package io.apiman.common.es.util;

import io.apiman.common.config.options.GenericOptionsParser;
import io.apiman.common.config.options.Predicates;
import io.apiman.common.es.util.builder.index.EsIndexProperties;
import io.apiman.common.logging.ApimanLoggerFactory;
import io.apiman.common.logging.IApimanLogger;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.KeyStore;
import java.util.Map;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.nio.client.HttpAsyncClientBuilder;
import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.TrustStrategy;
import org.elasticsearch.client.RestClient;
import org.elasticsearch.client.RestClientBuilder;
import org.elasticsearch.client.RestHighLevelClient;

/* loaded from: input_file:io/apiman/common/es/util/DefaultEsClientFactory.class */
public class DefaultEsClientFactory extends AbstractClientFactory implements IEsClientFactory {
    private static final int POLL_INTERVAL_SECS = 5;
    private static final IApimanLogger LOGGER = ApimanLoggerFactory.getLogger(DefaultEsClientFactory.class);

    @Override // io.apiman.common.es.util.IEsClientFactory
    public RestHighLevelClient createClient(Map<String, String> map, Map<String, EsIndexProperties> map2, String str) {
        ApimanEsClientOptionsParser apimanEsClientOptionsParser = new ApimanEsClientOptionsParser(map, str);
        LOGGER.debug("ES client factory config: {0}", new Object[]{apimanEsClientOptionsParser});
        return createEsClient(apimanEsClientOptionsParser, map2);
    }

    private RestHighLevelClient createEsClient(ApimanEsClientOptionsParser apimanEsClientOptionsParser, Map<String, EsIndexProperties> map) {
        RestHighLevelClient restHighLevelClient;
        RestHighLevelClient restHighLevelClient2;
        String protocol = apimanEsClientOptionsParser.getProtocol();
        String host = apimanEsClientOptionsParser.getHost();
        int port = apimanEsClientOptionsParser.getPort();
        String indexNamePrefix = apimanEsClientOptionsParser.getIndexNamePrefix();
        int timeout = apimanEsClientOptionsParser.getTimeout();
        LOGGER.info("Building an Elasticsearch client for {0}://{1}:{2} for index prefix {3}", new Object[]{protocol, host, Integer.valueOf(port), indexNamePrefix});
        synchronized (clients) {
            String str = "es:" + host + ':' + port + '/' + indexNamePrefix;
            if (clients.containsKey(str)) {
                restHighLevelClient = clients.get(str);
                LOGGER.info("Use cached Elasticsearch client with client key " + str);
            } else {
                RestClientBuilder requestConfigCallback = RestClient.builder(new HttpHost[]{new HttpHost(host, port, protocol)}).setRequestConfigCallback(builder -> {
                    return builder.setConnectTimeout(timeout).setSocketTimeout(timeout);
                });
                HttpAsyncClientBuilder create = HttpAsyncClientBuilder.create();
                apimanEsClientOptionsParser.getUsernameAndPassword().ifPresent(usernameAndPassword -> {
                    BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
                    basicCredentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(usernameAndPassword.getUsername(), usernameAndPassword.getPasswordAsString()));
                    create.setDefaultCredentialsProvider(basicCredentialsProvider);
                });
                if ("https".equalsIgnoreCase(protocol)) {
                    updateSslConfig(create, apimanEsClientOptionsParser);
                }
                requestConfigCallback.setHttpClientConfigCallback(httpAsyncClientBuilder -> {
                    return create;
                });
                restHighLevelClient = new RestHighLevelClient(requestConfigCallback);
                new EsConnectionPoller(restHighLevelClient, 0, POLL_INTERVAL_SECS, Math.toIntExact(apimanEsClientOptionsParser.getPollingTime())).blockUntilReady();
                clients.put(str, restHighLevelClient);
                LOGGER.info("Created new Elasticsearch client for {0}://{1}:{2} for index prefix {3}", new Object[]{protocol, host, Integer.valueOf(port), indexNamePrefix});
            }
            if (apimanEsClientOptionsParser.isInitialize()) {
                initializeIndices(restHighLevelClient, map, indexNamePrefix);
            }
            restHighLevelClient2 = restHighLevelClient;
        }
        return restHighLevelClient2;
    }

    private void updateSslConfig(HttpAsyncClientBuilder httpAsyncClientBuilder, GenericOptionsParser genericOptionsParser) {
        Throwable th;
        try {
            boolean bool = genericOptionsParser.getBool(GenericOptionsParser.keys(new String[]{"client.allowSelfSigned", "client.trust.certificate"}), false);
            boolean bool2 = genericOptionsParser.getBool(GenericOptionsParser.keys(new String[]{"client.allowAnyHost", "client.trust.host"}), false);
            Path requiredPath = genericOptionsParser.getRequiredPath(GenericOptionsParser.keys(new String[]{"client.keystore.path", "client.keystore"}), Predicates.fileExists().and(Predicates.fileSizeGreaterThanZero()), Predicates.fileExistsMsg("key store"));
            String string = genericOptionsParser.getString(GenericOptionsParser.keys(new String[]{"client.keystore.password"}), (String) null, Predicates.anyOk(), "");
            String string2 = genericOptionsParser.getString(GenericOptionsParser.keys(new String[]{"client.keystore.format"}), "jks", Predicates.matchesAny(new String[]{"pkcs12", "jks"}), "format must be jks or pkcs12");
            Path requiredPath2 = genericOptionsParser.getRequiredPath(GenericOptionsParser.keys(new String[]{"client.truststore.path", "client.truststore"}), Predicates.fileExists().and(Predicates.fileSizeGreaterThanZero()), Predicates.fileExistsMsg("trust store"));
            String string3 = genericOptionsParser.getString(GenericOptionsParser.keys(new String[]{"client.truststore.password"}), (String) null, Predicates.anyOk(), "");
            KeyStore keyStore = KeyStore.getInstance(genericOptionsParser.getString(GenericOptionsParser.keys(new String[]{"client.truststore.format"}), "jks", Predicates.matchesAny(new String[]{"pkcs12", "jks"}), "format must be jks or pkcs12"));
            KeyStore keyStore2 = KeyStore.getInstance(string2);
            InputStream newInputStream = Files.newInputStream(requiredPath2, new OpenOption[0]);
            Throwable th2 = null;
            try {
                try {
                    keyStore.load(newInputStream, string3.toCharArray());
                    if (newInputStream != null) {
                        if (0 != 0) {
                            try {
                                newInputStream.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            newInputStream.close();
                        }
                    }
                    newInputStream = Files.newInputStream(requiredPath, new OpenOption[0]);
                    th = null;
                } finally {
                }
                try {
                    try {
                        keyStore2.load(newInputStream, string.toCharArray());
                        if (newInputStream != null) {
                            if (0 != 0) {
                                try {
                                    newInputStream.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                newInputStream.close();
                            }
                        }
                        SSLContextBuilder create = SSLContextBuilder.create();
                        if (bool) {
                            create.loadTrustMaterial(new TrustSelfSignedStrategy());
                        } else {
                            create.loadTrustMaterial(keyStore, (TrustStrategy) null);
                            create.loadKeyMaterial(keyStore2, string.toCharArray());
                        }
                        httpAsyncClientBuilder.setSSLStrategy(new SSLIOSessionStrategy(create.build(), bool2 ? NoopHostnameVerifier.INSTANCE : new DefaultHostnameVerifier()));
                    } finally {
                    }
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
