticSearchEmbeddedNode elasticSearchEmbeddedNode, ElasticSearchClientConfig elasticSearchClientConfig) {
        return elasticSearchEmbeddedNode != null ? createLocalRestClient(elasticSearchEmbeddedNode.getConfig()) : createRestClient(elasticSearchClientConfig);
    }

    protected ESClient createLocalRestClient(ElasticSearchEmbeddedServerConfig elasticSearchEmbeddedServerConfig) {
        if (!elasticSearchEmbeddedServerConfig.httpEnabled()) {
            throw new IllegalArgumentException("Embedded configuration has no HTTP port enable, use TransportClient instead of Rest");
        }
        RestHighLevelClient restHighLevelClient = new RestHighLevelClient(RestClient.builder(new HttpHost("localhost", Integer.parseInt(elasticSearchEmbeddedServerConfig.getHttpPort()))));
        return new ESRestClient(restHighLevelClient.getLowLevelClient(), restHighLevelClient);
    }

    protected ESClient createRestClient(ElasticSearchClientConfig elasticSearchClientConfig) {
        String option = elasticSearchClientConfig.getOption("addressList", "");
        if (option.isEmpty()) {
            throw new IllegalArgumentException("No addressList option provided cannot connect RestClient");
        }
        String[] split = option.split(",");
        HttpHost[] httpHostArr = new HttpHost[split.length];
        int i = 0;
        for (String str : split) {
            int i2 = i;
            i++;
            httpHostArr[i2] = HttpHost.create(str);
        }
        RestClientBuilder maxRetryTimeoutMillis = RestClient.builder(httpHostArr).setRequestConfigCallback(builder -> {
            return builder.setConnectTimeout(getConnectTimeoutMs(elasticSearchClientConfig)).setSocketTimeout(getSocketTimeoutMs(elasticSearchClientConfig));
        }).setMaxRetryTimeoutMillis(getConnectTimeoutMs(elasticSearchClientConfig));
        addClientCallback(elasticSearchClientConfig, maxRetryTimeoutMillis);
        RestHighLevelClient restHighLevelClient = new RestHighLevelClient(maxRetryTimeoutMillis);
        return new ESRestClient(restHighLevelClient.getLowLevelClient(), restHighLevelClient);
    }

    private void addClientCallback(ElasticSearchClientConfig elasticSearchClientConfig, RestClientBuilder restClientBuilder) {
        BasicCredentialsProvider credentialProvider = getCredentialProvider(elasticSearchClientConfig);
        SSLContext sslContext = getSslContext(elasticSearchClientConfig);
        if (sslContext == null && credentialProvider == null) {
            return;
        }
        restClientBuilder.setHttpClientConfigCallback(httpAsyncClientBuilder -> {
            httpAsyncClientBuilder.setSSLContext(sslContext);
            httpAsyncClientBuilder.setDefaultCredentialsProvider(credentialProvider);
            return httpAsyncClientBuilder;
        });
    }

    protected BasicCredentialsProvider getCredentialProvider(ElasticSearchClientConfig elasticSearchClientConfig) {
        if (StringUtils.isBlank(elasticSearchClientConfig.getOption("username"))) {
            return null;
        }
        String option = elasticSearchClientConfig.getOption("username");
        String option2 = elasticSearchClientConfig.getOption("password");
        BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
        basicCredentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(option, option2));
        return basicCredentialsProvider;
    }

    protected SSLContext getSslContext(ElasticSearchClientConfig elasticSearchClientConfig) {
        checkDeprecatedProperties();
        String str = (String) StringUtils.defaultIfBlank(elasticSearchClientConfig.getOption(TRUST_STORE_PATH_OPT), elasticSearchClientConfig.getOption(DEPRECATED_TRUST_STORE_PATH_OPT));
        String str2 = (String) StringUtils.defaultIfBlank(elasticSearchClientConfig.getOption(TRUST_STORE_PASSWORD_OPT), elasticSearchClientConfig.getOption(DEPRECATED_TRUST_STORE_PASSWORD_OPT));
        String str3 = (String) StringUtils.defaultIfBlank(elasticSearchClientConfig.getOption(TRUST_STORE_TYPE_OPT), elasticSearchClientConfig.getOption(DEPRECATED_TRUST_STORE_TYPE_OPT));
        String option = elasticSearchClientConfig.getOption(KEY_STORE_PATH_OPT);
        String option2 = elasticSearchClientConfig.getOption(KEY_STORE_PASSWORD_OPT);
        String option3 = elasticSearchClientConfig.getOption(KEY_STORE_TYPE_OPT);
        try {
            KeyStore loadKeyStore = loadKeyStore(str, str2, str3);
            KeyStore loadKeyStore2 = loadKeyStore(option, option2, option3);
            if (loadKeyStore == null && loadKeyStore2 == null) {
                return null;
            }
            SSLContextBuilder custom = SSLContexts.custom();
            if (loadKeyStore != null) {
                custom.loadTrustMaterial(loadKeyStore, (TrustStrategy) null);
            }
            if (loadKeyStore2 != null) {
                custom.loadKeyMaterial(loadKeyStore2, null);
            }
            return custom.build();
        } catch (IOException | GeneralSecurityException e) {
            throw new NuxeoException("Cannot setup SSL for RestClient: " + elasticSearchClientConfig, e);
        }
    }

    protected void checkDeprecatedProperties() {
        checkDeprecatedProperty(DEPRECATED_ES_TRUST_STORE_PATH_PROP, ES_TRUST_STORE_PATH_PROP);
        checkDeprecatedProperty(DEPRECATED_ES_TRUST_STORE_PASSWORD_PROP, ES_TRUST_STORE_PASSWORD_PROP);
        checkDeprecatedProperty(DEPRECATED_ES_TRUST_STORE_TYPE_PROP, ES_TRUST_STORE_TYPE_PROP);
    }

    protected void checkDeprecatedProperty(String str, String str2) {
        if (Framework.getRuntime() != null && StringUtils.isNotBlank(Framework.getProperty(str))) {
            log.warn("Configuration property " + str + " is deprecated, use " + str2 + " instead");
        }
    }

    protected KeyStore loadKeyStore(String str, String str2, String str3) throws GeneralSecurityException, IOException {
        if (StringUtils.isBlank(str)) {
            return null;
        }
        KeyStore keyStore = KeyStore.getInstance((String) StringUtils.defaultIfBlank(str3, KeyStore.getDefaultType()));
        char[] charArray = StringUtils.isBlank(str2) ? null : str2.toCharArray();
        InputStream newInputStream = Files.newInputStream(Paths.get(str, new String[0]), new OpenOption[0]);
        Throwable th = null;
        try {
            try {
                keyStore.load(newInputStream, charArray);
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                return keyStore;
            } finally {
            }
        } catch (Throwable th3) {
            if (newInputStream != null) {
                if (th != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    newInputStream.close();
                }
            }
            throw th3;
        }
    }

    protected int getConnectTimeoutMs(ElasticSearchClientConfig elasticSearchClientConfig) {
        return Integer.parseInt(elasticSearchClientConfig.getOption(CONNECTION_TIMEOUT_MS_OPT, "5000"));
    }

    protected int getSocketTimeoutMs(ElasticSearchClientConfig elasticSearchClientConfig) {
        return Integer.parseInt(elasticSearchClientConfig.getOption(SOCKET_TIMEOUT_MS_OPT, DEFAULT_SOCKET_TIMEOUT_MS));
    }

    protected void checkConnection(RestHighLevelClient restHighLevelClient) {
        boolean z = false;
        try {
            z = restHighLevelClient.ping(RequestOptions.DEFAULT);
        } catch (IOException e) {
            log.error(e.getMessage(), e);
        }
        if (!z) {
            throw new IllegalStateException("Fail to ping rest node");
        }
    }
}
