package com.floragunn.searchguard.enterprise.auditlog.sink;

import com.floragunn.searchguard.enterprise.auditlog.impl.AuditMessage;
import com.floragunn.searchguard.support.PemKeyReader;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.nio.file.Path;
import java.security.AccessController;
import java.security.KeyStore;
import java.security.PrivilegedAction;
import java.security.cert.X509Certificate;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.TrustStrategy;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.settings.Settings;

/* loaded from: input_file:com/floragunn/searchguard/enterprise/auditlog/sink/WebhookSink.class */
public class WebhookSink extends AuditLogSink {
    private final CloseableHttpClient httpClient;
    String webhookUrl;
    WebhookFormat webhookFormat;
    final boolean verifySSL;
    final KeyStore effectiveTruststore;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/floragunn/searchguard/enterprise/auditlog/sink/WebhookSink$HttpMethod.class */
    public enum HttpMethod {
        GET,
        POST
    }

    /* loaded from: input_file:com/floragunn/searchguard/enterprise/auditlog/sink/WebhookSink$WebhookFormat.class */
    public enum WebhookFormat {
        URL_PARAMETER_GET(HttpMethod.GET, ContentType.TEXT_PLAIN),
        URL_PARAMETER_POST(HttpMethod.POST, ContentType.TEXT_PLAIN),
        TEXT(HttpMethod.POST, ContentType.TEXT_PLAIN),
        JSON(HttpMethod.POST, ContentType.APPLICATION_JSON),
        SLACK(HttpMethod.POST, ContentType.APPLICATION_JSON);

        private HttpMethod method;
        private ContentType contentType;

        WebhookFormat(HttpMethod httpMethod, ContentType contentType) {
            this.method = httpMethod;
            this.contentType = contentType;
        }

        HttpMethod getMethod() {
            return this.method;
        }

        ContentType getContentType() {
            return this.contentType;
        }
    }

    public WebhookSink(String str, Settings settings, String str2, Path path, AuditLogSink auditLogSink) throws Exception {
        super(str, settings, str2, auditLogSink);
        this.webhookUrl = null;
        this.webhookFormat = null;
        Settings asSettings = settings.getAsSettings(str2);
        this.effectiveTruststore = getEffectiveKeyStore(path);
        String str3 = asSettings.get("webhook.url");
        String str4 = asSettings.get("webhook.format");
        this.verifySSL = asSettings.getAsBoolean("webhook.ssl.verify", true).booleanValue();
        this.httpClient = getHttpClient();
        if (this.httpClient == null) {
            this.log.error("Could not create HttpClient, audit log not available.");
            return;
        }
        if (Strings.isEmpty(str3)) {
            this.log.error("searchguard.audit.config.webhook.url not provided, webhook audit log will not work");
            return;
        }
        try {
            new URL(str3);
            this.webhookUrl = str3;
        } catch (MalformedURLException e) {
            this.log.error("URL {} is invalid, webhook audit log will not work.", str3, e);
        }
        if (Strings.isEmpty(str4)) {
            this.log.warn("searchguard.audit.config.webhook.format not provided, falling back to 'text'");
            this.webhookFormat = WebhookFormat.TEXT;
            return;
        }
        try {
            this.webhookFormat = WebhookFormat.valueOf(str4.toUpperCase());
        } catch (Exception e2) {
            this.log.error("Could not find WebhookFormat for type {}, falling back to 'text'", str4, e2);
            this.webhookFormat = WebhookFormat.TEXT;
        }
    }

    @Override // com.floragunn.searchguard.enterprise.auditlog.sink.AuditLogSink
    public boolean doStore(final AuditMessage auditMessage) {
        if (Strings.isEmpty(this.webhookUrl)) {
            this.log.debug("Webhook URL is null");
            return false;
        }
        if (auditMessage != null) {
            return ((Boolean) AccessController.doPrivileged(new PrivilegedAction<Boolean>() { // from class: com.floragunn.searchguard.enterprise.auditlog.sink.WebhookSink.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Boolean run() {
                    boolean z = false;
                    try {
                        switch (WebhookSink.this.webhookFormat.method) {
                            case GET:
                                z = WebhookSink.this.get(auditMessage);
                                break;
                            case POST:
                                z = WebhookSink.this.post(auditMessage);
                                break;
                            default:
                                WebhookSink.this.log.error("Http Method '{}' defined in WebhookFormat '{}' not implemented yet", WebhookSink.this.webhookFormat.method.name(), WebhookSink.this.webhookFormat.name());
                                break;
                        }
                        if (!z) {
                            WebhookSink.this.log.error(auditMessage.toString());
                        }
                        return Boolean.valueOf(z);
                    } catch (Throwable th) {
                        WebhookSink.this.log.error("Uncaught exception while trying to log message.", th);
                        WebhookSink.this.log.error(auditMessage.toString());
                        return false;
                    }
                }
            })).booleanValue();
        }
        this.log.debug("Message is null");
        return true;
    }

    @Override // com.floragunn.searchguard.enterprise.auditlog.sink.AuditLogSink
    public void close() throws IOException {
        if (this.httpClient != null) {
            this.httpClient.close();
        }
    }

    protected String formatJson(AuditMessage auditMessage) {
        return auditMessage.toJson();
    }

    protected String formatText(AuditMessage auditMessage) {
        return auditMessage.toText();
    }

    protected String formatSlack(AuditMessage auditMessage) {
        return "{\"text\": \"" + auditMessage.toText() + "\"}";
    }

    protected String formatUrlParameters(AuditMessage auditMessage) {
        return auditMessage.toUrlParameters();
    }

    boolean get(AuditMessage auditMessage) {
        switch (this.webhookFormat) {
            case URL_PARAMETER_GET:
                return doGet(this.webhookUrl + formatUrlParameters(auditMessage));
            default:
                this.log.error("WebhookFormat '{}' not implemented yet", this.webhookFormat.name());
                return false;
        }
    }

    protected boolean doGet(String str) {
        CloseableHttpResponse closeableHttpResponse = null;
        try {
            try {
                closeableHttpResponse = this.httpClient.execute(new HttpGet(str));
                int statusCode = closeableHttpResponse.getStatusLine().getStatusCode();
                if (statusCode == 200) {
                    if (closeableHttpResponse != null) {
                        try {
                            closeableHttpResponse.close();
                        } catch (IOException e) {
                            this.log.error("Cannot close server response", e);
                        }
                    }
                    return true;
                }
                this.log.error("Cannot GET to webhook URL '{}', server returned status {}", this.webhookUrl, Integer.valueOf(statusCode));
                if (closeableHttpResponse != null) {
                    try {
                        closeableHttpResponse.close();
                    } catch (IOException e2) {
                        this.log.error("Cannot close server response", e2);
                    }
                }
                return false;
            } catch (Throwable th) {
                this.log.error("Cannot GET to webhook URL '{}'", this.webhookUrl, th);
                if (closeableHttpResponse != null) {
                    try {
                        closeableHttpResponse.close();
                    } catch (IOException e3) {
                        this.log.error("Cannot close server response", e3);
                        return false;
                    }
                }
                return false;
            }
        } catch (Throwable th2) {
            if (closeableHttpResponse != null) {
                try {
                    closeableHttpResponse.close();
                } catch (IOException e4) {
                    this.log.error("Cannot close server response", e4);
                    throw th2;
                }
            }
            throw th2;
        }
    }

    boolean post(AuditMessage auditMessage) {
        String str;
        String str2 = this.webhookUrl;
        switch (this.webhookFormat.ordinal()) {
            case 1:
                str = "";
                str2 = this.webhookUrl + formatUrlParameters(auditMessage);
                break;
            case 2:
                str = formatText(auditMessage);
                break;
            case 3:
                str = formatJson(auditMessage);
                break;
            case 4:
                str = "{\"text\": \"" + auditMessage.toText() + "\"}";
                break;
            default:
                this.log.error("WebhookFormat '{}' not implemented yet", this.webhookFormat.name());
                return false;
        }
        return doPost(str2, str);
    }

    protected boolean doPost(String str, String str2) {
        HttpPost httpPost = new HttpPost(str);
        StringEntity stringEntity = new StringEntity(str2, StandardCharsets.UTF_8);
        stringEntity.setContentType(this.webhookFormat.contentType.toString());
        httpPost.setEntity(stringEntity);
        CloseableHttpResponse closeableHttpResponse = null;
        try {
            try {
                closeableHttpResponse = this.httpClient.execute(httpPost);
                int statusCode = closeableHttpResponse.getStatusLine().getStatusCode();
                if (statusCode == 200) {
                    if (closeableHttpResponse != null) {
                        try {
                            closeableHttpResponse.close();
                        } catch (IOException e) {
                            this.log.error("Cannot close server response", e);
                        }
                    }
                    return true;
                }
                this.log.error("Cannot POST to webhook URL '{}', server returned status {}", this.webhookUrl, Integer.valueOf(statusCode));
                if (closeableHttpResponse != null) {
                    try {
                        closeableHttpResponse.close();
                    } catch (IOException e2) {
                        this.log.error("Cannot close server response", e2);
                    }
                }
                return false;
            } catch (Throwable th) {
                this.log.error("Cannot POST to webhook URL '{}' due to '{}'", this.webhookUrl, th.getMessage(), th);
                if (closeableHttpResponse != null) {
                    try {
                        closeableHttpResponse.close();
                    } catch (IOException e3) {
                        this.log.error("Cannot close server response", e3);
                        return false;
                    }
                }
                return false;
            }
        } catch (Throwable th2) {
            if (closeableHttpResponse != null) {
                try {
                    closeableHttpResponse.close();
                } catch (IOException e4) {
                    this.log.error("Cannot close server response", e4);
                    throw th2;
                }
            }
            throw th2;
        }
    }

    private KeyStore getEffectiveKeyStore(final Path path) {
        return (KeyStore) AccessController.doPrivileged(new PrivilegedAction<KeyStore>() { // from class: com.floragunn.searchguard.enterprise.auditlog.sink.WebhookSink.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public KeyStore run() {
                try {
                    Settings asSettings = WebhookSink.this.settings.getAsSettings(WebhookSink.this.settingsPrefix);
                    if (!((asSettings.get("webhook.ssl.pemtrustedcas_filepath", (String) null) == null && asSettings.get("webhook.ssl.pemtrustedcas_content", (String) null) == null) ? false : true)) {
                        return PemKeyReader.loadKeyStore(PemKeyReader.resolve("searchguard.ssl.transport.truststore_filepath", WebhookSink.this.settings, path, false), WebhookSink.this.settings.get("searchguard.ssl.transport.truststore_password", "changeit"), WebhookSink.this.settings.get("searchguard.ssl.transport.truststore_type"));
                    }
                    X509Certificate[] loadCertificatesFromStream = PemKeyReader.loadCertificatesFromStream(PemKeyReader.resolveStream("webhook.ssl.pemtrustedcas_content", asSettings));
                    if (loadCertificatesFromStream == null) {
                        loadCertificatesFromStream = PemKeyReader.loadCertificatesFromFile(PemKeyReader.resolve(WebhookSink.this.settingsPrefix + ".webhook.ssl.pemtrustedcas_filepath", WebhookSink.this.settings, path, false));
                    }
                    return PemKeyReader.toTruststore("alw", loadCertificatesFromStream);
                } catch (Exception e) {
                    WebhookSink.this.log.error("Could not load key material. Make sure your certificates are located relative to the config directory", e);
                    return null;
                }
            }
        });
    }

    CloseableHttpClient getHttpClient() {
        RequestConfig build = RequestConfig.custom().setConnectTimeout(5 * 1000).setConnectionRequestTimeout(5 * 1000).setSocketTimeout(5 * 1000).build();
        try {
            return !this.verifySSL ? HttpClients.custom().setSSLSocketFactory(new SSLConnectionSocketFactory(new SSLContextBuilder().loadTrustMaterial(new TrustStrategy() { // from class: com.floragunn.searchguard.enterprise.auditlog.sink.WebhookSink.3
                public boolean isTrusted(X509Certificate[] x509CertificateArr, String str) {
                    return true;
                }
            }).build(), NoopHostnameVerifier.INSTANCE)).setDefaultRequestConfig(build).build() : this.effectiveTruststore == null ? HttpClients.custom().setDefaultRequestConfig(build).build() : HttpClients.custom().setSSLSocketFactory(new SSLConnectionSocketFactory(new SSLContextBuilder().loadTrustMaterial(this.effectiveTruststore, (TrustStrategy) null).build(), new DefaultHostnameVerifier())).setDefaultRequestConfig(build).build();
        } catch (Exception e) {
            this.log.error("Could not create HTTPClient due to {}, audit log not available.", e.getMessage(), e);
            return null;
        }
    }
}
