package io.camunda.zeebe.exporter.opensearch;

import io.camunda.zeebe.exporter.opensearch.OpensearchExporterConfiguration;
import io.github.acm19.aws.interceptor.http.AwsRequestSigningApacheInterceptor;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.conn.ssl.TrustAllStrategy;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.nio.client.HttpAsyncClientBuilder;
import org.apache.http.impl.nio.reactor.IOReactorConfig;
import org.apache.http.ssl.SSLContextBuilder;
import org.opensearch.client.RestClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
import software.amazon.awssdk.auth.signer.Aws4Signer;

/* loaded from: input_file:io/camunda/zeebe/exporter/opensearch/RestClientFactory.class */
final class RestClientFactory {
    private static final RestClientFactory INSTANCE = new RestClientFactory();
    private final Logger log = LoggerFactory.getLogger(getClass().getPackageName());

    private RestClientFactory() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static RestClient of(OpensearchExporterConfiguration opensearchExporterConfiguration) {
        return of(opensearchExporterConfiguration, false);
    }

    static RestClient of(OpensearchExporterConfiguration opensearchExporterConfiguration, boolean z) {
        return INSTANCE.createRestClient(opensearchExporterConfiguration, z);
    }

    private RestClient createRestClient(OpensearchExporterConfiguration opensearchExporterConfiguration, boolean z) {
        return RestClient.builder(parseUrl(opensearchExporterConfiguration)).setRequestConfigCallback(builder -> {
            return builder.setConnectTimeout(opensearchExporterConfiguration.requestTimeoutMs).setSocketTimeout(opensearchExporterConfiguration.requestTimeoutMs);
        }).setHttpClientConfigCallback(httpAsyncClientBuilder -> {
            return configureHttpClient(opensearchExporterConfiguration, httpAsyncClientBuilder, z);
        }).build();
    }

    private HttpAsyncClientBuilder configureHttpClient(OpensearchExporterConfiguration opensearchExporterConfiguration, HttpAsyncClientBuilder httpAsyncClientBuilder, boolean z) {
        httpAsyncClientBuilder.setDefaultIOReactorConfig(IOReactorConfig.custom().setIoThreadCount(1).build());
        if (opensearchExporterConfiguration.hasAuthenticationPresent()) {
            setupBasicAuthentication(opensearchExporterConfiguration, httpAsyncClientBuilder);
            this.log.info("Basic authentication is enabled.");
        } else {
            this.log.info("Basic authentication is disabled.");
        }
        if (opensearchExporterConfiguration.aws.enabled) {
            configureAws(httpAsyncClientBuilder, opensearchExporterConfiguration.aws);
            this.log.info("AWS Signing is enabled.");
        } else {
            this.log.info("AWS Signing is disabled.");
        }
        if (z) {
            try {
                httpAsyncClientBuilder.setSSLContext(SSLContextBuilder.create().loadTrustMaterial((KeyStore) null, new TrustAllStrategy()).build());
            } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException e) {
                throw new RuntimeException(e);
            }
        }
        return httpAsyncClientBuilder;
    }

    private void setupBasicAuthentication(OpensearchExporterConfiguration opensearchExporterConfiguration, HttpAsyncClientBuilder httpAsyncClientBuilder) {
        BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
        basicCredentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(opensearchExporterConfiguration.getAuthentication().getUsername(), opensearchExporterConfiguration.getAuthentication().getPassword()));
        httpAsyncClientBuilder.setDefaultCredentialsProvider(basicCredentialsProvider);
    }

    public void configureAws(HttpAsyncClientBuilder httpAsyncClientBuilder, OpensearchExporterConfiguration.AwsConfiguration awsConfiguration) {
        DefaultCredentialsProvider create = DefaultCredentialsProvider.create();
        create.resolveCredentials();
        httpAsyncClientBuilder.addInterceptorLast(new AwsRequestSigningApacheInterceptor(awsConfiguration.serviceName, Aws4Signer.create(), create, awsConfiguration.region));
    }

    private HttpHost[] parseUrl(OpensearchExporterConfiguration opensearchExporterConfiguration) {
        String[] split = opensearchExporterConfiguration.url.split(",");
        HttpHost[] httpHostArr = new HttpHost[split.length];
        for (int i = 0; i < split.length; i++) {
            httpHostArr[i] = HttpHost.create(split[i]);
        }
        return httpHostArr;
    }
}
