package com.floragunn.searchguard.httpclient;

import com.google.common.collect.Lists;
import java.io.Closeable;
import java.io.IOException;
import java.net.Socket;
import java.nio.charset.StandardCharsets;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.Base64;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import org.apache.http.HttpHost;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.impl.nio.client.HttpAsyncClientBuilder;
import org.apache.http.message.BasicHeader;
import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy;
import org.apache.http.ssl.PrivateKeyDetails;
import org.apache.http.ssl.PrivateKeyStrategy;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.ssl.TrustStrategy;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.action.index.IndexRequest;
import org.elasticsearch.action.index.IndexResponse;
import org.elasticsearch.action.support.WriteRequest;
import org.elasticsearch.client.Node;
import org.elasticsearch.client.RequestOptions;
import org.elasticsearch.client.RestClient;
import org.elasticsearch.client.RestClientBuilder;
import org.elasticsearch.client.RestHighLevelClient;
import org.elasticsearch.xcontent.XContentType;

/* loaded from: input_file:com/floragunn/searchguard/httpclient/HttpClient.class */
public class HttpClient implements Closeable {
    private final KeyStore trustStore;
    private final Logger log;
    private RestHighLevelClient rclient;
    private String basicCredentials;
    private KeyStore keystore;
    private String keystoreAlias;
    private char[] keyPassword;
    private boolean verifyHostnames;
    private boolean ssl;
    private String[] supportedProtocols;
    private String[] supportedCipherSuites;

    /* loaded from: input_file:com/floragunn/searchguard/httpclient/HttpClient$HttpClientBuilder.class */
    public static class HttpClientBuilder {
        private KeyStore trustStore;
        private String basicCredentials;
        private KeyStore keystore;
        private String keystoreAlias;
        private char[] keyPassword;
        private boolean verifyHostnames;
        private String[] supportedProtocols;
        private String[] supportedCipherSuites;
        private final String[] servers;
        private boolean ssl;

        private HttpClientBuilder(String... strArr) {
            this.supportedProtocols = null;
            this.supportedCipherSuites = null;
            this.servers = (String[]) Objects.requireNonNull(strArr);
            if (this.servers.length == 0) {
                throw new IllegalArgumentException();
            }
        }

        public HttpClientBuilder enableSsl(KeyStore keyStore, boolean z) {
            this.ssl = true;
            this.trustStore = (KeyStore) Objects.requireNonNull(keyStore);
            this.verifyHostnames = z;
            return this;
        }

        public HttpClientBuilder setBasicCredentials(String str, String str2) {
            this.basicCredentials = encodeBasicHeader((String) Objects.requireNonNull(str), (String) Objects.requireNonNull(str2));
            return this;
        }

        public HttpClientBuilder setPkiCredentials(KeyStore keyStore, char[] cArr, String str) {
            this.keystore = (KeyStore) Objects.requireNonNull(keyStore);
            this.keyPassword = cArr;
            this.keystoreAlias = str;
            return this;
        }

        public HttpClientBuilder setSupportedProtocols(String[] strArr) {
            this.supportedProtocols = strArr;
            return this;
        }

        public HttpClientBuilder setSupportedCipherSuites(String[] strArr) {
            this.supportedCipherSuites = strArr;
            return this;
        }

        public HttpClient build() throws Exception {
            return new HttpClient(this.trustStore, this.basicCredentials, this.keystore, this.keyPassword, this.keystoreAlias, this.verifyHostnames, this.ssl, this.supportedProtocols, this.supportedCipherSuites, this.servers);
        }

        private static String encodeBasicHeader(String str, String str2) {
            return Base64.getEncoder().encodeToString((str + ":" + ((String) Objects.requireNonNull(str2))).getBytes(StandardCharsets.UTF_8));
        }
    }

    public static HttpClientBuilder builder(String... strArr) {
        return new HttpClientBuilder(strArr);
    }

    private HttpClient(KeyStore keyStore, String str, KeyStore keyStore2, char[] cArr, String str2, boolean z, boolean z2, String[] strArr, String[] strArr2, String... strArr3) throws UnrecoverableKeyException, KeyManagementException, NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException {
        this.log = LogManager.getLogger(getClass());
        this.trustStore = keyStore;
        this.basicCredentials = str;
        this.keystore = keyStore2;
        this.keyPassword = cArr;
        this.verifyHostnames = z;
        this.ssl = z2;
        this.supportedProtocols = strArr;
        this.supportedCipherSuites = strArr2;
        this.keystoreAlias = str2;
        RestClientBuilder builder = RestClient.builder((HttpHost[]) ((List) Arrays.stream(strArr3).map(str3 -> {
            return str3.split(":");
        }).map(strArr4 -> {
            return new HttpHost(strArr4[0], Integer.parseInt(strArr4[1]), z2 ? "https" : "http");
        }).collect(Collectors.toList())).toArray(new HttpHost[0]));
        builder.setFailureListener(new RestClient.FailureListener() { // from class: com.floragunn.searchguard.httpclient.HttpClient.1
            public void onFailure(Node node) {
            }
        });
        builder.setHttpClientConfigCallback(new RestClientBuilder.HttpClientConfigCallback() { // from class: com.floragunn.searchguard.httpclient.HttpClient.2
            public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpAsyncClientBuilder) {
                try {
                    return HttpClient.this.asyncClientBuilder(httpAsyncClientBuilder);
                } catch (Exception e) {
                    HttpClient.this.log.error("Unable to build http client", e);
                    throw new RuntimeException(e);
                }
            }
        });
        this.rclient = new RestHighLevelClient(builder);
    }

    public boolean index(String str, String str2, String str3, boolean z) {
        try {
            IndexResponse index = this.rclient.index((str3 == null ? new IndexRequest(str2) : new IndexRequest(str2)).setRefreshPolicy(z ? WriteRequest.RefreshPolicy.IMMEDIATE : WriteRequest.RefreshPolicy.NONE).source(str, XContentType.JSON), RequestOptions.DEFAULT);
            if (index.getShardInfo().getSuccessful() > 0) {
                if (index.getShardInfo().getFailed() == 0) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            this.log.error(e.toString(), e);
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final HttpAsyncClientBuilder asyncClientBuilder(HttpAsyncClientBuilder httpAsyncClientBuilder) throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, KeyManagementException {
        if (this.ssl) {
            SSLContextBuilder custom = SSLContexts.custom();
            if (this.log.isTraceEnabled()) {
                this.log.trace("Configure HTTP client with SSL");
            }
            if (this.trustStore != null) {
                custom.loadTrustMaterial(this.trustStore, (TrustStrategy) null);
            }
            if (this.keystore != null) {
                custom.loadKeyMaterial(this.keystore, this.keyPassword, new PrivateKeyStrategy() { // from class: com.floragunn.searchguard.httpclient.HttpClient.3
                    public String chooseAlias(Map<String, PrivateKeyDetails> map, Socket socket) {
                        return (map == null || map.isEmpty()) ? HttpClient.this.keystoreAlias : (HttpClient.this.keystoreAlias == null || HttpClient.this.keystoreAlias.isEmpty()) ? map.keySet().iterator().next() : HttpClient.this.keystoreAlias;
                    }
                });
            }
            httpAsyncClientBuilder.setSSLStrategy(new SSLIOSessionStrategy(custom.build(), this.supportedProtocols, this.supportedCipherSuites, this.verifyHostnames ? new DefaultHostnameVerifier() : NoopHostnameVerifier.INSTANCE));
        }
        if (this.basicCredentials != null) {
            httpAsyncClientBuilder.setDefaultHeaders(Lists.newArrayList(new BasicHeader[]{new BasicHeader("Authorization", "Basic " + this.basicCredentials)}));
        }
        httpAsyncClientBuilder.setDefaultRequestConfig(RequestConfig.custom().setConnectTimeout(5 * 1000).setConnectionRequestTimeout(5 * 1000).setSocketTimeout(5 * 1000).build());
        return httpAsyncClientBuilder;
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        if (this.rclient != null) {
            this.rclient.close();
        }
    }
}
